Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ORIGINAL INVOICE COAU7230734293.exe

Overview

General Information

Sample name:ORIGINAL INVOICE COAU7230734293.exe
Analysis ID:1523776
MD5:f6c2a4c4d05e7b76e17a5a7a191ddeb1
SHA1:0d93776c5acfa7bb9a2ed5bc3ca46e0a525fa6bd
SHA256:ece8d193afdcc6ec2c024e2441f7c0ce25801143573cacf71cf059de9a337275
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • ORIGINAL INVOICE COAU7230734293.exe (PID: 5096 cmdline: "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe" MD5: F6C2A4C4D05E7B76E17A5A7A191DDEB1)
    • ORIGINAL INVOICE COAU7230734293.exe (PID: 6828 cmdline: "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe" MD5: F6C2A4C4D05E7B76E17A5A7A191DDEB1)
      • RAVCpl64.exe (PID: 7608 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • RpcPing.exe (PID: 5808 cmdline: "C:\Windows\SysWOW64\RpcPing.exe" MD5: F7DD5764D96A988F0CF9DD4813751473)
          • explorer.exe (PID: 5072 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2ed03:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x16fd2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000002.00000002.178539531336.00000000011B0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.178539531336.00000000011B0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2b9d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13c9f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000004.00000002.180095014351.0000000003140000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 4 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ed03:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16fd2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2df03:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x161d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: ORIGINAL INVOICE COAU7230734293.exeVirustotal: Detection: 47%Perma Link
            Source: ORIGINAL INVOICE COAU7230734293.exeReversingLabs: Detection: 57%
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.178539531336.00000000011B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.180095014351.0000000003140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.180094934887.00000000030F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: ORIGINAL INVOICE COAU7230734293.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: ORIGINAL INVOICE COAU7230734293.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: QmBB.pdbSHA256H source: ORIGINAL INVOICE COAU7230734293.exe
            Source: Binary string: QmBB.pdb source: ORIGINAL INVOICE COAU7230734293.exe
            Source: Binary string: wntdll.pdbUGP source: ORIGINAL INVOICE COAU7230734293.exe, 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.178545237233.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.178548545707.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdbGCTL source: ORIGINAL INVOICE COAU7230734293.exe, 00000002.00000002.178539692595.0000000001217000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: ORIGINAL INVOICE COAU7230734293.exe, ORIGINAL INVOICE COAU7230734293.exe, 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, RpcPing.exe, 00000004.00000003.178545237233.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.178548545707.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdb source: ORIGINAL INVOICE COAU7230734293.exe, 00000002.00000002.178539692595.0000000001217000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 4x nop then jmp 06E7C994h0_2_06E7D04B
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4x nop then mov ebx, 00000004h4_2_035C04DE
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
            Source: explorer.exe, 00000005.00000002.183150949902.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
            Source: explorer.exe, 00000005.00000002.183150949902.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: explorer.exe, 00000005.00000002.183147375227.0000000009450000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.180018627893.00000000029E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.180024198807.000000000A030000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.foreca.com
            Source: explorer.exe, 00000005.00000000.180022424107.0000000008FBA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183145776732.0000000008FBA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmB
            Source: explorer.exe, 00000005.00000000.180026117504.000000000CBF0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183150949902.000000000CBF0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/(
            Source: explorer.exe, 00000005.00000002.183144984959.0000000008DDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180021816351.0000000008DDA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/P
            Source: explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
            Source: explorer.exe, 00000005.00000002.183150949902.000000000CBAD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBAD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?$
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=30839BE1E99742A69F7CECEEBE3BA9D0&timeOut=5000&oc
            Source: explorer.exe, 00000005.00000002.183150949902.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
            Source: explorer.exe, 00000005.00000003.180692273783.0000000009084000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180022524216.0000000009084000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183145919952.0000000009084000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comL
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/background/v2.0/jpg/
            Source: explorer.exe, 00000005.00000000.180021816351.0000000008DDA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Stock_In
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/crypto/icons/Cryptoc2112Image.png
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/index/svg/light/greenup.svg
            Source: explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/index/svg/light/reddown.svg
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlySunnyDay.png
            Source: explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlySunnyDay.svg
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/hot.svg
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/taskbar_v10/
            Source: explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240908.1/Weather/W02_Most
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12PNdd
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12PNdd-dark
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm-dark
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gD5m
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gD5m-dark
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gFtr
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gFtr-dark
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark
            Source: explorer.exe, 00000005.00000002.183144624425.0000000008D7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW
            Source: explorer.exe, 00000005.00000002.183144624425.0000000008D7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW-dark
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-dark
            Source: explorer.exe, 00000005.00000002.183150949902.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
            Source: explorer.exe, 00000005.00000002.183153717616.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.180691575617.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180028656269.000000000D2A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.comrl
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
            Source: explorer.exe, 00000005.00000002.183144624425.0000000008D7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1g7bhz.img
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1gKAgr.img
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1l47N2.img
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1lLvot.img
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1nsFzx.img
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA36Tom.img
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA6J22N.img
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAywGC0.img
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyxkRJ.img
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.img
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBERG9W.img
            Source: explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/edge/ntp?cm=en-us&ocid=widgetonlockscreenwin10&cvid=22fac781-5ff2-4c5e-9dca-d6b3
            Source: explorer.exe, 00000005.00000002.183150949902.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183153717616.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.180691575617.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180028656269.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
            Source: explorer.exe, 00000005.00000002.183150949902.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.com
            Source: explorer.exe, 00000005.00000000.180028656269.000000000D1F5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183153717616.000000000D1F5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEM
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://stacker.com/lifestyle/truth-behind-5-unconventional-self-care-rituals-have-gone-viral-tiktok
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://stacker.com/stories
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-US&chosenMarketReason=ImplicitNew
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-US&chosenMarketReason=ImplicitNew
            Source: explorer.exe, 00000005.00000002.183153717616.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.180691575617.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180028656269.000000000D2A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comA3
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.delish.com/cooking/best-road-trip-snacks/
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.delish.com/food-news/net-worth-guy-fieri/
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.delish.com/restaurants/g33388878/diners-drive-ins-and-dives-restaurant-rules/
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/autos/other/24-used-sports-cars-that-are-notoriously-reliable-yet-crazy-ch
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/channel/source/AZ%20Animals%20US/sr-vid-7etr9q8xun6k6508c3nufaum0de3dqktiq
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/feed
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/foodanddrink/cookingschool/for-the-best-grilled-clams-avoid-this-fatal-mis
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/foodanddrink/foodnews/happy-national-taco-day-here-are-the-best-deals-for-
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/health/other/the-5-carbs-you-should-be-eating-for-insulin-resistance-accor
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/health/other/vacuum-sealing-certain-foods-could-make-you-sick-here-are-7-t
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/relationships/my-dad-was-gay-but-married-to-my-mom-for-64-years-
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/shopping/iphone-16-first-look-while-we-wait-for-apple-intelligen
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/colorado-legally-requires-businesses-to-accept-cash-
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/tour-of-original-1949-frank-lloyd-wright-home-in-michigan
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/retirement/americans-have-just-weeks-left-until-new-social-security-
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/retirement/middle-aged-americans-are-leaving-work-for-months-years-t
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/it-s-not-taxed-at-all-warren-buffett-shared-the-b
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/rich-young-americans-are-ditching-the-stormy-stoc
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/technology/new-tandem-solar-cells-break-efficiency-record-they-could
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/movies/news/all-37-new-movies-dropping-on-netflix-today/ss-AA1rxnU9
            Source: explorer.exe, 00000005.00000002.183144984959.0000000008DDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180021816351.0000000008DDA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/dick-van-dyke-forever-you
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/dick-van-dyke-forever-young/ar-AA1lDpRD
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/tyreek-hill-s-traffic-stop-shows-interactions-with-police-can-b
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/6-things-to-watch-for-when-kamala-harris-debates-donald-trum
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/jd-vance-spreads-outrageous-lie-about-hai
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/nvidia-hopes-lightning-will-strike-twice-as-it-aims-to-cor
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/spacex-set-to-launch-billionaire-s-private-crew-on-breakth
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-record-breaking-bass-has-been-caught-in-a-texas-lake/ss-AA1qf3tz
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/james-earl-jones-s-talents-went-far-far-beyond-his-magnificent-voi
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/john-amos-patriarch-on-good-times-and-an-emmy-nominee-for-the-bloc
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/sen-tuberville-blocks-promotion-of-lloyd-austin-s-top-military-aid
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/trump-repeats-false-claims-that-children-are-undergoing-transgende
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/gaza-authorities-say-deadly-blasts-hit-humanitarian-zone/ar-AA1
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/nba/don-t-know-what-to-say-phil-jackson-on-pau-gasol-and-matt-barne
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/nba/johnny-gaudreau-s-wife-reveals-in-eulogy-she-s-pregnant-expecti
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/nba/the-really-challenging-ones-were-heavy-and-mechanical-hakeem-ol
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/can-t-miss-play-vintage-rodgers-jets-qb-gashes-49ers-for-36-y
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/global-entry-vs-tsa-precheck-which-prescreen-will-get-you-thro
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/scientists-finally-solve-mystery-behind-bermuda-triangle-disap
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/news/reacher-spinoff-the-untitled-neagley-project-starring-maria-sten-s
            Source: explorer.exe, 00000005.00000002.183144624425.0000000008D7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/news/the-bold-the-beautiful-young-and-the-restless-more-get-premiere-da
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/forecast/in-Miami%2CFlorida?loc=eyJsIjoiTWlhbWkiLCJyIjoiRmxvcmlkYS
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/hourlyforecast/in-Miami%2CFlorida?loc=eyJsIjoiTWlhbWkiLCJyIjoiRmxv
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/tropical-storm-francine-spaghetti-models-show-3-states-
            Source: explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.pollensense.com/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.178539531336.00000000011B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.180095014351.0000000003140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.180094934887.00000000030F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.178539531336.00000000011B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.180095014351.0000000003140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.180094934887.00000000030F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: ORIGINAL INVOICE COAU7230734293.exe
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0042BFF3 NtClose,2_2_0042BFF3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D34E0 NtCreateMutant,LdrInitializeThunk,2_2_016D34E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2BC0 NtQueryInformationToken,LdrInitializeThunk,2_2_016D2BC0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_016D2B90
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2A80 NtClose,LdrInitializeThunk,2_2_016D2A80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_016D2D10
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2EB0 NtProtectVirtualMemory,LdrInitializeThunk,2_2_016D2EB0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D4260 NtSetContextThread,2_2_016D4260
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D4570 NtSuspendThread,2_2_016D4570
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D29F0 NtReadFile,2_2_016D29F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D29D0 NtWaitForSingleObject,2_2_016D29D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D38D0 NtGetContextThread,2_2_016D38D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2B20 NtQueryInformationProcess,2_2_016D2B20
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2B00 NtQueryValueKey,2_2_016D2B00
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2B10 NtAllocateVirtualMemory,2_2_016D2B10
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2BE0 NtQueryVirtualMemory,2_2_016D2BE0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2B80 NtCreateKey,2_2_016D2B80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2A10 NtWriteFile,2_2_016D2A10
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2AC0 NtEnumerateValueKey,2_2_016D2AC0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2AA0 NtQueryInformationFile,2_2_016D2AA0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2D50 NtWriteVirtualMemory,2_2_016D2D50
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2DC0 NtAdjustPrivilegesToken,2_2_016D2DC0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2DA0 NtReadVirtualMemory,2_2_016D2DA0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2C50 NtUnmapViewOfSection,2_2_016D2C50
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2C20 NtSetInformationFile,2_2_016D2C20
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2C30 NtMapViewOfSection,2_2_016D2C30
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D3C30 NtOpenProcessToken,2_2_016D3C30
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2C10 NtOpenProcess,2_2_016D2C10
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2CF0 NtDelayExecution,2_2_016D2CF0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2CD0 NtEnumerateKey,2_2_016D2CD0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D3C90 NtOpenThread,2_2_016D3C90
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2F30 NtOpenDirectoryObject,2_2_016D2F30
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2F00 NtCreateFile,2_2_016D2F00
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2FB0 NtSetValueKey,2_2_016D2FB0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2E50 NtCreateSection,2_2_016D2E50
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2E00 NtQueueApcThread,2_2_016D2E00
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2EC0 NtQuerySection,2_2_016D2EC0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2ED0 NtResumeThread,2_2_016D2ED0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2E80 NtCreateProcessEx,2_2_016D2E80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E34E0 NtCreateMutant,LdrInitializeThunk,4_2_032E34E0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2B00 NtQueryValueKey,LdrInitializeThunk,4_2_032E2B00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2B10 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_032E2B10
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2B80 NtCreateKey,LdrInitializeThunk,4_2_032E2B80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_032E2B90
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_032E2BC0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2A80 NtClose,LdrInitializeThunk,4_2_032E2A80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E29F0 NtReadFile,LdrInitializeThunk,4_2_032E29F0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2F00 NtCreateFile,LdrInitializeThunk,4_2_032E2F00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2E50 NtCreateSection,LdrInitializeThunk,4_2_032E2E50
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_032E2D10
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2C30 NtMapViewOfSection,LdrInitializeThunk,4_2_032E2C30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2CF0 NtDelayExecution,LdrInitializeThunk,4_2_032E2CF0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E4260 NtSetContextThread,4_2_032E4260
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E4570 NtSuspendThread,4_2_032E4570
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2B20 NtQueryInformationProcess,4_2_032E2B20
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2BE0 NtQueryVirtualMemory,4_2_032E2BE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2A10 NtWriteFile,4_2_032E2A10
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2AA0 NtQueryInformationFile,4_2_032E2AA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2AC0 NtEnumerateValueKey,4_2_032E2AC0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E29D0 NtWaitForSingleObject,4_2_032E29D0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E38D0 NtGetContextThread,4_2_032E38D0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2F30 NtOpenDirectoryObject,4_2_032E2F30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2FB0 NtSetValueKey,4_2_032E2FB0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2E00 NtQueueApcThread,4_2_032E2E00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2EB0 NtProtectVirtualMemory,4_2_032E2EB0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2E80 NtCreateProcessEx,4_2_032E2E80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2EC0 NtQuerySection,4_2_032E2EC0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2ED0 NtResumeThread,4_2_032E2ED0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2D50 NtWriteVirtualMemory,4_2_032E2D50
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2DA0 NtReadVirtualMemory,4_2_032E2DA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2DC0 NtAdjustPrivilegesToken,4_2_032E2DC0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2C20 NtSetInformationFile,4_2_032E2C20
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E3C30 NtOpenProcessToken,4_2_032E3C30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2C10 NtOpenProcess,4_2_032E2C10
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2C50 NtUnmapViewOfSection,4_2_032E2C50
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E3C90 NtOpenThread,4_2_032E3C90
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E2CD0 NtEnumerateKey,4_2_032E2CD0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035CF018 NtQueryInformationProcess,4_2_035CF018
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035D3908 NtSuspendThread,4_2_035D3908
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035D49D5 NtUnmapViewOfSection,4_2_035D49D5
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035D3F28 NtQueueApcThread,4_2_035D3F28
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035D460C NtMapViewOfSection,4_2_035D460C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035D35F8 NtSetContextThread,4_2_035D35F8
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035D3C18 NtResumeThread,4_2_035D3C18
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_02AEE1F40_2_02AEE1F4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_052C01C80_2_052C01C8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_052C01D80_2_052C01D8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E70D200_2_06E70D20
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E71AA80_2_06E71AA8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E758990_2_06E75899
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E7C8750_2_06E7C875
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E706130_2_06E70613
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E7A5C80_2_06E7A5C8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E7A5B80_2_06E7A5B8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E715680_2_06E71568
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E705680_2_06E70568
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E705590_2_06E70559
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E785580_2_06E78558
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E715580_2_06E71558
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E7C8750_2_06E7C875
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E700400_2_06E70040
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E700060_2_06E70006
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E78DC80_2_06E78DC8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E70D100_2_06E70D10
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E71A980_2_06E71A98
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E7AA000_2_06E7AA00
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E789900_2_06E78990
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_004181632_2_00418163
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_004030C02_2_004030C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0040FA7A2_2_0040FA7A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0040FA832_2_0040FA83
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_004163402_2_00416340
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_004163432_2_00416343
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_004024E02_2_004024E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0040FCA32_2_0040FCA3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0040DD202_2_0040DD20
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0040DD232_2_0040DD23
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0042E5F32_2_0042E5F3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0040DE692_2_0040DE69
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016E717A2_2_016E717A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173D1302_2_0173D130
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0176010E2_2_0176010E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F1132_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BB1E02_2_016BB1E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A51C02_2_016A51C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174E0762_2_0174E076
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017570F12_2_017570F1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AB0D02_2_016AB0D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016900A02_2_016900A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D508C2_2_016D508C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175F3302_2_0175F330
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AE3102_2_016AE310
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016913802_2_01691380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175124C2_2_0175124C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168D2EC2_2_0168D2EC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0176A5262_2_0176A526
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017575C62_2_017575C6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175F5C92_2_0175F5C9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A04452_2_016A0445
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A27602_2_016A2760
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AA7602_2_016AA760
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017567572_2_01756757
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C46702_2_016C4670
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174D6462_2_0174D646
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173D62C2_2_0173D62C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BC6002_2_016BC600
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175F6F62_2_0175F6F6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169C6E02_2_0169C6E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017136EC2_2_017136EC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175A6C02_2_0175A6C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A06802_2_016A0680
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016E59C02_2_016E59C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169E9A02_2_0169E9A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175E9A62_2_0175E9A6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016868682_2_01686868
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175F8722_2_0175F872
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A98702_2_016A9870
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BB8702_2_016BB870
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017408352_2_01740835
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A38002_2_016A3800
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE8102_2_016CE810
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017578F32_2_017578F3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A28C02_2_016A28C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017518DA2_2_017518DA
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017198B22_2_017198B2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B68822_2_016B6882
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175FB2E2_2_0175FB2E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016DDB192_2_016DDB19
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A0B102_2_016A0B10
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01714BC02_2_01714BC0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175EA5B2_2_0175EA5B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175CA132_2_0175CA13
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BFAA02_2_016BFAA0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175FA892_2_0175FA89
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A0D692_2_016A0D69
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01757D4C2_2_01757D4C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175FD272_2_0175FD27
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169AD002_2_0169AD00
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173FDF42_2_0173FDF4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A9DD02_2_016A9DD0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B2DB02_2_016B2DB0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A3C602_2_016A3C60
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175EC602_2_0175EC60
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01756C692_2_01756C69
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174EC4C2_2_0174EC4C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01690C122_2_01690C12
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BFCE02_2_016BFCE0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0176ACEB2_2_0176ACEB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B8CDF2_2_016B8CDF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01739C982_2_01739C98
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175FF632_2_0175FF63
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016ACF002_2_016ACF00
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A6FE02_2_016A6FE0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01751FC62_2_01751FC6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175EFBF2_2_0175EFBF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01740E6D2_2_01740E6D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016E2E482_2_016E2E48
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C0E502_2_016C0E50
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01692EE82_2_01692EE8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01759ED22_2_01759ED2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A1EB22_2_016A1EB2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01750EAD2_2_01750EAD
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336F3304_2_0336F330
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032BE3104_2_032BE310
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032A13804_2_032A1380
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336124C4_2_0336124C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0329D2EC4_2_0329D2EC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0334D1304_2_0334D130
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0337010E4_2_0337010E
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0329F1134_2_0329F113
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032F717A4_2_032F717A
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032CB1E04_2_032CB1E0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B51C04_2_032B51C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0335E0764_2_0335E076
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032A00A04_2_032A00A0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032E508C4_2_032E508C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_033670F14_2_033670F1
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032BB0D04_2_032BB0D0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B27604_2_032B2760
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032BA7604_2_032BA760
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_033667574_2_03366757
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0334D62C4_2_0334D62C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032CC6004_2_032CC600
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032D46704_2_032D4670
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0335D6464_2_0335D646
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B06804_2_032B0680
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336F6F64_2_0336F6F6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032AC6E04_2_032AC6E0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_033236EC4_2_033236EC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336A6C04_2_0336A6C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0337A5264_2_0337A526
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_033675C64_2_033675C6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336F5C94_2_0336F5C9
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B04454_2_032B0445
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0331D4804_2_0331D480
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336FB2E4_2_0336FB2E
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032EDB194_2_032EDB19
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B0B104_2_032B0B10
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_03324BC04_2_03324BC0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336CA134_2_0336CA13
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336EA5B4_2_0336EA5B
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032CFAA04_2_032CFAA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336FA894_2_0336FA89
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032AE9A04_2_032AE9A0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336E9A64_2_0336E9A6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032F59C04_2_032F59C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_033508354_2_03350835
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B38004_2_032B3800
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032DE8104_2_032DE810
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032968684_2_03296868
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_033258704_2_03325870
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336F8724_2_0336F872
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B98704_2_032B9870
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032CB8704_2_032CB870
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_033298B24_2_033298B2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032C68824_2_032C6882
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_033678F34_2_033678F3
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B28C04_2_032B28C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_033618DA4_2_033618DA
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032BCF004_2_032BCF00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336FF634_2_0336FF63
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336EFBF4_2_0336EFBF
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B6FE04_2_032B6FE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_03361FC64_2_03361FC6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_03350E6D4_2_03350E6D
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032F2E484_2_032F2E48
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032D0E504_2_032D0E50
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B1EB24_2_032B1EB2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_03360EAD4_2_03360EAD
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032A2EE84_2_032A2EE8
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_03369ED24_2_03369ED2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336FD274_2_0336FD27
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032AAD004_2_032AAD00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B0D694_2_032B0D69
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_03367D4C4_2_03367D4C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032C2DB04_2_032C2DB0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0334FDF44_2_0334FDF4
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B9DD04_2_032B9DD0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032A0C124_2_032A0C12
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032B3C604_2_032B3C60
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0336EC604_2_0336EC60
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_03366C694_2_03366C69
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0335EC4C4_2_0335EC4C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_03349C984_2_03349C98
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032CFCE04_2_032CFCE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_03337CE84_2_03337CE8
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_0337ACEB4_2_0337ACEB
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_032C8CDF4_2_032C8CDF
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035CF0184_2_035CF018
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035C038E4_2_035C038E
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035CCAE84_2_035CCAE8
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035CCA8A4_2_035CCA8A
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035CD8584_2_035CD858
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035CE7EC4_2_035CE7EC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035D552D4_2_035D552D
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035CE4564_2_035CE456
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035D54BD4_2_035D54BD
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 0329B910 appears 268 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 032F7BE4 appears 96 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 032E5050 appears 36 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 0332EF10 appears 105 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 0331E692 appears 82 times
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: String function: 016E7BE4 appears 88 times
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: String function: 0168B910 appears 266 times
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: String function: 0171EF10 appears 105 times
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: String function: 016D5050 appears 36 times
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: String function: 0170E692 appears 79 times
            Source: ORIGINAL INVOICE COAU7230734293.exe, 00000000.00000000.178053213809.000000000079E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameQmBB.exe@ vs ORIGINAL INVOICE COAU7230734293.exe
            Source: ORIGINAL INVOICE COAU7230734293.exe, 00000000.00000002.178186045219.00000000071F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs ORIGINAL INVOICE COAU7230734293.exe
            Source: ORIGINAL INVOICE COAU7230734293.exe, 00000000.00000002.178179990818.0000000000D6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ORIGINAL INVOICE COAU7230734293.exe
            Source: ORIGINAL INVOICE COAU7230734293.exe, 00000002.00000002.178540116469.000000000178D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ORIGINAL INVOICE COAU7230734293.exe
            Source: ORIGINAL INVOICE COAU7230734293.exe, 00000002.00000002.178539692595.0000000001217000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs ORIGINAL INVOICE COAU7230734293.exe
            Source: ORIGINAL INVOICE COAU7230734293.exeBinary or memory string: OriginalFilenameQmBB.exe@ vs ORIGINAL INVOICE COAU7230734293.exe
            Source: ORIGINAL INVOICE COAU7230734293.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.178539531336.00000000011B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.180095014351.0000000003140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.180094934887.00000000030F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: ORIGINAL INVOICE COAU7230734293.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, blowsbhRT5ImjFslmA.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, ogP5rAPiEpGPhloLbo.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, ogP5rAPiEpGPhloLbo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, ogP5rAPiEpGPhloLbo.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, ogP5rAPiEpGPhloLbo.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, ogP5rAPiEpGPhloLbo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, ogP5rAPiEpGPhloLbo.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, blowsbhRT5ImjFslmA.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, ogP5rAPiEpGPhloLbo.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, ogP5rAPiEpGPhloLbo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, ogP5rAPiEpGPhloLbo.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, blowsbhRT5ImjFslmA.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.evad.winEXE@5/1@0/0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORIGINAL INVOICE COAU7230734293.exe.logJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMutant created: NULL
            Source: ORIGINAL INVOICE COAU7230734293.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: ORIGINAL INVOICE COAU7230734293.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: ORIGINAL INVOICE COAU7230734293.exeVirustotal: Detection: 47%
            Source: ORIGINAL INVOICE COAU7230734293.exeReversingLabs: Detection: 57%
            Source: unknownProcess created: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe"
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess created: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe"
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess created: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe"Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"Jump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: credui.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: fhcfg.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: efsutil.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: dsrole.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: windows.internal.system.userprofile.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: cloudexperiencehostbroker.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: ORIGINAL INVOICE COAU7230734293.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: ORIGINAL INVOICE COAU7230734293.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: ORIGINAL INVOICE COAU7230734293.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: QmBB.pdbSHA256H source: ORIGINAL INVOICE COAU7230734293.exe
            Source: Binary string: QmBB.pdb source: ORIGINAL INVOICE COAU7230734293.exe
            Source: Binary string: wntdll.pdbUGP source: ORIGINAL INVOICE COAU7230734293.exe, 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.178545237233.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.178548545707.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdbGCTL source: ORIGINAL INVOICE COAU7230734293.exe, 00000002.00000002.178539692595.0000000001217000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: ORIGINAL INVOICE COAU7230734293.exe, ORIGINAL INVOICE COAU7230734293.exe, 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, RpcPing.exe, 00000004.00000003.178545237233.0000000002F1B000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.178548545707.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdb source: ORIGINAL INVOICE COAU7230734293.exe, 00000002.00000002.178539692595.0000000001217000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, ogP5rAPiEpGPhloLbo.cs.Net Code: vTQC5VobJS System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.3d41ea0.3.raw.unpack, MainForm.cs.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.7820000.5.raw.unpack, MainForm.cs.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, ogP5rAPiEpGPhloLbo.cs.Net Code: vTQC5VobJS System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, ogP5rAPiEpGPhloLbo.cs.Net Code: vTQC5VobJS System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.3d29c80.1.raw.unpack, MainForm.cs.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
            Source: ORIGINAL INVOICE COAU7230734293.exeStatic PE information: 0xE3D84D29 [Sun Feb 18 02:19:21 2091 UTC]
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 0_2_06E7EBC2 push esp; iretd 0_2_06E7EBC5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0040D0CA push edi; ret 2_2_0040D0CC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_00416166 pushfd ; iretd 2_2_004161E5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_00417984 push esp; iretd 2_2_0041798A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_00413B46 push eax; iretd 2_2_00413B71
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_00413B62 push eax; iretd 2_2_00413B71
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_00408307 push ds; iretd 2_2_00408309
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_00403330 push eax; ret 2_2_00403332
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_00415C40 push ebx; ret 2_2_00415C6A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_00415C43 push ebx; ret 2_2_00415C6A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_00404D23 push esi; retf 2_2_00404D24
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_00417FD0 push esp; ret 2_2_00417FD1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_004187E8 push ebx; ret 2_2_004187E9
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035D0B3B push 43BCF294h; retf 4_2_035D0B63
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035CD3C1 push ebx; retf 4_2_035CD3C2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035CD2D5 push cs; iretd 4_2_035CD301
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035C5173 pushad ; iretd 4_2_035C5174
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035D51D2 push eax; ret 4_2_035D51D4
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035CB858 push ds; retf 4_2_035CB859
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035C5F4E push esi; iretd 4_2_035C5F56
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035C47AF push ebx; iretd 4_2_035C47DB
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035C462F pushfd ; ret 4_2_035C4644
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035C5ECC push cs; iretd 4_2_035C5ED4
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4_2_035C1C73 push eax; iretd 4_2_035C1C74
            Source: ORIGINAL INVOICE COAU7230734293.exeStatic PE information: section name: .text entropy: 7.704474646443921
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, EnU8sfvnNd79P1XCuf.csHigh entropy of concatenated method names: 'SCZi8P0kTQ', 'noRiM4OHWJ', 'yJMiZr2kmc', 'QSOiy5Hh7c', 'aFsirU872b', 'skyilSX0Oq', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, dErwtbOIhEFqxGQZhN.csHigh entropy of concatenated method names: 'A347hsA3rE', 'X6a7gVM7tq', 'YoA78yLQyU', 'BXc7Mo7t7O', 'QKn7ydgNsT', 'GYb7lKvNAw', 'NVs7FlXh2D', 'LJE7kJgUr2', 'p1D7xplBd7', 'wt77T49DkY'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, ogP5rAPiEpGPhloLbo.csHigh entropy of concatenated method names: 'cK8fm3Skow', 'hb0f6CdRJl', 'naNfYabMvK', 'WNdfLcLXYa', 'WLvfsQVTIe', 'rTefaOA4SG', 'fZJfbDDgG2', 'XMGfPMjwMv', 'S69fDDN2v6', 'KGDfoM1O5O'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, yrkxLgKYAZoa4ATwX6.csHigh entropy of concatenated method names: 'Qm1523Gaj', 'JYvAXMPAr', 'snVSEDGfZ', 'uYrIQTBNd', 'AbsgWtdfB', 'KdEe1f5Rj', 'RQcbGPiyXOuydtNSAj', 'CYnDgxmceVowbfMm0B', 'fudiPaYS0', 'ltwdGeBkv'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, uEeXtO4XNIBXYK2Tdev.csHigh entropy of concatenated method names: 'sbQ3jwwiXF', 'pC93cXvtga', 'fv235yYWKg', 'Kna3AESuxw', 'KMY3NVfa6o', 'pw03SB8OT7', 'VTk3IhHgbK', 'kxw3hdlD7R', 'WcI3gFMTG9', 'p5q3eTiMjc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, DY27sNeyg9vpC1Hsyn.csHigh entropy of concatenated method names: 'APqsN6otQ6', 'd4VsIvkRZf', 'Fy0LZenhhZ', 'PigLyDrH1J', 'SCdLlQdY1Z', 'YQELEtBobk', 'cF1LF4C1g1', 'CnvLkEVUfJ', 'eigLVZe3NP', 'NoiLxwuiCW'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, AVanS4HBACcXACtDee.csHigh entropy of concatenated method names: 'rdQ34nVBlm', 'cTT3fNfaob', 'w2b3CeAe6D', 'UIv36BxfCD', 'Pj23YLchXr', 'Jry3sH6Ilu', 'Uf33aJurVB', 'EEWiQ9n9VE', 'pK5iBtTdBY', 'u4sivgT7HF'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, oPNdg4YLFfdoTTjD1o.csHigh entropy of concatenated method names: 'Dispose', 'GOh4vmyuAn', 'LckKMsrEB9', 'QZmnnJ44qW', 'sTb4HalxX7', 'Ywl4zS4vhI', 'ProcessDialogKey', 'EVgKXnU8sf', 'PNdK479P1X', 'dufKKNVanS'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, AyBX1DUcYNqriZ0gmj.csHigh entropy of concatenated method names: 'TN2woJhELU', 'PbCwqHwkW2', 'ToString', 'NXxw6t2Kg3', 'VAkwYp5psx', 'mCVwLSBZGG', 'kcQwsyIdHF', 'wwxwahcEds', 'ES1wbeAJbY', 'J9wwP181E3'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, ywUuoN44toNNkd5Kl6f.csHigh entropy of concatenated method names: 'ToString', 'q2edf84rxC', 'zP3dC8CgOp', 'AmgdmX4hQ5', 'lxqd6NAYJ3', 'Ts0dYZyuSM', 'Cf3dL4BGsH', 'ha0dsApkUt', 'RQAhQ3gmeGkJVnAbAj6', 'MxcN7MgWuJqEB8Hca6c'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, jPc8BJrc4FJrw1nAjc.csHigh entropy of concatenated method names: 'flD9xK4U0O', 'R1Z9nhfXiU', 'eYJ9rbGihm', 'XUe9WsKLb6', 'm9O9MIr4KU', 'O8Z9Z0llpu', 'o2o9yGIeuX', 'l859lZkKjR', 'mLm9EGtIfT', 'KNh9FlZ3Ig'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, blowsbhRT5ImjFslmA.csHigh entropy of concatenated method names: 'J4FYrpMQWs', 'zsjYWF0ELM', 'mVsY1XbjjS', 'ePNYUU1Mau', 'e5gYtdIUKD', 'zpvYpKNY92', 'mJiYQCWuBr', 'mL0YB4juus', 'nxTYvtaFG0', 'G0mYHlo7gc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, ObalxXB7HwlS4vhIgV.csHigh entropy of concatenated method names: 'Mgti6JojCh', 'NTDiYrZXhu', 'xP6iL9KV3U', 'TvpisGTUcg', 'teSiavSvUO', 'owjibGDomk', 'uhZiPjCb8y', 'XOwiDIob9I', 'sTQioVAAhT', 'mVyiqFIft4'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, YiP9PcVaeG93TFN1IG.csHigh entropy of concatenated method names: 'oTVbjMg7kB', 'qfobcH53Hf', 'GcTb5Tdw7t', 'u0nbAijMBB', 'quKbNlvmkm', 'bIEbSSYnFc', 'B72bI3bRl2', 'sZhbhUndtN', 'WGwbgE6aEM', 'vqqbeUcP14'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, bJt9RoCliq8g9gi4p3.csHigh entropy of concatenated method names: 'd944blowsb', 'wT54PImjFs', 'tBm4o7XDAG', 'ltB4q1hY27', 'SHs49ynkqR', 'yCA4JmihMg', 'cIoTDuK1MQaG5QVsWf', 'XPZlSyn9YkSbyC747s', 'EvT44aXYCG', 'fxj4fXfYyb'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, cRres3FcRBOksLVL86.csHigh entropy of concatenated method names: 'pGXb6bJqWn', 'PgCbLy4UUM', 'RBMba6M9VS', 'bpqaHSMvQU', 'uJYazdsQ3h', 'cNGbXHO8HZ', 'Qqnb4U8nY3', 'xTwbK3MdIC', 'juAbfG5klu', 'FIybCFm8Ys'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, TqMivSL7iPXNkQJhTi.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'RgrKvebWlJ', 'm6nKHAtHW9', 'a9TKzaeZya', 'QFwfXZytql', 'lebf4QGWjs', 'ufofK1Fhtg', 'IAIffiEJwc', 'yxfXX7UR6S041Vlf5Cg'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, nwYo7b4fqoaIyCCKAJW.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gBMdroKXG2', 'HModWKBFT0', 'V5Ed1oL7Oj', 'b8idUibEPy', 'lp9dt1fw8K', 'oePdp58fpn', 'x1GdQjyRJJ'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, IGirpG1rKZUaYUMgKV.csHigh entropy of concatenated method names: 'ToString', 'O07JTJ3MVw', 'SyPJMGcXN3', 'WTVJZvCk3L', 'UQeJy7PTOB', 'tS3JledhnR', 'zwGJEsufmn', 'rJ0JFnJUHM', 'mEcJkJDQpn', 'v60JVHoIM5'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, MqRjCA8mihMgPt3QRs.csHigh entropy of concatenated method names: 'CGRamqMvIZ', 'kYZaY5VHoN', 'sH3asiPFIo', 'eQSabodWKq', 'THhaPMSlsU', 'gNZstQj4Tu', 'rGyspbFFAu', 'ibssQT6TVR', 'JdhsBGDqKx', 'XB0svvD4ad'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, MZ930sz4QtWqvlUF7w.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xTu372wWwb', 'Ilr39swOvk', 'g7x3JwrtJc', 'UrB3wiKGQf', 'Rde3i9aDmX', 'XWW33xE82r', 'PiD3df33Xh'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, M9ym5dgBm7XDAGotB1.csHigh entropy of concatenated method names: 'niILAYTxYh', 'x0TLSc5Mhv', 'mnTLh6u0cj', 'TaKLgAL2vA', 'cu5L9Ex3wI', 'cxDLJWT0Ze', 'xydLwfUrpL', 'Jv0LijIFDq', 'RK6L33ndhL', 'LplLdZNb1x'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.4817070.2.raw.unpack, UnGqAipGRiiehMnM4m.csHigh entropy of concatenated method names: 'FgywBGWQyy', 'xr0wHDPfJK', 'GfMiXsYcog', 'I5Oi4PqdND', 'EFywT4rxYv', 'N14wnLFbgy', 'SurwOMkMZo', 'mKUwrJ4SuG', 'gp3wWIhdm2', 'JR4w11atG1'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, EnU8sfvnNd79P1XCuf.csHigh entropy of concatenated method names: 'SCZi8P0kTQ', 'noRiM4OHWJ', 'yJMiZr2kmc', 'QSOiy5Hh7c', 'aFsirU872b', 'skyilSX0Oq', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, dErwtbOIhEFqxGQZhN.csHigh entropy of concatenated method names: 'A347hsA3rE', 'X6a7gVM7tq', 'YoA78yLQyU', 'BXc7Mo7t7O', 'QKn7ydgNsT', 'GYb7lKvNAw', 'NVs7FlXh2D', 'LJE7kJgUr2', 'p1D7xplBd7', 'wt77T49DkY'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, ogP5rAPiEpGPhloLbo.csHigh entropy of concatenated method names: 'cK8fm3Skow', 'hb0f6CdRJl', 'naNfYabMvK', 'WNdfLcLXYa', 'WLvfsQVTIe', 'rTefaOA4SG', 'fZJfbDDgG2', 'XMGfPMjwMv', 'S69fDDN2v6', 'KGDfoM1O5O'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, yrkxLgKYAZoa4ATwX6.csHigh entropy of concatenated method names: 'Qm1523Gaj', 'JYvAXMPAr', 'snVSEDGfZ', 'uYrIQTBNd', 'AbsgWtdfB', 'KdEe1f5Rj', 'RQcbGPiyXOuydtNSAj', 'CYnDgxmceVowbfMm0B', 'fudiPaYS0', 'ltwdGeBkv'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, uEeXtO4XNIBXYK2Tdev.csHigh entropy of concatenated method names: 'sbQ3jwwiXF', 'pC93cXvtga', 'fv235yYWKg', 'Kna3AESuxw', 'KMY3NVfa6o', 'pw03SB8OT7', 'VTk3IhHgbK', 'kxw3hdlD7R', 'WcI3gFMTG9', 'p5q3eTiMjc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, DY27sNeyg9vpC1Hsyn.csHigh entropy of concatenated method names: 'APqsN6otQ6', 'd4VsIvkRZf', 'Fy0LZenhhZ', 'PigLyDrH1J', 'SCdLlQdY1Z', 'YQELEtBobk', 'cF1LF4C1g1', 'CnvLkEVUfJ', 'eigLVZe3NP', 'NoiLxwuiCW'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, AVanS4HBACcXACtDee.csHigh entropy of concatenated method names: 'rdQ34nVBlm', 'cTT3fNfaob', 'w2b3CeAe6D', 'UIv36BxfCD', 'Pj23YLchXr', 'Jry3sH6Ilu', 'Uf33aJurVB', 'EEWiQ9n9VE', 'pK5iBtTdBY', 'u4sivgT7HF'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, oPNdg4YLFfdoTTjD1o.csHigh entropy of concatenated method names: 'Dispose', 'GOh4vmyuAn', 'LckKMsrEB9', 'QZmnnJ44qW', 'sTb4HalxX7', 'Ywl4zS4vhI', 'ProcessDialogKey', 'EVgKXnU8sf', 'PNdK479P1X', 'dufKKNVanS'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, AyBX1DUcYNqriZ0gmj.csHigh entropy of concatenated method names: 'TN2woJhELU', 'PbCwqHwkW2', 'ToString', 'NXxw6t2Kg3', 'VAkwYp5psx', 'mCVwLSBZGG', 'kcQwsyIdHF', 'wwxwahcEds', 'ES1wbeAJbY', 'J9wwP181E3'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, ywUuoN44toNNkd5Kl6f.csHigh entropy of concatenated method names: 'ToString', 'q2edf84rxC', 'zP3dC8CgOp', 'AmgdmX4hQ5', 'lxqd6NAYJ3', 'Ts0dYZyuSM', 'Cf3dL4BGsH', 'ha0dsApkUt', 'RQAhQ3gmeGkJVnAbAj6', 'MxcN7MgWuJqEB8Hca6c'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, jPc8BJrc4FJrw1nAjc.csHigh entropy of concatenated method names: 'flD9xK4U0O', 'R1Z9nhfXiU', 'eYJ9rbGihm', 'XUe9WsKLb6', 'm9O9MIr4KU', 'O8Z9Z0llpu', 'o2o9yGIeuX', 'l859lZkKjR', 'mLm9EGtIfT', 'KNh9FlZ3Ig'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, blowsbhRT5ImjFslmA.csHigh entropy of concatenated method names: 'J4FYrpMQWs', 'zsjYWF0ELM', 'mVsY1XbjjS', 'ePNYUU1Mau', 'e5gYtdIUKD', 'zpvYpKNY92', 'mJiYQCWuBr', 'mL0YB4juus', 'nxTYvtaFG0', 'G0mYHlo7gc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, ObalxXB7HwlS4vhIgV.csHigh entropy of concatenated method names: 'Mgti6JojCh', 'NTDiYrZXhu', 'xP6iL9KV3U', 'TvpisGTUcg', 'teSiavSvUO', 'owjibGDomk', 'uhZiPjCb8y', 'XOwiDIob9I', 'sTQioVAAhT', 'mVyiqFIft4'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, YiP9PcVaeG93TFN1IG.csHigh entropy of concatenated method names: 'oTVbjMg7kB', 'qfobcH53Hf', 'GcTb5Tdw7t', 'u0nbAijMBB', 'quKbNlvmkm', 'bIEbSSYnFc', 'B72bI3bRl2', 'sZhbhUndtN', 'WGwbgE6aEM', 'vqqbeUcP14'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, bJt9RoCliq8g9gi4p3.csHigh entropy of concatenated method names: 'd944blowsb', 'wT54PImjFs', 'tBm4o7XDAG', 'ltB4q1hY27', 'SHs49ynkqR', 'yCA4JmihMg', 'cIoTDuK1MQaG5QVsWf', 'XPZlSyn9YkSbyC747s', 'EvT44aXYCG', 'fxj4fXfYyb'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, cRres3FcRBOksLVL86.csHigh entropy of concatenated method names: 'pGXb6bJqWn', 'PgCbLy4UUM', 'RBMba6M9VS', 'bpqaHSMvQU', 'uJYazdsQ3h', 'cNGbXHO8HZ', 'Qqnb4U8nY3', 'xTwbK3MdIC', 'juAbfG5klu', 'FIybCFm8Ys'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, TqMivSL7iPXNkQJhTi.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'RgrKvebWlJ', 'm6nKHAtHW9', 'a9TKzaeZya', 'QFwfXZytql', 'lebf4QGWjs', 'ufofK1Fhtg', 'IAIffiEJwc', 'yxfXX7UR6S041Vlf5Cg'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, nwYo7b4fqoaIyCCKAJW.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gBMdroKXG2', 'HModWKBFT0', 'V5Ed1oL7Oj', 'b8idUibEPy', 'lp9dt1fw8K', 'oePdp58fpn', 'x1GdQjyRJJ'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, IGirpG1rKZUaYUMgKV.csHigh entropy of concatenated method names: 'ToString', 'O07JTJ3MVw', 'SyPJMGcXN3', 'WTVJZvCk3L', 'UQeJy7PTOB', 'tS3JledhnR', 'zwGJEsufmn', 'rJ0JFnJUHM', 'mEcJkJDQpn', 'v60JVHoIM5'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, MqRjCA8mihMgPt3QRs.csHigh entropy of concatenated method names: 'CGRamqMvIZ', 'kYZaY5VHoN', 'sH3asiPFIo', 'eQSabodWKq', 'THhaPMSlsU', 'gNZstQj4Tu', 'rGyspbFFAu', 'ibssQT6TVR', 'JdhsBGDqKx', 'XB0svvD4ad'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, MZ930sz4QtWqvlUF7w.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xTu372wWwb', 'Ilr39swOvk', 'g7x3JwrtJc', 'UrB3wiKGQf', 'Rde3i9aDmX', 'XWW33xE82r', 'PiD3df33Xh'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, M9ym5dgBm7XDAGotB1.csHigh entropy of concatenated method names: 'niILAYTxYh', 'x0TLSc5Mhv', 'mnTLh6u0cj', 'TaKLgAL2vA', 'cu5L9Ex3wI', 'cxDLJWT0Ze', 'xydLwfUrpL', 'Jv0LijIFDq', 'RK6L33ndhL', 'LplLdZNb1x'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.478f650.0.raw.unpack, UnGqAipGRiiehMnM4m.csHigh entropy of concatenated method names: 'FgywBGWQyy', 'xr0wHDPfJK', 'GfMiXsYcog', 'I5Oi4PqdND', 'EFywT4rxYv', 'N14wnLFbgy', 'SurwOMkMZo', 'mKUwrJ4SuG', 'gp3wWIhdm2', 'JR4w11atG1'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, EnU8sfvnNd79P1XCuf.csHigh entropy of concatenated method names: 'SCZi8P0kTQ', 'noRiM4OHWJ', 'yJMiZr2kmc', 'QSOiy5Hh7c', 'aFsirU872b', 'skyilSX0Oq', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, dErwtbOIhEFqxGQZhN.csHigh entropy of concatenated method names: 'A347hsA3rE', 'X6a7gVM7tq', 'YoA78yLQyU', 'BXc7Mo7t7O', 'QKn7ydgNsT', 'GYb7lKvNAw', 'NVs7FlXh2D', 'LJE7kJgUr2', 'p1D7xplBd7', 'wt77T49DkY'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, ogP5rAPiEpGPhloLbo.csHigh entropy of concatenated method names: 'cK8fm3Skow', 'hb0f6CdRJl', 'naNfYabMvK', 'WNdfLcLXYa', 'WLvfsQVTIe', 'rTefaOA4SG', 'fZJfbDDgG2', 'XMGfPMjwMv', 'S69fDDN2v6', 'KGDfoM1O5O'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, yrkxLgKYAZoa4ATwX6.csHigh entropy of concatenated method names: 'Qm1523Gaj', 'JYvAXMPAr', 'snVSEDGfZ', 'uYrIQTBNd', 'AbsgWtdfB', 'KdEe1f5Rj', 'RQcbGPiyXOuydtNSAj', 'CYnDgxmceVowbfMm0B', 'fudiPaYS0', 'ltwdGeBkv'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, uEeXtO4XNIBXYK2Tdev.csHigh entropy of concatenated method names: 'sbQ3jwwiXF', 'pC93cXvtga', 'fv235yYWKg', 'Kna3AESuxw', 'KMY3NVfa6o', 'pw03SB8OT7', 'VTk3IhHgbK', 'kxw3hdlD7R', 'WcI3gFMTG9', 'p5q3eTiMjc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, DY27sNeyg9vpC1Hsyn.csHigh entropy of concatenated method names: 'APqsN6otQ6', 'd4VsIvkRZf', 'Fy0LZenhhZ', 'PigLyDrH1J', 'SCdLlQdY1Z', 'YQELEtBobk', 'cF1LF4C1g1', 'CnvLkEVUfJ', 'eigLVZe3NP', 'NoiLxwuiCW'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, AVanS4HBACcXACtDee.csHigh entropy of concatenated method names: 'rdQ34nVBlm', 'cTT3fNfaob', 'w2b3CeAe6D', 'UIv36BxfCD', 'Pj23YLchXr', 'Jry3sH6Ilu', 'Uf33aJurVB', 'EEWiQ9n9VE', 'pK5iBtTdBY', 'u4sivgT7HF'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, oPNdg4YLFfdoTTjD1o.csHigh entropy of concatenated method names: 'Dispose', 'GOh4vmyuAn', 'LckKMsrEB9', 'QZmnnJ44qW', 'sTb4HalxX7', 'Ywl4zS4vhI', 'ProcessDialogKey', 'EVgKXnU8sf', 'PNdK479P1X', 'dufKKNVanS'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, AyBX1DUcYNqriZ0gmj.csHigh entropy of concatenated method names: 'TN2woJhELU', 'PbCwqHwkW2', 'ToString', 'NXxw6t2Kg3', 'VAkwYp5psx', 'mCVwLSBZGG', 'kcQwsyIdHF', 'wwxwahcEds', 'ES1wbeAJbY', 'J9wwP181E3'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, ywUuoN44toNNkd5Kl6f.csHigh entropy of concatenated method names: 'ToString', 'q2edf84rxC', 'zP3dC8CgOp', 'AmgdmX4hQ5', 'lxqd6NAYJ3', 'Ts0dYZyuSM', 'Cf3dL4BGsH', 'ha0dsApkUt', 'RQAhQ3gmeGkJVnAbAj6', 'MxcN7MgWuJqEB8Hca6c'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, jPc8BJrc4FJrw1nAjc.csHigh entropy of concatenated method names: 'flD9xK4U0O', 'R1Z9nhfXiU', 'eYJ9rbGihm', 'XUe9WsKLb6', 'm9O9MIr4KU', 'O8Z9Z0llpu', 'o2o9yGIeuX', 'l859lZkKjR', 'mLm9EGtIfT', 'KNh9FlZ3Ig'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, blowsbhRT5ImjFslmA.csHigh entropy of concatenated method names: 'J4FYrpMQWs', 'zsjYWF0ELM', 'mVsY1XbjjS', 'ePNYUU1Mau', 'e5gYtdIUKD', 'zpvYpKNY92', 'mJiYQCWuBr', 'mL0YB4juus', 'nxTYvtaFG0', 'G0mYHlo7gc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, ObalxXB7HwlS4vhIgV.csHigh entropy of concatenated method names: 'Mgti6JojCh', 'NTDiYrZXhu', 'xP6iL9KV3U', 'TvpisGTUcg', 'teSiavSvUO', 'owjibGDomk', 'uhZiPjCb8y', 'XOwiDIob9I', 'sTQioVAAhT', 'mVyiqFIft4'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, YiP9PcVaeG93TFN1IG.csHigh entropy of concatenated method names: 'oTVbjMg7kB', 'qfobcH53Hf', 'GcTb5Tdw7t', 'u0nbAijMBB', 'quKbNlvmkm', 'bIEbSSYnFc', 'B72bI3bRl2', 'sZhbhUndtN', 'WGwbgE6aEM', 'vqqbeUcP14'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, bJt9RoCliq8g9gi4p3.csHigh entropy of concatenated method names: 'd944blowsb', 'wT54PImjFs', 'tBm4o7XDAG', 'ltB4q1hY27', 'SHs49ynkqR', 'yCA4JmihMg', 'cIoTDuK1MQaG5QVsWf', 'XPZlSyn9YkSbyC747s', 'EvT44aXYCG', 'fxj4fXfYyb'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, cRres3FcRBOksLVL86.csHigh entropy of concatenated method names: 'pGXb6bJqWn', 'PgCbLy4UUM', 'RBMba6M9VS', 'bpqaHSMvQU', 'uJYazdsQ3h', 'cNGbXHO8HZ', 'Qqnb4U8nY3', 'xTwbK3MdIC', 'juAbfG5klu', 'FIybCFm8Ys'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, TqMivSL7iPXNkQJhTi.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'RgrKvebWlJ', 'm6nKHAtHW9', 'a9TKzaeZya', 'QFwfXZytql', 'lebf4QGWjs', 'ufofK1Fhtg', 'IAIffiEJwc', 'yxfXX7UR6S041Vlf5Cg'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, nwYo7b4fqoaIyCCKAJW.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gBMdroKXG2', 'HModWKBFT0', 'V5Ed1oL7Oj', 'b8idUibEPy', 'lp9dt1fw8K', 'oePdp58fpn', 'x1GdQjyRJJ'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, IGirpG1rKZUaYUMgKV.csHigh entropy of concatenated method names: 'ToString', 'O07JTJ3MVw', 'SyPJMGcXN3', 'WTVJZvCk3L', 'UQeJy7PTOB', 'tS3JledhnR', 'zwGJEsufmn', 'rJ0JFnJUHM', 'mEcJkJDQpn', 'v60JVHoIM5'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, MqRjCA8mihMgPt3QRs.csHigh entropy of concatenated method names: 'CGRamqMvIZ', 'kYZaY5VHoN', 'sH3asiPFIo', 'eQSabodWKq', 'THhaPMSlsU', 'gNZstQj4Tu', 'rGyspbFFAu', 'ibssQT6TVR', 'JdhsBGDqKx', 'XB0svvD4ad'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, MZ930sz4QtWqvlUF7w.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xTu372wWwb', 'Ilr39swOvk', 'g7x3JwrtJc', 'UrB3wiKGQf', 'Rde3i9aDmX', 'XWW33xE82r', 'PiD3df33Xh'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, M9ym5dgBm7XDAGotB1.csHigh entropy of concatenated method names: 'niILAYTxYh', 'x0TLSc5Mhv', 'mnTLh6u0cj', 'TaKLgAL2vA', 'cu5L9Ex3wI', 'cxDLJWT0Ze', 'xydLwfUrpL', 'Jv0LijIFDq', 'RK6L33ndhL', 'LplLdZNb1x'
            Source: 0.2.ORIGINAL INVOICE COAU7230734293.exe.71f0000.4.raw.unpack, UnGqAipGRiiehMnM4m.csHigh entropy of concatenated method names: 'FgywBGWQyy', 'xr0wHDPfJK', 'GfMiXsYcog', 'I5Oi4PqdND', 'EFywT4rxYv', 'N14wnLFbgy', 'SurwOMkMZo', 'mKUwrJ4SuG', 'gp3wWIhdm2', 'JR4w11atG1'
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: ORIGINAL INVOICE COAU7230734293.exe PID: 5096, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeAPI/Special instruction interceptor: Address: 7FF90770D144
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeAPI/Special instruction interceptor: Address: 7FF907710594
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeAPI/Special instruction interceptor: Address: 7FF90770FF74
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeAPI/Special instruction interceptor: Address: 7FF90770D6C4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeAPI/Special instruction interceptor: Address: 7FF90770D864
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeAPI/Special instruction interceptor: Address: 7FF90770D004
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90770D144
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF907710594
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90770D764
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90770D324
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90770D364
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90770D004
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90770FF74
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90770D6C4
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FF90770D864
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory allocated: 2AA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory allocated: 2D00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory allocated: 2B20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory allocated: 7980000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory allocated: 8980000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory allocated: 8B30000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory allocated: 9B30000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory allocated: 9E80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory allocated: AE80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory allocated: BE80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D1763 rdtsc 2_2_016D1763
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeWindow / User API: threadDelayed 9852Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 894Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 865Jump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeAPI coverage: 1.0 %
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI coverage: 1.1 %
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe TID: 5716Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 2552Thread sleep count: 122 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 2552Thread sleep time: -244000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 2552Thread sleep count: 9852 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 2552Thread sleep time: -19704000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\RpcPing.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: explorer.exe, 00000005.00000002.183150949902.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%; >
            Source: RpcPing.exe, 00000004.00000002.180094426559.0000000002CA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll2(
            Source: explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: explorer.exe, 00000005.00000002.183151981871.000000000CDBE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000CDBE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWd32.exe
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D1763 rdtsc 2_2_016D1763
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_004172F3 LdrLoadDll,2_2_004172F3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C716D mov eax, dword ptr fs:[00000030h]2_2_016C716D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01696179 mov eax, dword ptr fs:[00000030h]2_2_01696179
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016E717A mov eax, dword ptr fs:[00000030h]2_2_016E717A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016E717A mov eax, dword ptr fs:[00000030h]2_2_016E717A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01763157 mov eax, dword ptr fs:[00000030h]2_2_01763157
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01763157 mov eax, dword ptr fs:[00000030h]2_2_01763157
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01763157 mov eax, dword ptr fs:[00000030h]2_2_01763157
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168A147 mov eax, dword ptr fs:[00000030h]2_2_0168A147
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168A147 mov eax, dword ptr fs:[00000030h]2_2_0168A147
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168A147 mov eax, dword ptr fs:[00000030h]2_2_0168A147
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C415F mov eax, dword ptr fs:[00000030h]2_2_016C415F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0172314A mov eax, dword ptr fs:[00000030h]2_2_0172314A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0172314A mov eax, dword ptr fs:[00000030h]2_2_0172314A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0172314A mov eax, dword ptr fs:[00000030h]2_2_0172314A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0172314A mov eax, dword ptr fs:[00000030h]2_2_0172314A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01765149 mov eax, dword ptr fs:[00000030h]2_2_01765149
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171A130 mov eax, dword ptr fs:[00000030h]2_2_0171A130
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C7128 mov eax, dword ptr fs:[00000030h]2_2_016C7128
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C7128 mov eax, dword ptr fs:[00000030h]2_2_016C7128
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174F13E mov eax, dword ptr fs:[00000030h]2_2_0174F13E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B510F mov eax, dword ptr fs:[00000030h]2_2_016B510F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169510D mov eax, dword ptr fs:[00000030h]2_2_0169510D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C0118 mov eax, dword ptr fs:[00000030h]2_2_016C0118
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F113 mov eax, dword ptr fs:[00000030h]2_2_0168F113
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016881EB mov eax, dword ptr fs:[00000030h]2_2_016881EB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169A1E3 mov eax, dword ptr fs:[00000030h]2_2_0169A1E3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169A1E3 mov eax, dword ptr fs:[00000030h]2_2_0169A1E3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169A1E3 mov eax, dword ptr fs:[00000030h]2_2_0169A1E3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169A1E3 mov eax, dword ptr fs:[00000030h]2_2_0169A1E3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169A1E3 mov eax, dword ptr fs:[00000030h]2_2_0169A1E3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BB1E0 mov eax, dword ptr fs:[00000030h]2_2_016BB1E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BB1E0 mov eax, dword ptr fs:[00000030h]2_2_016BB1E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BB1E0 mov eax, dword ptr fs:[00000030h]2_2_016BB1E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BB1E0 mov eax, dword ptr fs:[00000030h]2_2_016BB1E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BB1E0 mov eax, dword ptr fs:[00000030h]2_2_016BB1E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BB1E0 mov eax, dword ptr fs:[00000030h]2_2_016BB1E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BB1E0 mov eax, dword ptr fs:[00000030h]2_2_016BB1E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016991E5 mov eax, dword ptr fs:[00000030h]2_2_016991E5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016991E5 mov eax, dword ptr fs:[00000030h]2_2_016991E5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016891F0 mov eax, dword ptr fs:[00000030h]2_2_016891F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016891F0 mov eax, dword ptr fs:[00000030h]2_2_016891F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017581EE mov eax, dword ptr fs:[00000030h]2_2_017581EE
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017581EE mov eax, dword ptr fs:[00000030h]2_2_017581EE
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A01F1 mov eax, dword ptr fs:[00000030h]2_2_016A01F1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A01F1 mov eax, dword ptr fs:[00000030h]2_2_016A01F1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A01F1 mov eax, dword ptr fs:[00000030h]2_2_016A01F1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF1F0 mov eax, dword ptr fs:[00000030h]2_2_016BF1F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF1F0 mov eax, dword ptr fs:[00000030h]2_2_016BF1F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A01C0 mov eax, dword ptr fs:[00000030h]2_2_016A01C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A01C0 mov eax, dword ptr fs:[00000030h]2_2_016A01C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A51C0 mov eax, dword ptr fs:[00000030h]2_2_016A51C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A51C0 mov eax, dword ptr fs:[00000030h]2_2_016A51C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A51C0 mov eax, dword ptr fs:[00000030h]2_2_016A51C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A51C0 mov eax, dword ptr fs:[00000030h]2_2_016A51C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017651B6 mov eax, dword ptr fs:[00000030h]2_2_017651B6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE1A4 mov eax, dword ptr fs:[00000030h]2_2_016CE1A4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE1A4 mov eax, dword ptr fs:[00000030h]2_2_016CE1A4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C31BE mov eax, dword ptr fs:[00000030h]2_2_016C31BE
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C31BE mov eax, dword ptr fs:[00000030h]2_2_016C31BE
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C41BB mov ecx, dword ptr fs:[00000030h]2_2_016C41BB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C41BB mov eax, dword ptr fs:[00000030h]2_2_016C41BB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C41BB mov eax, dword ptr fs:[00000030h]2_2_016C41BB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01694180 mov eax, dword ptr fs:[00000030h]2_2_01694180
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01694180 mov eax, dword ptr fs:[00000030h]2_2_01694180
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01694180 mov eax, dword ptr fs:[00000030h]2_2_01694180
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D1190 mov eax, dword ptr fs:[00000030h]2_2_016D1190
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D1190 mov eax, dword ptr fs:[00000030h]2_2_016D1190
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B9194 mov eax, dword ptr fs:[00000030h]2_2_016B9194
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01739060 mov eax, dword ptr fs:[00000030h]2_2_01739060
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01697072 mov eax, dword ptr fs:[00000030h]2_2_01697072
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01696074 mov eax, dword ptr fs:[00000030h]2_2_01696074
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01696074 mov eax, dword ptr fs:[00000030h]2_2_01696074
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C0044 mov eax, dword ptr fs:[00000030h]2_2_016C0044
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0176505B mov eax, dword ptr fs:[00000030h]2_2_0176505B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01691051 mov eax, dword ptr fs:[00000030h]2_2_01691051
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01691051 mov eax, dword ptr fs:[00000030h]2_2_01691051
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168D02D mov eax, dword ptr fs:[00000030h]2_2_0168D02D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01698009 mov eax, dword ptr fs:[00000030h]2_2_01698009
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B5004 mov eax, dword ptr fs:[00000030h]2_2_016B5004
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B5004 mov ecx, dword ptr fs:[00000030h]2_2_016B5004
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2010 mov ecx, dword ptr fs:[00000030h]2_2_016D2010
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016890F8 mov eax, dword ptr fs:[00000030h]2_2_016890F8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016890F8 mov eax, dword ptr fs:[00000030h]2_2_016890F8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016890F8 mov eax, dword ptr fs:[00000030h]2_2_016890F8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016890F8 mov eax, dword ptr fs:[00000030h]2_2_016890F8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CD0F0 mov eax, dword ptr fs:[00000030h]2_2_016CD0F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CD0F0 mov ecx, dword ptr fs:[00000030h]2_2_016CD0F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168C0F6 mov eax, dword ptr fs:[00000030h]2_2_0168C0F6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AB0D0 mov eax, dword ptr fs:[00000030h]2_2_016AB0D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B0D6 mov eax, dword ptr fs:[00000030h]2_2_0168B0D6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B0D6 mov eax, dword ptr fs:[00000030h]2_2_0168B0D6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B0D6 mov eax, dword ptr fs:[00000030h]2_2_0168B0D6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B0D6 mov eax, dword ptr fs:[00000030h]2_2_0168B0D6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017650B7 mov eax, dword ptr fs:[00000030h]2_2_017650B7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D00A5 mov eax, dword ptr fs:[00000030h]2_2_016D00A5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F0A5 mov eax, dword ptr fs:[00000030h]2_2_0173F0A5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F0A5 mov eax, dword ptr fs:[00000030h]2_2_0173F0A5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F0A5 mov eax, dword ptr fs:[00000030h]2_2_0173F0A5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F0A5 mov eax, dword ptr fs:[00000030h]2_2_0173F0A5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F0A5 mov eax, dword ptr fs:[00000030h]2_2_0173F0A5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F0A5 mov eax, dword ptr fs:[00000030h]2_2_0173F0A5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F0A5 mov eax, dword ptr fs:[00000030h]2_2_0173F0A5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174B0AF mov eax, dword ptr fs:[00000030h]2_2_0174B0AF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01764080 mov eax, dword ptr fs:[00000030h]2_2_01764080
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01764080 mov eax, dword ptr fs:[00000030h]2_2_01764080
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01764080 mov eax, dword ptr fs:[00000030h]2_2_01764080
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01764080 mov eax, dword ptr fs:[00000030h]2_2_01764080
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01764080 mov eax, dword ptr fs:[00000030h]2_2_01764080
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01764080 mov eax, dword ptr fs:[00000030h]2_2_01764080
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01764080 mov eax, dword ptr fs:[00000030h]2_2_01764080
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168C090 mov eax, dword ptr fs:[00000030h]2_2_0168C090
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168A093 mov ecx, dword ptr fs:[00000030h]2_2_0168A093
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01710371 mov eax, dword ptr fs:[00000030h]2_2_01710371
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01710371 mov eax, dword ptr fs:[00000030h]2_2_01710371
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0170E372 mov eax, dword ptr fs:[00000030h]2_2_0170E372
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0170E372 mov eax, dword ptr fs:[00000030h]2_2_0170E372
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0170E372 mov eax, dword ptr fs:[00000030h]2_2_0170E372
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0170E372 mov eax, dword ptr fs:[00000030h]2_2_0170E372
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B360 mov eax, dword ptr fs:[00000030h]2_2_0169B360
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B360 mov eax, dword ptr fs:[00000030h]2_2_0169B360
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B360 mov eax, dword ptr fs:[00000030h]2_2_0169B360
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B360 mov eax, dword ptr fs:[00000030h]2_2_0169B360
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B360 mov eax, dword ptr fs:[00000030h]2_2_0169B360
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B360 mov eax, dword ptr fs:[00000030h]2_2_0169B360
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE363 mov eax, dword ptr fs:[00000030h]2_2_016CE363
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE363 mov eax, dword ptr fs:[00000030h]2_2_016CE363
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE363 mov eax, dword ptr fs:[00000030h]2_2_016CE363
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE363 mov eax, dword ptr fs:[00000030h]2_2_016CE363
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE363 mov eax, dword ptr fs:[00000030h]2_2_016CE363
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE363 mov eax, dword ptr fs:[00000030h]2_2_016CE363
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE363 mov eax, dword ptr fs:[00000030h]2_2_016CE363
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE363 mov eax, dword ptr fs:[00000030h]2_2_016CE363
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B237A mov eax, dword ptr fs:[00000030h]2_2_016B237A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01688347 mov eax, dword ptr fs:[00000030h]2_2_01688347
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01688347 mov eax, dword ptr fs:[00000030h]2_2_01688347
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01688347 mov eax, dword ptr fs:[00000030h]2_2_01688347
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CA350 mov eax, dword ptr fs:[00000030h]2_2_016CA350
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168E328 mov eax, dword ptr fs:[00000030h]2_2_0168E328
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168E328 mov eax, dword ptr fs:[00000030h]2_2_0168E328
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168E328 mov eax, dword ptr fs:[00000030h]2_2_0168E328
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01763336 mov eax, dword ptr fs:[00000030h]2_2_01763336
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B332D mov eax, dword ptr fs:[00000030h]2_2_016B332D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C8322 mov eax, dword ptr fs:[00000030h]2_2_016C8322
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C8322 mov eax, dword ptr fs:[00000030h]2_2_016C8322
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C8322 mov eax, dword ptr fs:[00000030h]2_2_016C8322
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01689303 mov eax, dword ptr fs:[00000030h]2_2_01689303
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01689303 mov eax, dword ptr fs:[00000030h]2_2_01689303
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C631F mov eax, dword ptr fs:[00000030h]2_2_016C631F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AE310 mov eax, dword ptr fs:[00000030h]2_2_016AE310
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AE310 mov eax, dword ptr fs:[00000030h]2_2_016AE310
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AE310 mov eax, dword ptr fs:[00000030h]2_2_016AE310
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171330C mov eax, dword ptr fs:[00000030h]2_2_0171330C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171330C mov eax, dword ptr fs:[00000030h]2_2_0171330C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171330C mov eax, dword ptr fs:[00000030h]2_2_0171330C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171330C mov eax, dword ptr fs:[00000030h]2_2_0171330C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174F30A mov eax, dword ptr fs:[00000030h]2_2_0174F30A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016963CB mov eax, dword ptr fs:[00000030h]2_2_016963CB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017143D5 mov eax, dword ptr fs:[00000030h]2_2_017143D5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168E3C0 mov eax, dword ptr fs:[00000030h]2_2_0168E3C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168E3C0 mov eax, dword ptr fs:[00000030h]2_2_0168E3C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168E3C0 mov eax, dword ptr fs:[00000030h]2_2_0168E3C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168C3C7 mov eax, dword ptr fs:[00000030h]2_2_0168C3C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C33D0 mov eax, dword ptr fs:[00000030h]2_2_016C33D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C43D0 mov ecx, dword ptr fs:[00000030h]2_2_016C43D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0170C3B0 mov eax, dword ptr fs:[00000030h]2_2_0170C3B0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016993A6 mov eax, dword ptr fs:[00000030h]2_2_016993A6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016993A6 mov eax, dword ptr fs:[00000030h]2_2_016993A6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01691380 mov eax, dword ptr fs:[00000030h]2_2_01691380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01691380 mov eax, dword ptr fs:[00000030h]2_2_01691380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01691380 mov eax, dword ptr fs:[00000030h]2_2_01691380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01691380 mov eax, dword ptr fs:[00000030h]2_2_01691380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01691380 mov eax, dword ptr fs:[00000030h]2_2_01691380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AF380 mov eax, dword ptr fs:[00000030h]2_2_016AF380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AF380 mov eax, dword ptr fs:[00000030h]2_2_016AF380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AF380 mov eax, dword ptr fs:[00000030h]2_2_016AF380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AF380 mov eax, dword ptr fs:[00000030h]2_2_016AF380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AF380 mov eax, dword ptr fs:[00000030h]2_2_016AF380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AF380 mov eax, dword ptr fs:[00000030h]2_2_016AF380
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BA390 mov eax, dword ptr fs:[00000030h]2_2_016BA390
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BA390 mov eax, dword ptr fs:[00000030h]2_2_016BA390
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BA390 mov eax, dword ptr fs:[00000030h]2_2_016BA390
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174F38A mov eax, dword ptr fs:[00000030h]2_2_0174F38A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174D270 mov eax, dword ptr fs:[00000030h]2_2_0174D270
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0172327E mov eax, dword ptr fs:[00000030h]2_2_0172327E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0172327E mov eax, dword ptr fs:[00000030h]2_2_0172327E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0172327E mov eax, dword ptr fs:[00000030h]2_2_0172327E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0172327E mov eax, dword ptr fs:[00000030h]2_2_0172327E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0172327E mov eax, dword ptr fs:[00000030h]2_2_0172327E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0172327E mov eax, dword ptr fs:[00000030h]2_2_0172327E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B273 mov eax, dword ptr fs:[00000030h]2_2_0168B273
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B273 mov eax, dword ptr fs:[00000030h]2_2_0168B273
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B273 mov eax, dword ptr fs:[00000030h]2_2_0168B273
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF24A mov eax, dword ptr fs:[00000030h]2_2_016BF24A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174F247 mov eax, dword ptr fs:[00000030h]2_2_0174F247
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175124C mov eax, dword ptr fs:[00000030h]2_2_0175124C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175124C mov eax, dword ptr fs:[00000030h]2_2_0175124C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175124C mov eax, dword ptr fs:[00000030h]2_2_0175124C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175124C mov eax, dword ptr fs:[00000030h]2_2_0175124C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CA22B mov eax, dword ptr fs:[00000030h]2_2_016CA22B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CA22B mov eax, dword ptr fs:[00000030h]2_2_016CA22B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CA22B mov eax, dword ptr fs:[00000030h]2_2_016CA22B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01710227 mov eax, dword ptr fs:[00000030h]2_2_01710227
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01710227 mov eax, dword ptr fs:[00000030h]2_2_01710227
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01710227 mov eax, dword ptr fs:[00000030h]2_2_01710227
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B0230 mov ecx, dword ptr fs:[00000030h]2_2_016B0230
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171B214 mov eax, dword ptr fs:[00000030h]2_2_0171B214
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171B214 mov eax, dword ptr fs:[00000030h]2_2_0171B214
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168A200 mov eax, dword ptr fs:[00000030h]2_2_0168A200
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168821B mov eax, dword ptr fs:[00000030h]2_2_0168821B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168D2EC mov eax, dword ptr fs:[00000030h]2_2_0168D2EC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168D2EC mov eax, dword ptr fs:[00000030h]2_2_0168D2EC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016872E0 mov eax, dword ptr fs:[00000030h]2_2_016872E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169A2E0 mov eax, dword ptr fs:[00000030h]2_2_0169A2E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169A2E0 mov eax, dword ptr fs:[00000030h]2_2_0169A2E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169A2E0 mov eax, dword ptr fs:[00000030h]2_2_0169A2E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169A2E0 mov eax, dword ptr fs:[00000030h]2_2_0169A2E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169A2E0 mov eax, dword ptr fs:[00000030h]2_2_0169A2E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169A2E0 mov eax, dword ptr fs:[00000030h]2_2_0169A2E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016982E0 mov eax, dword ptr fs:[00000030h]2_2_016982E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016982E0 mov eax, dword ptr fs:[00000030h]2_2_016982E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016982E0 mov eax, dword ptr fs:[00000030h]2_2_016982E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016982E0 mov eax, dword ptr fs:[00000030h]2_2_016982E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A02F9 mov eax, dword ptr fs:[00000030h]2_2_016A02F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A02F9 mov eax, dword ptr fs:[00000030h]2_2_016A02F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A02F9 mov eax, dword ptr fs:[00000030h]2_2_016A02F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A02F9 mov eax, dword ptr fs:[00000030h]2_2_016A02F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A02F9 mov eax, dword ptr fs:[00000030h]2_2_016A02F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A02F9 mov eax, dword ptr fs:[00000030h]2_2_016A02F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A02F9 mov eax, dword ptr fs:[00000030h]2_2_016A02F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A02F9 mov eax, dword ptr fs:[00000030h]2_2_016A02F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C32C0 mov eax, dword ptr fs:[00000030h]2_2_016C32C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C32C0 mov eax, dword ptr fs:[00000030h]2_2_016C32C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B32C5 mov eax, dword ptr fs:[00000030h]2_2_016B32C5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017632C9 mov eax, dword ptr fs:[00000030h]2_2_017632C9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B42AF mov eax, dword ptr fs:[00000030h]2_2_016B42AF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B42AF mov eax, dword ptr fs:[00000030h]2_2_016B42AF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016892AF mov eax, dword ptr fs:[00000030h]2_2_016892AF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0176B2BC mov eax, dword ptr fs:[00000030h]2_2_0176B2BC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0176B2BC mov eax, dword ptr fs:[00000030h]2_2_0176B2BC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0176B2BC mov eax, dword ptr fs:[00000030h]2_2_0176B2BC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0176B2BC mov eax, dword ptr fs:[00000030h]2_2_0176B2BC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168C2B0 mov ecx, dword ptr fs:[00000030h]2_2_0168C2B0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174F2AE mov eax, dword ptr fs:[00000030h]2_2_0174F2AE
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017592AB mov eax, dword ptr fs:[00000030h]2_2_017592AB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0170E289 mov eax, dword ptr fs:[00000030h]2_2_0170E289
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01697290 mov eax, dword ptr fs:[00000030h]2_2_01697290
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01697290 mov eax, dword ptr fs:[00000030h]2_2_01697290
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01697290 mov eax, dword ptr fs:[00000030h]2_2_01697290
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AC560 mov eax, dword ptr fs:[00000030h]2_2_016AC560
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169254C mov eax, dword ptr fs:[00000030h]2_2_0169254C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175A553 mov eax, dword ptr fs:[00000030h]2_2_0175A553
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0176B55F mov eax, dword ptr fs:[00000030h]2_2_0176B55F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0176B55F mov eax, dword ptr fs:[00000030h]2_2_0176B55F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C6540 mov eax, dword ptr fs:[00000030h]2_2_016C6540
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C8540 mov eax, dword ptr fs:[00000030h]2_2_016C8540
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016AE547 mov eax, dword ptr fs:[00000030h]2_2_016AE547
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A252B mov eax, dword ptr fs:[00000030h]2_2_016A252B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A252B mov eax, dword ptr fs:[00000030h]2_2_016A252B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A252B mov eax, dword ptr fs:[00000030h]2_2_016A252B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A252B mov eax, dword ptr fs:[00000030h]2_2_016A252B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A252B mov eax, dword ptr fs:[00000030h]2_2_016A252B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A252B mov eax, dword ptr fs:[00000030h]2_2_016A252B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A252B mov eax, dword ptr fs:[00000030h]2_2_016A252B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C1527 mov eax, dword ptr fs:[00000030h]2_2_016C1527
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CF523 mov eax, dword ptr fs:[00000030h]2_2_016CF523
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D2539 mov eax, dword ptr fs:[00000030h]2_2_016D2539
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168753F mov eax, dword ptr fs:[00000030h]2_2_0168753F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168753F mov eax, dword ptr fs:[00000030h]2_2_0168753F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168753F mov eax, dword ptr fs:[00000030h]2_2_0168753F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01693536 mov eax, dword ptr fs:[00000030h]2_2_01693536
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01693536 mov eax, dword ptr fs:[00000030h]2_2_01693536
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CC50D mov eax, dword ptr fs:[00000030h]2_2_016CC50D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CC50D mov eax, dword ptr fs:[00000030h]2_2_016CC50D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov eax, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov eax, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov eax, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov eax, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov eax, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov eax, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov ecx, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov ecx, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov eax, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov eax, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov eax, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov eax, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173F51B mov eax, dword ptr fs:[00000030h]2_2_0173F51B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01692500 mov eax, dword ptr fs:[00000030h]2_2_01692500
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B502 mov eax, dword ptr fs:[00000030h]2_2_0168B502
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171C51D mov eax, dword ptr fs:[00000030h]2_2_0171C51D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE507 mov eax, dword ptr fs:[00000030h]2_2_016BE507
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE507 mov eax, dword ptr fs:[00000030h]2_2_016BE507
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE507 mov eax, dword ptr fs:[00000030h]2_2_016BE507
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE507 mov eax, dword ptr fs:[00000030h]2_2_016BE507
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE507 mov eax, dword ptr fs:[00000030h]2_2_016BE507
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE507 mov eax, dword ptr fs:[00000030h]2_2_016BE507
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE507 mov eax, dword ptr fs:[00000030h]2_2_016BE507
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE507 mov eax, dword ptr fs:[00000030h]2_2_016BE507
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B1514 mov eax, dword ptr fs:[00000030h]2_2_016B1514
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B1514 mov eax, dword ptr fs:[00000030h]2_2_016B1514
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B1514 mov eax, dword ptr fs:[00000030h]2_2_016B1514
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B1514 mov eax, dword ptr fs:[00000030h]2_2_016B1514
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B1514 mov eax, dword ptr fs:[00000030h]2_2_016B1514
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B1514 mov eax, dword ptr fs:[00000030h]2_2_016B1514
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C15EF mov eax, dword ptr fs:[00000030h]2_2_016C15EF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B5E0 mov eax, dword ptr fs:[00000030h]2_2_0169B5E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B5E0 mov eax, dword ptr fs:[00000030h]2_2_0169B5E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B5E0 mov eax, dword ptr fs:[00000030h]2_2_0169B5E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B5E0 mov eax, dword ptr fs:[00000030h]2_2_0169B5E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B5E0 mov eax, dword ptr fs:[00000030h]2_2_0169B5E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169B5E0 mov eax, dword ptr fs:[00000030h]2_2_0169B5E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CA5E7 mov ebx, dword ptr fs:[00000030h]2_2_016CA5E7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CA5E7 mov eax, dword ptr fs:[00000030h]2_2_016CA5E7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171C5FC mov eax, dword ptr fs:[00000030h]2_2_0171C5FC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CC5C6 mov eax, dword ptr fs:[00000030h]2_2_016CC5C6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F5C7 mov eax, dword ptr fs:[00000030h]2_2_0168F5C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F5C7 mov eax, dword ptr fs:[00000030h]2_2_0168F5C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F5C7 mov eax, dword ptr fs:[00000030h]2_2_0168F5C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F5C7 mov eax, dword ptr fs:[00000030h]2_2_0168F5C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F5C7 mov eax, dword ptr fs:[00000030h]2_2_0168F5C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F5C7 mov eax, dword ptr fs:[00000030h]2_2_0168F5C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F5C7 mov eax, dword ptr fs:[00000030h]2_2_0168F5C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F5C7 mov eax, dword ptr fs:[00000030h]2_2_0168F5C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F5C7 mov eax, dword ptr fs:[00000030h]2_2_0168F5C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017105C6 mov eax, dword ptr fs:[00000030h]2_2_017105C6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C65D0 mov eax, dword ptr fs:[00000030h]2_2_016C65D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016945B0 mov eax, dword ptr fs:[00000030h]2_2_016945B0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016945B0 mov eax, dword ptr fs:[00000030h]2_2_016945B0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017185AA mov eax, dword ptr fs:[00000030h]2_2_017185AA
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171C592 mov eax, dword ptr fs:[00000030h]2_2_0171C592
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C9580 mov eax, dword ptr fs:[00000030h]2_2_016C9580
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C9580 mov eax, dword ptr fs:[00000030h]2_2_016C9580
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CA580 mov eax, dword ptr fs:[00000030h]2_2_016CA580
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CA580 mov eax, dword ptr fs:[00000030h]2_2_016CA580
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174F582 mov eax, dword ptr fs:[00000030h]2_2_0174F582
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0170E588 mov eax, dword ptr fs:[00000030h]2_2_0170E588
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0170E588 mov eax, dword ptr fs:[00000030h]2_2_0170E588
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C2594 mov eax, dword ptr fs:[00000030h]2_2_016C2594
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174F478 mov eax, dword ptr fs:[00000030h]2_2_0174F478
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175A464 mov eax, dword ptr fs:[00000030h]2_2_0175A464
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01698470 mov eax, dword ptr fs:[00000030h]2_2_01698470
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01698470 mov eax, dword ptr fs:[00000030h]2_2_01698470
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A0445 mov eax, dword ptr fs:[00000030h]2_2_016A0445
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A0445 mov eax, dword ptr fs:[00000030h]2_2_016A0445
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A0445 mov eax, dword ptr fs:[00000030h]2_2_016A0445
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A0445 mov eax, dword ptr fs:[00000030h]2_2_016A0445
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A0445 mov eax, dword ptr fs:[00000030h]2_2_016A0445
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A0445 mov eax, dword ptr fs:[00000030h]2_2_016A0445
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE45E mov eax, dword ptr fs:[00000030h]2_2_016BE45E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE45E mov eax, dword ptr fs:[00000030h]2_2_016BE45E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE45E mov eax, dword ptr fs:[00000030h]2_2_016BE45E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE45E mov eax, dword ptr fs:[00000030h]2_2_016BE45E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE45E mov eax, dword ptr fs:[00000030h]2_2_016BE45E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CD450 mov eax, dword ptr fs:[00000030h]2_2_016CD450
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CD450 mov eax, dword ptr fs:[00000030h]2_2_016CD450
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169D454 mov eax, dword ptr fs:[00000030h]2_2_0169D454
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169D454 mov eax, dword ptr fs:[00000030h]2_2_0169D454
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169D454 mov eax, dword ptr fs:[00000030h]2_2_0169D454
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169D454 mov eax, dword ptr fs:[00000030h]2_2_0169D454
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169D454 mov eax, dword ptr fs:[00000030h]2_2_0169D454
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169D454 mov eax, dword ptr fs:[00000030h]2_2_0169D454
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B420 mov eax, dword ptr fs:[00000030h]2_2_0168B420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C7425 mov eax, dword ptr fs:[00000030h]2_2_016C7425
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C7425 mov ecx, dword ptr fs:[00000030h]2_2_016C7425
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01719429 mov eax, dword ptr fs:[00000030h]2_2_01719429
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171F42F mov eax, dword ptr fs:[00000030h]2_2_0171F42F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171F42F mov eax, dword ptr fs:[00000030h]2_2_0171F42F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171F42F mov eax, dword ptr fs:[00000030h]2_2_0171F42F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171F42F mov eax, dword ptr fs:[00000030h]2_2_0171F42F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171F42F mov eax, dword ptr fs:[00000030h]2_2_0171F42F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168640D mov eax, dword ptr fs:[00000030h]2_2_0168640D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01726400 mov eax, dword ptr fs:[00000030h]2_2_01726400
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01726400 mov eax, dword ptr fs:[00000030h]2_2_01726400
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174F409 mov eax, dword ptr fs:[00000030h]2_2_0174F409
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE4EF mov eax, dword ptr fs:[00000030h]2_2_016CE4EF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE4EF mov eax, dword ptr fs:[00000030h]2_2_016CE4EF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174F4FD mov eax, dword ptr fs:[00000030h]2_2_0174F4FD
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C54E0 mov eax, dword ptr fs:[00000030h]2_2_016C54E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B94FA mov eax, dword ptr fs:[00000030h]2_2_016B94FA
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016964F0 mov eax, dword ptr fs:[00000030h]2_2_016964F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CA4F0 mov eax, dword ptr fs:[00000030h]2_2_016CA4F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CA4F0 mov eax, dword ptr fs:[00000030h]2_2_016CA4F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B14C9 mov eax, dword ptr fs:[00000030h]2_2_016B14C9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B14C9 mov eax, dword ptr fs:[00000030h]2_2_016B14C9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B14C9 mov eax, dword ptr fs:[00000030h]2_2_016B14C9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B14C9 mov eax, dword ptr fs:[00000030h]2_2_016B14C9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B14C9 mov eax, dword ptr fs:[00000030h]2_2_016B14C9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B44D1 mov eax, dword ptr fs:[00000030h]2_2_016B44D1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B44D1 mov eax, dword ptr fs:[00000030h]2_2_016B44D1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF4D0 mov eax, dword ptr fs:[00000030h]2_2_016BF4D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF4D0 mov eax, dword ptr fs:[00000030h]2_2_016BF4D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF4D0 mov eax, dword ptr fs:[00000030h]2_2_016BF4D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF4D0 mov eax, dword ptr fs:[00000030h]2_2_016BF4D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF4D0 mov eax, dword ptr fs:[00000030h]2_2_016BF4D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF4D0 mov eax, dword ptr fs:[00000030h]2_2_016BF4D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF4D0 mov eax, dword ptr fs:[00000030h]2_2_016BF4D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF4D0 mov eax, dword ptr fs:[00000030h]2_2_016BF4D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BF4D0 mov eax, dword ptr fs:[00000030h]2_2_016BF4D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C44A8 mov eax, dword ptr fs:[00000030h]2_2_016C44A8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016924A2 mov eax, dword ptr fs:[00000030h]2_2_016924A2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016924A2 mov ecx, dword ptr fs:[00000030h]2_2_016924A2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CE4BC mov eax, dword ptr fs:[00000030h]2_2_016CE4BC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171D4A0 mov ecx, dword ptr fs:[00000030h]2_2_0171D4A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171D4A0 mov eax, dword ptr fs:[00000030h]2_2_0171D4A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171D4A0 mov eax, dword ptr fs:[00000030h]2_2_0171D4A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0171C490 mov eax, dword ptr fs:[00000030h]2_2_0171C490
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C648A mov eax, dword ptr fs:[00000030h]2_2_016C648A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C648A mov eax, dword ptr fs:[00000030h]2_2_016C648A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C648A mov eax, dword ptr fs:[00000030h]2_2_016C648A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01690485 mov ecx, dword ptr fs:[00000030h]2_2_01690485
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CB490 mov eax, dword ptr fs:[00000030h]2_2_016CB490
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CB490 mov eax, dword ptr fs:[00000030h]2_2_016CB490
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016A2760 mov ecx, dword ptr fs:[00000030h]2_2_016A2760
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D1763 mov eax, dword ptr fs:[00000030h]2_2_016D1763
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D1763 mov eax, dword ptr fs:[00000030h]2_2_016D1763
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D1763 mov eax, dword ptr fs:[00000030h]2_2_016D1763
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D1763 mov eax, dword ptr fs:[00000030h]2_2_016D1763
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D1763 mov eax, dword ptr fs:[00000030h]2_2_016D1763
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016D1763 mov eax, dword ptr fs:[00000030h]2_2_016D1763
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01694779 mov eax, dword ptr fs:[00000030h]2_2_01694779
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_01694779 mov eax, dword ptr fs:[00000030h]2_2_01694779
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C0774 mov eax, dword ptr fs:[00000030h]2_2_016C0774
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0173E750 mov eax, dword ptr fs:[00000030h]2_2_0173E750
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C174A mov eax, dword ptr fs:[00000030h]2_2_016C174A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016C3740 mov eax, dword ptr fs:[00000030h]2_2_016C3740
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F75B mov eax, dword ptr fs:[00000030h]2_2_0168F75B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F75B mov eax, dword ptr fs:[00000030h]2_2_0168F75B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F75B mov eax, dword ptr fs:[00000030h]2_2_0168F75B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F75B mov eax, dword ptr fs:[00000030h]2_2_0168F75B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F75B mov eax, dword ptr fs:[00000030h]2_2_0168F75B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F75B mov eax, dword ptr fs:[00000030h]2_2_0168F75B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F75B mov eax, dword ptr fs:[00000030h]2_2_0168F75B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F75B mov eax, dword ptr fs:[00000030h]2_2_0168F75B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168F75B mov eax, dword ptr fs:[00000030h]2_2_0168F75B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016CA750 mov eax, dword ptr fs:[00000030h]2_2_016CA750
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B2755 mov eax, dword ptr fs:[00000030h]2_2_016B2755
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B2755 mov eax, dword ptr fs:[00000030h]2_2_016B2755
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B2755 mov eax, dword ptr fs:[00000030h]2_2_016B2755
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B2755 mov ecx, dword ptr fs:[00000030h]2_2_016B2755
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B2755 mov eax, dword ptr fs:[00000030h]2_2_016B2755
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B2755 mov eax, dword ptr fs:[00000030h]2_2_016B2755
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B9723 mov eax, dword ptr fs:[00000030h]2_2_016B9723
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174F717 mov eax, dword ptr fs:[00000030h]2_2_0174F717
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B270D mov eax, dword ptr fs:[00000030h]2_2_016B270D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B270D mov eax, dword ptr fs:[00000030h]2_2_016B270D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016B270D mov eax, dword ptr fs:[00000030h]2_2_016B270D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169D700 mov ecx, dword ptr fs:[00000030h]2_2_0169D700
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B705 mov eax, dword ptr fs:[00000030h]2_2_0168B705
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B705 mov eax, dword ptr fs:[00000030h]2_2_0168B705
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B705 mov eax, dword ptr fs:[00000030h]2_2_0168B705
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0168B705 mov eax, dword ptr fs:[00000030h]2_2_0168B705
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169471B mov eax, dword ptr fs:[00000030h]2_2_0169471B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0169471B mov eax, dword ptr fs:[00000030h]2_2_0169471B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175970B mov eax, dword ptr fs:[00000030h]2_2_0175970B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175970B mov eax, dword ptr fs:[00000030h]2_2_0175970B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016BE7E0 mov eax, dword ptr fs:[00000030h]2_2_016BE7E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016937E4 mov eax, dword ptr fs:[00000030h]2_2_016937E4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016937E4 mov eax, dword ptr fs:[00000030h]2_2_016937E4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016937E4 mov eax, dword ptr fs:[00000030h]2_2_016937E4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016937E4 mov eax, dword ptr fs:[00000030h]2_2_016937E4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016937E4 mov eax, dword ptr fs:[00000030h]2_2_016937E4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016937E4 mov eax, dword ptr fs:[00000030h]2_2_016937E4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016937E4 mov eax, dword ptr fs:[00000030h]2_2_016937E4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016977F9 mov eax, dword ptr fs:[00000030h]2_2_016977F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016977F9 mov eax, dword ptr fs:[00000030h]2_2_016977F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0174F7CF mov eax, dword ptr fs:[00000030h]2_2_0174F7CF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_017617BC mov eax, dword ptr fs:[00000030h]2_2_017617BC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_016907A7 mov eax, dword ptr fs:[00000030h]2_2_016907A7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeCode function: 2_2_0175D7A7 mov eax, dword ptr fs:[00000030h]2_2_0175D7A7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7FF8D33E9E7F
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x4767F1DJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeNtClose: Indirect: 0x19BF629
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x476816BJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeNtQueueApcThread: Indirect: 0x19BF598Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x476FC82Jump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeNtSuspendThread: Indirect: 0x19C3ADDJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeNtResumeThread: Indirect: 0x19C3DEDJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FF9076C2651Jump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeNtSetContextThread: Indirect: 0x19C37CDJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeMemory written: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeSection loaded: NULL target: C:\Windows\SysWOW64\RpcPing.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeThread register set: target process: 7608Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeThread register set: target process: 7608Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeProcess created: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe"Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"Jump to behavior
            Source: RAVCpl64.exe, 00000003.00000002.183140108800.0000000000DA0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.178472841975.0000000000DA0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.180018185324.0000000000B81000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: RAVCpl64.exe, 00000003.00000002.183140108800.0000000000DA0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.178472841975.0000000000DA0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.180020314207.00000000041C0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: RAVCpl64.exe, 00000003.00000002.183140108800.0000000000DA0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.178472841975.0000000000DA0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.180017693905.0000000000573000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
            Source: RAVCpl64.exe, 00000003.00000002.183140108800.0000000000DA0000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.178472841975.0000000000DA0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.180018185324.0000000000B81000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: explorer.exe, 00000005.00000003.180694225109.0000000002A1E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180018765273.0000000002A1E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183140110315.0000000002A1E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndmQX#
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeQueries volume information: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.178539531336.00000000011B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.180095014351.0000000003140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.180094934887.00000000030F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.ORIGINAL INVOICE COAU7230734293.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.178539531336.00000000011B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.180095014351.0000000003140000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.180094934887.00000000030F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Masquerading            		OS Credential Dumping121
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets112
            System Information Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Timestomp            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            ORIGINAL INVOICE COAU7230734293.exe48%VirustotalBrowse
            ORIGINAL INVOICE COAU7230734293.exe58%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://assets.msn.com/weathermapdata/1/static/background/v2.0/jpg/0%VirustotalBrowse
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12PNdd-dark0%VirustotalBrowse
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12PNdd0%VirustotalBrowse
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%VirustotalBrowse
            https://assets.msn.com/weathermapdata/1/static/finance/crypto/icons/Cryptoc2112Image.png0%VirustotalBrowse
            https://www.pollensense.com/0%VirustotalBrowse
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW0%VirustotalBrowse
            https://api.msn.com:443/v1/news/Feed/Windows?0%VirustotalBrowse
            https://www.msn.com/en-us/feed0%VirustotalBrowse
            https://www.msn.com/en-us/lifestyle/shopping/iphone-16-first-look-while-we-wait-for-apple-intelligen0%VirustotalBrowse
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW-dark0%VirustotalBrowse
            https://api.msn.com/P0%VirustotalBrowse
            https://www.msn.com/en-us/channel/source/AZ%20Animals%20US/sr-vid-7etr9q8xun6k6508c3nufaum0de3dqktiq1%VirustotalBrowse
            https://excel.office.com0%VirustotalBrowse
            https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Stock_In0%VirustotalBrowse
            https://assets.msn.com/weathermapdata/1/static/weather/Icons/taskbar_v10/0%VirustotalBrowse
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gFtr-dark0%VirustotalBrowse
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi30%VirustotalBrowse
            https://windows.msn.com:443/shell?osLocale=en-US&chosenMarketReason=ImplicitNew0%VirustotalBrowse
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://www.msn.com/en-us/money/retirement/americans-have-just-weeks-left-until-new-social-security-explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
              		unknown
              https://assets.msn.com/weathermapdata/1/static/background/v2.0/jpg/explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalseunknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12PNddexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalseunknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12PNdd-darkexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalseunknown
              https://www.pollensense.com/explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalseunknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalseunknown
              https://assets.msn.com/weathermapdata/1/static/finance/crypto/icons/Cryptoc2112Image.pngexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalseunknown
              https://www.msn.com/en-us/news/us/james-earl-jones-s-talents-went-far-far-beyond-his-magnificent-voiexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                		unknown
                https://www.msn.com/en-us/news/us/john-amos-patriarch-on-good-times-and-an-emmy-nominee-for-the-blocexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                  		unknown
                  https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/hot.svgexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                    		unknown
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvWexplorer.exe, 00000005.00000002.183144624425.0000000008D7C000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                    https://www.msn.com/en-us/lifestyle/relationships/my-dad-was-gay-but-married-to-my-mom-for-64-years-explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                      		unknown
                      https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000005.00000002.183150949902.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                      https://www.delish.com/restaurants/g33388878/diners-drive-ins-and-dives-restaurant-rules/explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                        		unknown
                        https://www.msn.com/en-us/feedexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                        https://api.msn.com/Pexplorer.exe, 00000005.00000002.183144984959.0000000008DDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180021816351.0000000008DDA000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                        https://www.msn.com/en-us/autos/other/24-used-sports-cars-that-are-notoriously-reliable-yet-crazy-chexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                          		unknown
                          https://www.msn.com/en-us/lifestyle/shopping/iphone-16-first-look-while-we-wait-for-apple-intelligenexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                          https://www.msn.com/en-us/sports/other/can-t-miss-play-vintage-rodgers-jets-qb-gashes-49ers-for-36-yexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                            		unknown
                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW-darkexplorer.exe, 00000005.00000002.183144624425.0000000008D7C000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                            https://www.msn.com/en-us/tv/news/reacher-spinoff-the-untitled-neagley-project-starring-maria-sten-sexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                              		unknown
                              https://assets.msn.com/weathermapdata/1/static/weather/Icons/taskbar_v10/explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                              https://excel.office.comexplorer.exe, 00000005.00000002.183150949902.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                              https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Stock_Inexplorer.exe, 00000005.00000000.180021816351.0000000008DDA000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                              https://www.msn.com/en-us/channel/source/AZ%20Animals%20US/sr-vid-7etr9q8xun6k6508c3nufaum0de3dqktiqexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                              https://www.msn.com/en-us/weather/hourlyforecast/in-Miami%2CFlorida?loc=eyJsIjoiTWlhbWkiLCJyIjoiRmxvexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                		unknown
                                http://schemas.microexplorer.exe, 00000005.00000002.183147375227.0000000009450000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.180018627893.00000000029E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.180024198807.000000000A030000.00000002.00000001.00040000.00000000.sdmpfalse
                                  		unknown
                                  https://powerpoint.office.comEMexplorer.exe, 00000005.00000000.180028656269.000000000D1F5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183153717616.000000000D1F5000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://www.msn.com/en-us/news/crime/dick-van-dyke-forever-young/ar-AA1lDpRDexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://www.msn.com/en-us/news/us/sen-tuberville-blocks-promotion-of-lloyd-austin-s-top-military-aidexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://www.msn.com/en-us/sports/nba/don-t-know-what-to-say-phil-jackson-on-pau-gasol-and-matt-barneexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://www.msn.com/en-us/news/politics/jd-vance-spreads-outrageous-lie-about-haiexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gFtr-darkexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                                            https://windows.msn.com:443/shell?osLocale=en-US&chosenMarketReason=ImplicitNewexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhbexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                                            https://www.msn.com/en-us/weather/forecast/in-Miami%2CFlorida?loc=eyJsIjoiTWlhbWkiLCJyIjoiRmxvcmlkYSexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                                              https://www.msn.com/en-us/news/us/trump-repeats-false-claims-that-children-are-undergoing-transgendeexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://api.msn.com/v1/news/Feed/Windows?activityId=30839BE1E99742A69F7CECEEBE3BA9D0&timeOut=5000&ocexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlySunnyDay.svgexplorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.msn.com/en-us/money/savingandinvesting/rich-young-americans-are-ditching-the-stormy-stocexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://excel.office.comrlexplorer.exe, 00000005.00000002.183153717616.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.180691575617.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180028656269.000000000D2A7000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://ntp.msn.com/edge/ntp?cm=en-us&ocid=widgetonlockscreenwin10&cvid=22fac781-5ff2-4c5e-9dca-d6b3explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://assets.msn.com/weathermapdata/1/explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://www.msn.com/en-us/money/retirement/middle-aged-americans-are-leaving-work-for-months-years-texplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240908.1/Weather/W02_Mostexplorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-darkexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://www.msn.com/en-us/health/other/the-5-carbs-you-should-be-eating-for-insulin-resistance-accorexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.msn.com/en-us/sports/nba/the-really-challenging-ones-were-heavy-and-mechanical-hakeem-olexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.msn.com/en-us/health/other/vacuum-sealing-certain-foods-could-make-you-sick-here-are-7-texplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwmexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://windows.msn.com:443/shellv2?osLocale=en-US&chosenMarketReason=ImplicitNewexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gD5mexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://www.msn.com/en-us/money/technology/new-tandem-solar-cells-break-efficiency-record-they-couldexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://www.msn.com/en-us/tv/news/the-bold-the-beautiful-young-and-the-restless-more-get-premiere-daexplorer.exe, 00000005.00000002.183144624425.0000000008D7C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://www.msn.com/en-us/money/realestate/tour-of-original-1949-frank-lloyd-wright-home-in-michiganexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://stacker.com/lifestyle/truth-behind-5-unconventional-self-care-rituals-have-gone-viral-tiktokexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://www.msn.com/en-us/movies/news/all-37-new-movies-dropping-on-netflix-today/ss-AA1rxnU9explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://www.msn.com/en-us/travel/news/global-entry-vs-tsa-precheck-which-prescreen-will-get-you-throexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://aka.ms/odirmBexplorer.exe, 00000005.00000000.180022424107.0000000008FBA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183145776732.0000000008FBA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://www.msn.com/en-us/news/technology/spacex-set-to-launch-billionaire-s-private-crew-on-breakthexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://www.msn.com/en-us/foodanddrink/foodnews/happy-national-taco-day-here-are-the-best-deals-for-explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://powerpoint.office.comexplorer.exe, 00000005.00000002.183150949902.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm-darkexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://www.foreca.comexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://outlook.comexplorer.exe, 00000005.00000002.183150949902.000000000CBBB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183153717616.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.180691575617.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180028656269.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBBB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://www.msn.com/en-us/news/us/a-record-breaking-bass-has-been-caught-in-a-texas-lake/ss-AA1qf3tzexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://www.msn.com/en-us/news/politics/6-things-to-watch-for-when-kamala-harris-debates-donald-trumexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://www.msn.com/en-us/news/crime/dick-van-dyke-forever-youexplorer.exe, 00000005.00000002.183144984959.0000000008DDA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180021816351.0000000008DDA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://www.msn.com/en-us/news/crime/tyreek-hill-s-traffic-stop-shows-interactions-with-police-can-bexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://api.msn.com/(explorer.exe, 00000005.00000000.180026117504.000000000CBF0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183150949902.000000000CBF0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://www.delish.com/cooking/best-road-trip-snacks/explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/index/svg/light/greenup.svgexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gFtrexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://api.msn.com/v1/news/Feed/Windows?$explorer.exe, 00000005.00000002.183150949902.000000000CBAD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180026117504.000000000CBAD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlySunnyDay.pngexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://stacker.com/storiesexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gD5m-darkexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://word.office.comA3explorer.exe, 00000005.00000002.183153717616.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.180691575617.000000000D2A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180028656269.000000000D2A7000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://www.msn.com/en-us/weather/topstories/tropical-storm-francine-spaghetti-models-show-3-states-explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://www.msn.com/en-us/foodanddrink/cookingschool/for-the-best-grilled-clams-avoid-this-fatal-misexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://www.delish.com/food-news/net-worth-guy-fieri/explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/index/svg/light/reddown.svgexplorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://www.msn.com/en-us/money/personalfinance/colorado-legally-requires-businesses-to-accept-cash-explorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://www.msn.com/en-us/money/savingandinvesting/it-s-not-taxed-at-all-warren-buffett-shared-the-bexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://www.msn.com/en-us/travel/news/scientists-finally-solve-mystery-behind-bermuda-triangle-disapexplorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-darkexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://www.msn.com/en-us/news/technology/nvidia-hopes-lightning-will-strike-twice-as-it-aims-to-corexplorer.exe, 00000005.00000002.183151981871.000000000D0DE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.180027171198.000000000D0DE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://www.msn.com/en-us/news/world/gaza-authorities-say-deadly-blasts-hit-humanitarian-zone/ar-AA1explorer.exe, 00000005.00000000.180021627347.0000000008D88000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown

                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                          No contacted IP infos

                                                                                                                                                          General Information

                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                          Analysis ID:1523776
                                                                                                                                                          Start date and time:2024-10-02 02:10:20 +02:00
                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                          Overall analysis duration:0h 17m 48s
                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                          Report type:full
                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                          Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                          Run name:Suspected Instruction Hammering
                                                                                                                                                          Number of analysed new started processes analysed:4
                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                          Number of injected processes analysed:2
                                                                                                                                                          Technologies:
                                                                                                                                                          • HCA enabled
                                                                                                                                                          • EGA enabled
                                                                                                                                                          • AMSI enabled
                                                                                                                                                          Analysis Mode:default
                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                          Sample name:ORIGINAL INVOICE COAU7230734293.exe
                                                                                                                                                          Detection:MAL
                                                                                                                                                          Classification:mal100.troj.evad.winEXE@5/1@0/0
                                                                                                                                                          EGA Information:
                                                                                                                                                          • Successful, ratio: 75%
                                                                                                                                                          HCA Information:
                                                                                                                                                          • Successful, ratio: 97%
                                                                                                                                                          • Number of executed functions: 73
                                                                                                                                                          • Number of non-executed functions: 253
                                                                                                                                                          Cookbook Comments:
                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                          Warnings

                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                          • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                          Simulations

                                                                                                                                                          Behavior and APIs

                                                                                                                                                          TimeTypeDescription
                                                                                                                                                          20:13:54API Interceptor11509271x Sleep call for process: RpcPing.exe modified
                                                                                                                                                          20:18:33API Interceptor192x Sleep call for process: explorer.exe modified

                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                          IPs

                                                                                                                                                          No context

                                                                                                                                                          Domains

                                                                                                                                                          No context

                                                                                                                                                          ASNs

                                                                                                                                                          No context

                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                          No context

                                                                                                                                                          Dropped Files

                                                                                                                                                          No context

                                                                                                                                                          Created / dropped Files

                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORIGINAL INVOICE COAU7230734293.exe.log

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe
                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1216
                                                                                                                                                          Entropy (8bit):5.354384827676232
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24:MLUE4K5E4K1Bs1qE4qXKDE4KhKMaKhPKIE4oKnKoZAE4KzD1E4x84j:MIHK5HK1Bs1qHiYHKh6oPtHoAhAHKzhp
                                                                                                                                                          MD5:511475387A5161D4052316C38F7FF282
                                                                                                                                                          SHA1:2CE71F7A372D6965DD42B71EEC5E8F81D43343B3
                                                                                                                                                          SHA-256:AD084A10414740C5054EDBCF76007E75F9E7456D3C7C5DA8865F0ECD491A6E61
                                                                                                                                                          SHA-512:E60E0218C46DF20260D81B7A1FBD69BF019C54E36A8ACDB74ADAB91A90BD8960ECC8E16F3872851119DA05E72787433DD3C54E099F9E6526342E05C38D5364C7
                                                                                                                                                          Malicious:true
                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b863adc9d550931e279ac7e2ee517d1f\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10879c5bddb2dd2399e2098d

                                                                                                                                                          Static File Info

                                                                                                                                                          General

                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Entropy (8bit):7.696500442057931
                                                                                                                                                          TrID:
                                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                          File name:ORIGINAL INVOICE COAU7230734293.exe
                                                                                                                                                          File size:831'488 bytes
                                                                                                                                                          MD5:f6c2a4c4d05e7b76e17a5a7a191ddeb1
                                                                                                                                                          SHA1:0d93776c5acfa7bb9a2ed5bc3ca46e0a525fa6bd
                                                                                                                                                          SHA256:ece8d193afdcc6ec2c024e2441f7c0ce25801143573cacf71cf059de9a337275
                                                                                                                                                          SHA512:4cbef24da9a5eba79c703a8cd56eb5eecd8bc991e069ed6cbf3ad7c592d672ead393a5d4b17ace2a99289ad4e00f3b94a0e534e7d857a26909c158a7f45fbc0a
                                                                                                                                                          SSDEEP:12288:y1ZF8KZ3TwTg2gICk97UnmB218KAObF1idB8G5rmzZ89sFYSopnLsDloQLXoW:yyvnjUn78rOBe8rz+yMsDxLY
                                                                                                                                                          TLSH:C505D0C03B69B719DE794A349479DDB492B42D287010FAEB5ED93B877A6D3009E0CF42
                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)M................0.................. ........@.. ....................... ............@................................

                                                                                                                                                          File Icon

                                                                                                                                                          Icon Hash:90cececece8e8eb0

                                                                                                                                                          Static PE Info

                                                                                                                                                          General

                                                                                                                                                          Entrypoint:0x4cc31e
                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                          Digitally signed:false
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                          Time Stamp:0xE3D84D29 [Sun Feb 18 02:19:21 2091 UTC]
                                                                                                                                                          TLS Callbacks:
                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                          OS Version Major:4
                                                                                                                                                          OS Version Minor:0
                                                                                                                                                          File Version Major:4
                                                                                                                                                          File Version Minor:0
                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                          Entrypoint Preview

                                                                                                                                                          Instruction
                                                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                          Data Directories

                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xcc2cb0x4f.text
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xce0000x62c.rsrc
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xd00000xc.reloc
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xc83d80x70.text
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                          Sections

                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                          .text0x20000xca3240xca400b270f1cbb62471115903d19574698064False0.8667094792954264data7.704474646443921IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                          .rsrc0xce0000x62c0x80069c14c6dc50891499a9f90e2ab27e2c6False0.33837890625data3.478934283182731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                          .reloc0xd00000xc0x200bac83a209f21ea361730809897c7356eFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                          Resources

                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                          RT_VERSION0xce0900x39cdata0.41883116883116883
                                                                                                                                                          RT_MANIFEST0xce43c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                          Imports

                                                                                                                                                          DLLImport
                                                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                                                          Network Behavior

                                                                                                                                                          No network behavior found

                                                                                                                                                          Statistics

                                                                                                                                                          CPU Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          Memory Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                          Behavior

                                                                                                                                                          Click to jump to process

                                                                                                                                                          System Behavior

                                                                                                                                                          General

                                                                                                                                                          Target ID:0
                                                                                                                                                          Start time:20:12:29
                                                                                                                                                          Start date:01/10/2024
                                                                                                                                                          Path:C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:"C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe"
                                                                                                                                                          Imagebase:0x6d0000
                                                                                                                                                          File size:831'488 bytes
                                                                                                                                                          MD5 hash:F6C2A4C4D05E7B76E17A5A7A191DDEB1
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:2
                                                                                                                                                          Start time:20:12:41
                                                                                                                                                          Start date:01/10/2024
                                                                                                                                                          Path:C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:"C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734293.exe"
                                                                                                                                                          Imagebase:0xaf0000
                                                                                                                                                          File size:831'488 bytes
                                                                                                                                                          MD5 hash:F6C2A4C4D05E7B76E17A5A7A191DDEB1
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.178539531336.00000000011B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.178539531336.00000000011B0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:3
                                                                                                                                                          Start time:20:13:11
                                                                                                                                                          Start date:01/10/2024
                                                                                                                                                          Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                          File size:16'696'840 bytes
                                                                                                                                                          MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:moderate
                                                                                                                                                          Has exited:false

                                                                                                                                                          General

                                                                                                                                                          Target ID:4
                                                                                                                                                          Start time:20:13:11
                                                                                                                                                          Start date:01/10/2024
                                                                                                                                                          Path:C:\Windows\SysWOW64\RpcPing.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:"C:\Windows\SysWOW64\RpcPing.exe"
                                                                                                                                                          Imagebase:0xbe0000
                                                                                                                                                          File size:26'624 bytes
                                                                                                                                                          MD5 hash:F7DD5764D96A988F0CF9DD4813751473
                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.180095014351.0000000003140000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.180095014351.0000000003140000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.180094934887.00000000030F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.180094934887.00000000030F0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:5
                                                                                                                                                          Start time:20:15:45
                                                                                                                                                          Start date:01/10/2024
                                                                                                                                                          Path:C:\Windows\explorer.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                          Imagebase:0x7ff79d2d0000
                                                                                                                                                          File size:4'849'904 bytes
                                                                                                                                                          MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:false

                                                                                                                                                          Disassembly

                                                                                                                                                          Reset < >

                                                                                                                                                            Execution Graph

                                                                                                                                                            Execution Coverage:10.4%
                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                            Signature Coverage:3.4%
                                                                                                                                                            Total number of Nodes:349
                                                                                                                                                            Total number of Limit Nodes:17
                                                                                                                                                            execution_graph 38388 52c7108 38389 52c7135 38388->38389 38406 52c6e8c 38389->38406 38391 52c7188 38392 52c6e8c 2 API calls 38391->38392 38393 52c71ba 38392->38393 38412 52c6eac 38393->38412 38395 52c7282 38396 52c6eac 2 API calls 38395->38396 38397 52c7318 38396->38397 38398 52c6e8c 2 API calls 38397->38398 38399 52c734a 38398->38399 38400 52c6e8c 2 API calls 38399->38400 38401 52c737c 38400->38401 38402 52c6e8c 2 API calls 38401->38402 38403 52c73ae 38402->38403 38404 52c6e8c 2 API calls 38403->38404 38405 52c73e0 38404->38405 38407 52c6e97 38406->38407 38408 52c92b3 38407->38408 38410 2ae613c 2 API calls 38407->38410 38416 2ae87ff 38407->38416 38424 2ae8852 38407->38424 38408->38391 38410->38408 38413 52c6eb7 38412->38413 38432 52c70d0 38413->38432 38415 52ca75f 38415->38395 38417 2ae8806 38416->38417 38418 2ae857c FindWindowW 38417->38418 38419 2ae8928 38418->38419 38421 2ae8b13 38419->38421 38422 2aeb280 GetModuleHandleW 38419->38422 38420 2ae8b51 38420->38408 38421->38420 38423 2aed361 2 API calls 38421->38423 38422->38421 38423->38420 38425 2ae8860 38424->38425 38426 2ae857c FindWindowW 38425->38426 38427 2ae8928 38426->38427 38429 2ae8b13 38427->38429 38430 2aeb280 GetModuleHandleW 38427->38430 38428 2ae8b51 38428->38408 38429->38428 38431 2aed361 2 API calls 38429->38431 38430->38429 38431->38428 38433 52c70db 38432->38433 38434 2ae87ff 2 API calls 38433->38434 38435 2ae613c 2 API calls 38433->38435 38436 2ae8852 2 API calls 38433->38436 38437 52ca792 38433->38437 38434->38437 38435->38437 38436->38437 38437->38415 38367 2aed638 38368 2aed67e GetCurrentProcess 38367->38368 38370 2aed6c9 38368->38370 38371 2aed6d0 GetCurrentThread 38368->38371 38370->38371 38372 2aed70d GetCurrentProcess 38371->38372 38373 2aed706 38371->38373 38374 2aed743 38372->38374 38373->38372 38375 2aed76b GetCurrentThreadId 38374->38375 38376 2aed79c 38375->38376 38377 6e7d7b1 38378 6e7d77b 38377->38378 38381 6e7d7ba 38377->38381 38379 6e7d766 38381->38379 38382 6e79cd8 38381->38382 38383 6e7da40 PostMessageW 38382->38383 38384 6e7daac 38383->38384 38384->38381 38385 6e7edb0 38386 6e7edb6 CloseHandle 38385->38386 38387 6e7ee17 38386->38387 38438 6e7bc8e 38443 6e7c579 38438->38443 38461 6e7c518 38438->38461 38478 6e7c528 38438->38478 38439 6e7bcb1 38439->38439 38444 6e7c536 38443->38444 38446 6e7c582 38443->38446 38445 6e7c54a 38444->38445 38495 6e7d2e5 38444->38495 38502 6e7cf79 38444->38502 38507 6e7d0dc 38444->38507 38512 6e7ccfc 38444->38512 38519 6e7cdff 38444->38519 38524 6e7cd30 38444->38524 38533 6e7c875 38444->38533 38540 6e7d0f6 38444->38540 38545 6e7d04b 38444->38545 38550 6e7cecc 38444->38550 38554 6e7cb6c 38444->38554 38561 6e7cae1 38444->38561 38565 6e7d1e2 38444->38565 38570 6e7ca82 38444->38570 38445->38439 38462 6e7c536 38461->38462 38463 6e7c54a 38462->38463 38464 6e7d2e5 4 API calls 38462->38464 38465 6e7ca82 4 API calls 38462->38465 38466 6e7d1e2 2 API calls 38462->38466 38467 6e7cae1 2 API calls 38462->38467 38468 6e7cb6c 4 API calls 38462->38468 38469 6e7cecc 2 API calls 38462->38469 38470 6e7d04b 2 API calls 38462->38470 38471 6e7d0f6 2 API calls 38462->38471 38472 6e7c875 4 API calls 38462->38472 38473 6e7cd30 6 API calls 38462->38473 38474 6e7cdff 2 API calls 38462->38474 38475 6e7ccfc 4 API calls 38462->38475 38476 6e7d0dc 2 API calls 38462->38476 38477 6e7cf79 2 API calls 38462->38477 38463->38439 38464->38463 38465->38463 38466->38463 38467->38463 38468->38463 38469->38463 38470->38463 38471->38463 38472->38463 38473->38463 38474->38463 38475->38463 38476->38463 38477->38463 38479 6e7c536 38478->38479 38480 6e7c54a 38479->38480 38481 6e7d2e5 4 API calls 38479->38481 38482 6e7ca82 4 API calls 38479->38482 38483 6e7d1e2 2 API calls 38479->38483 38484 6e7cae1 2 API calls 38479->38484 38485 6e7cb6c 4 API calls 38479->38485 38486 6e7cecc 2 API calls 38479->38486 38487 6e7d04b 2 API calls 38479->38487 38488 6e7d0f6 2 API calls 38479->38488 38489 6e7c875 4 API calls 38479->38489 38490 6e7cd30 6 API calls 38479->38490 38491 6e7cdff 2 API calls 38479->38491 38492 6e7ccfc 4 API calls 38479->38492 38493 6e7d0dc 2 API calls 38479->38493 38494 6e7cf79 2 API calls 38479->38494 38480->38439 38481->38480 38482->38480 38483->38480 38484->38480 38485->38480 38486->38480 38487->38480 38488->38480 38489->38480 38490->38480 38491->38480 38492->38480 38493->38480 38494->38480 38497 6e7c925 38495->38497 38496 6e7cec6 38496->38445 38497->38496 38577 6e7b6ec 38497->38577 38582 6e7b6f8 38497->38582 38586 6e7b3b0 38497->38586 38590 6e7b3a8 38497->38590 38503 6e7d236 38502->38503 38594 6e7d727 38503->38594 38599 6e7d738 38503->38599 38504 6e7d24f 38508 6e7ce06 38507->38508 38509 6e7cacc 38508->38509 38613 6e7b470 38508->38613 38617 6e7b468 38508->38617 38515 6e7b3b0 VirtualAllocEx 38512->38515 38516 6e7b3a8 VirtualAllocEx 38512->38516 38513 6e7c925 38513->38512 38514 6e7cec6 38513->38514 38517 6e7b6ec CreateProcessA 38513->38517 38518 6e7b6f8 CreateProcessA 38513->38518 38514->38445 38515->38513 38516->38513 38517->38513 38518->38513 38520 6e7ce05 38519->38520 38522 6e7b470 WriteProcessMemory 38520->38522 38523 6e7b468 WriteProcessMemory 38520->38523 38521 6e7cacc 38522->38521 38523->38521 38529 6e7b2d2 Wow64SetThreadContext 38524->38529 38530 6e7b2d8 Wow64SetThreadContext 38524->38530 38525 6e7c925 38526 6e7cec6 38525->38526 38527 6e7b6ec CreateProcessA 38525->38527 38528 6e7b6f8 CreateProcessA 38525->38528 38531 6e7b3b0 VirtualAllocEx 38525->38531 38532 6e7b3a8 VirtualAllocEx 38525->38532 38526->38445 38527->38525 38528->38525 38529->38525 38530->38525 38531->38525 38532->38525 38535 6e7c8ab 38533->38535 38534 6e7cec6 38534->38445 38535->38534 38536 6e7b6ec CreateProcessA 38535->38536 38537 6e7b6f8 CreateProcessA 38535->38537 38538 6e7b3b0 VirtualAllocEx 38535->38538 38539 6e7b3a8 VirtualAllocEx 38535->38539 38536->38535 38537->38535 38538->38535 38539->38535 38541 6e7d062 38540->38541 38542 6e7cd69 38540->38542 38621 6e7b228 38541->38621 38625 6e7b222 38541->38625 38546 6e7d051 38545->38546 38548 6e7b222 ResumeThread 38546->38548 38549 6e7b228 ResumeThread 38546->38549 38547 6e7cd69 38548->38547 38549->38547 38552 6e7b470 WriteProcessMemory 38550->38552 38553 6e7b468 WriteProcessMemory 38550->38553 38551 6e7cef0 38552->38551 38553->38551 38556 6e7c925 38554->38556 38555 6e7cec6 38555->38445 38556->38555 38557 6e7b6ec CreateProcessA 38556->38557 38558 6e7b6f8 CreateProcessA 38556->38558 38559 6e7b3b0 VirtualAllocEx 38556->38559 38560 6e7b3a8 VirtualAllocEx 38556->38560 38557->38556 38558->38556 38559->38556 38560->38556 38563 6e7b470 WriteProcessMemory 38561->38563 38564 6e7b468 WriteProcessMemory 38561->38564 38562 6e7cb0f 38562->38445 38563->38562 38564->38562 38566 6e7d0cb 38565->38566 38566->38565 38567 6e7d327 38566->38567 38629 6e7b560 38566->38629 38633 6e7b55a 38566->38633 38572 6e7c925 38570->38572 38571 6e7cec6 38571->38445 38572->38571 38573 6e7b6ec CreateProcessA 38572->38573 38574 6e7b6f8 CreateProcessA 38572->38574 38575 6e7b3b0 VirtualAllocEx 38572->38575 38576 6e7b3a8 VirtualAllocEx 38572->38576 38573->38572 38574->38572 38575->38572 38576->38572 38578 6e7b69d 38577->38578 38579 6e7b6f2 CreateProcessA 38577->38579 38578->38497 38581 6e7b943 38579->38581 38583 6e7b6fe CreateProcessA 38582->38583 38585 6e7b943 38583->38585 38587 6e7b3b6 VirtualAllocEx 38586->38587 38589 6e7b42d 38587->38589 38589->38497 38591 6e7b3b6 VirtualAllocEx 38590->38591 38593 6e7b42d 38591->38593 38593->38497 38595 6e7d738 38594->38595 38604 6e7b2d2 38595->38604 38609 6e7b2d8 38595->38609 38596 6e7d763 38596->38504 38600 6e7d74d 38599->38600 38602 6e7b2d2 Wow64SetThreadContext 38600->38602 38603 6e7b2d8 Wow64SetThreadContext 38600->38603 38601 6e7d763 38601->38504 38602->38601 38603->38601 38605 6e7b28b 38604->38605 38606 6e7b2d6 Wow64SetThreadContext 38604->38606 38605->38596 38608 6e7b365 38606->38608 38608->38596 38610 6e7b2de Wow64SetThreadContext 38609->38610 38612 6e7b365 38610->38612 38612->38596 38614 6e7b476 WriteProcessMemory 38613->38614 38616 6e7b50f 38614->38616 38616->38509 38618 6e7b476 WriteProcessMemory 38617->38618 38620 6e7b50f 38618->38620 38620->38509 38622 6e7b22e ResumeThread 38621->38622 38624 6e7b299 38622->38624 38624->38542 38626 6e7b22e ResumeThread 38625->38626 38628 6e7b299 38626->38628 38628->38542 38630 6e7b5ab ReadProcessMemory 38629->38630 38632 6e7b5ef 38630->38632 38632->38566 38634 6e7b5ab ReadProcessMemory 38633->38634 38636 6e7b5ef 38634->38636 38636->38566 38637 52ca740 38638 52ca750 38637->38638 38639 52c70d0 2 API calls 38638->38639 38640 52ca75f 38639->38640 38643 52c1e90 38644 52c1ef8 CreateWindowExW 38643->38644 38646 52c1fb4 38644->38646 38646->38646 38647 2a1d01c 38648 2a1d034 38647->38648 38649 2a1d08e 38648->38649 38654 52c0c6c 38648->38654 38663 52c2da8 38648->38663 38672 52c2048 38648->38672 38676 52c2038 38648->38676 38656 52c0c77 38654->38656 38655 52c2e19 38696 52c0d94 38655->38696 38656->38655 38658 52c2e09 38656->38658 38680 52c300c 38658->38680 38686 52c2f32 38658->38686 38691 52c2f40 38658->38691 38659 52c2e17 38659->38659 38666 52c2de5 38663->38666 38664 52c2e19 38665 52c0d94 CallWindowProcW 38664->38665 38668 52c2e17 38665->38668 38666->38664 38667 52c2e09 38666->38667 38669 52c300c CallWindowProcW 38667->38669 38670 52c2f40 CallWindowProcW 38667->38670 38671 52c2f32 CallWindowProcW 38667->38671 38668->38668 38669->38668 38670->38668 38671->38668 38673 52c206e 38672->38673 38674 52c0c6c CallWindowProcW 38673->38674 38675 52c208f 38674->38675 38675->38649 38677 52c206e 38676->38677 38678 52c0c6c CallWindowProcW 38677->38678 38679 52c208f 38678->38679 38679->38649 38681 52c301a 38680->38681 38682 52c2fca 38680->38682 38700 52c2fe8 38682->38700 38703 52c2ff8 38682->38703 38683 52c2fe0 38683->38659 38688 52c2f54 38686->38688 38687 52c2fe0 38687->38659 38689 52c2fe8 CallWindowProcW 38688->38689 38690 52c2ff8 CallWindowProcW 38688->38690 38689->38687 38690->38687 38693 52c2f54 38691->38693 38692 52c2fe0 38692->38659 38694 52c2fe8 CallWindowProcW 38693->38694 38695 52c2ff8 CallWindowProcW 38693->38695 38694->38692 38695->38692 38697 52c0d9f 38696->38697 38698 52c44fa CallWindowProcW 38697->38698 38699 52c44a9 38697->38699 38698->38699 38699->38659 38701 52c3009 38700->38701 38706 52c443a 38700->38706 38701->38683 38704 52c3009 38703->38704 38705 52c443a CallWindowProcW 38703->38705 38704->38683 38705->38704 38707 52c0d94 CallWindowProcW 38706->38707 38708 52c444a 38707->38708 38708->38701 38275 2ae4960 38276 2ae4972 38275->38276 38279 2ae497e 38276->38279 38281 2ae4a70 38276->38281 38278 2ae499d 38286 2ae44fc 38279->38286 38282 2ae4a95 38281->38282 38290 2ae4b80 38282->38290 38294 2ae4b71 38282->38294 38287 2ae4507 38286->38287 38302 2ae608c 38287->38302 38289 2ae753f 38289->38278 38291 2ae4ba7 38290->38291 38292 2ae4c84 38291->38292 38298 2ae480c 38291->38298 38296 2ae4ba7 38294->38296 38295 2ae4c84 38295->38295 38296->38295 38297 2ae480c CreateActCtxA 38296->38297 38297->38295 38299 2ae5c10 CreateActCtxA 38298->38299 38301 2ae5cd3 38299->38301 38303 2ae6097 38302->38303 38306 2ae60dc 38303->38306 38305 2ae76d5 38305->38289 38307 2ae60e7 38306->38307 38310 2ae610c 38307->38310 38309 2ae77ba 38309->38305 38311 2ae6117 38310->38311 38314 2ae613c 38311->38314 38313 2ae78ad 38313->38309 38315 2ae6147 38314->38315 38322 2ae857c 38315->38322 38317 2ae8928 38319 2ae8b13 38317->38319 38326 2aeb280 38317->38326 38318 2ae8b51 38318->38313 38319->38318 38330 2aed361 38319->38330 38323 2ae8587 38322->38323 38325 2ae9dc9 38323->38325 38335 2ae87c4 38323->38335 38325->38317 38339 2aeb2b8 38326->38339 38342 2aeb2a7 38326->38342 38327 2aeb296 38327->38319 38331 2aed391 38330->38331 38332 2aed3b5 38331->38332 38351 2aed50f 38331->38351 38355 2aed520 38331->38355 38332->38318 38336 2ae9f28 FindWindowW 38335->38336 38338 2ae9fad 38336->38338 38338->38325 38346 2aeb3a1 38339->38346 38340 2aeb2c7 38340->38327 38343 2aeb2b8 38342->38343 38345 2aeb3a1 GetModuleHandleW 38343->38345 38344 2aeb2c7 38344->38327 38345->38344 38347 2aeb3e4 38346->38347 38348 2aeb3c1 38346->38348 38347->38340 38348->38347 38349 2aeb5e8 GetModuleHandleW 38348->38349 38350 2aeb615 38349->38350 38350->38340 38353 2aed52d 38351->38353 38352 2aed567 38352->38332 38353->38352 38359 2aece58 38353->38359 38357 2aed52d 38355->38357 38356 2aed567 38356->38332 38357->38356 38358 2aece58 2 API calls 38357->38358 38358->38356 38360 2aece63 38359->38360 38362 2aede78 38360->38362 38363 2aecf84 38360->38363 38362->38362 38364 2aecf8f 38363->38364 38365 2ae613c 2 API calls 38364->38365 38366 2aedee7 38365->38366 38366->38362 38641 2aed880 DuplicateHandle 38642 2aed916 38641->38642

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 06E71AA8 Relevance: .3, Instructions: 313COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c19c79b55312007b2e0d3175737688667a21262504c240f589fc1ed39146b593
                                                                                                                                                            • Instruction ID: 20784a6224154f558a28ed042e472f31b164dfe62fa7bc2a87d275a50c910364
                                                                                                                                                            • Opcode Fuzzy Hash: c19c79b55312007b2e0d3175737688667a21262504c240f589fc1ed39146b593
                                                                                                                                                            • Instruction Fuzzy Hash: 5CD1D370E05319DF9B58CFA6D9805DEFBF2FF88300B18A52AD415AB228E7349942CF54
                                                                                                                                                            Function 06E71A98 Relevance: .3, Instructions: 311COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a2c3805cea4aec6ca1ecb6891b055eb9c0ab13a666e24572865bf462b34c4824
                                                                                                                                                            • Instruction ID: 119c80ddec998b45b34ff737e3ffb9a23b68a5b7de14794da64e67663c9d703c
                                                                                                                                                            • Opcode Fuzzy Hash: a2c3805cea4aec6ca1ecb6891b055eb9c0ab13a666e24572865bf462b34c4824
                                                                                                                                                            • Instruction Fuzzy Hash: C2D1D474E05319DF9B48CFA6D9805DEFBF2FF88300B18A52AD415AB228E7349942CF54
                                                                                                                                                            Function 06E70D10 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5011cb99b9c20a2f5bd348b3e89e0a8b7294ed4f6d9ab462be7ad5940cfb2a2e
                                                                                                                                                            • Instruction ID: 1bbe0089328b2265dc6e771c4db7fd822ac053940adadf1e2d94ddeb79594d7f
                                                                                                                                                            • Opcode Fuzzy Hash: 5011cb99b9c20a2f5bd348b3e89e0a8b7294ed4f6d9ab462be7ad5940cfb2a2e
                                                                                                                                                            • Instruction Fuzzy Hash: 3C71F6B1E05309DFDB48CFA6D4849DEFBB2EF89310F10942AE505AB268D7349942CF44
                                                                                                                                                            Function 06E70D20 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d46093cb90f4ddec89a4dd947db04ed3a11be06d37d80597be75d4cb672894d7
                                                                                                                                                            • Instruction ID: 7e85550e62e2cfb14c28f43104cc45d6371eafb29f83e3bded77928a8bc66ba4
                                                                                                                                                            • Opcode Fuzzy Hash: d46093cb90f4ddec89a4dd947db04ed3a11be06d37d80597be75d4cb672894d7
                                                                                                                                                            • Instruction Fuzzy Hash: 6271C4B4D05309DFDB48CFA6D5845DEFBB2EF89310F20942AE515AB268D7349942CF84
                                                                                                                                                            Function 06E7C875 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 08add1c4f6c17ae21d95922d03a6577f07472fed446d505b446900a7301a7f35
                                                                                                                                                            • Instruction ID: d0a04f2fa1dbc462f72481584f411a5157f6627a03d0cf06207979b676e43733
                                                                                                                                                            • Opcode Fuzzy Hash: 08add1c4f6c17ae21d95922d03a6577f07472fed446d505b446900a7301a7f35
                                                                                                                                                            • Instruction Fuzzy Hash: 78711871D05329CFEBA4CF66CC447E9B7FABF89304F14A1AAD509A6250EB705A85CF40
                                                                                                                                                            Function 06E75899 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5b1e6f5c43e785778cf54e2ead28f99ff7ca8bc17cc9bda7784c8f3c6c8c9634
                                                                                                                                                            • Instruction ID: 9b5e7f470c7517ef87567a01ccbd4047c3cb37bb00c52d73704870dced7c5559
                                                                                                                                                            • Opcode Fuzzy Hash: 5b1e6f5c43e785778cf54e2ead28f99ff7ca8bc17cc9bda7784c8f3c6c8c9634
                                                                                                                                                            • Instruction Fuzzy Hash: 384107B0D057188BEB58CF9BC8447EEBBF6AFC9314F14E06AD509A6254DB3409468F90
                                                                                                                                                            Function 06E7D04B Relevance: .1, Instructions: 53COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c2b96cfc2c5688cf400f77414ca731847bb458dbb71da5f5a0e1aabed629400a
                                                                                                                                                            • Instruction ID: fdbb025ee801d8c28408727ecf33c5c8341cb723ca4cbfcf44a0339c57ad1b66
                                                                                                                                                            • Opcode Fuzzy Hash: c2b96cfc2c5688cf400f77414ca731847bb458dbb71da5f5a0e1aabed629400a
                                                                                                                                                            • Instruction Fuzzy Hash: 4411E938809358CFDBA4DF64E8487E8BBB9AF49315F10A599D50EA2261DB309AC5CF40
                                                                                                                                                            Function 02AED628 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 02AED6B6
                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02AED6F3
                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 02AED730
                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02AED789
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2063062207-0
                                                                                                                                                            • Opcode ID: 8098d734e032e61b820bdc271e758b8eec20abc7028991a4ad30c5988ef274c7
                                                                                                                                                            • Instruction ID: 0549e719d5b49a262c5fd46c7ffae13f698a41b450ee82366c4a4d7331c28a52
                                                                                                                                                            • Opcode Fuzzy Hash: 8098d734e032e61b820bdc271e758b8eec20abc7028991a4ad30c5988ef274c7
                                                                                                                                                            • Instruction Fuzzy Hash: 6E5157B0900649CFDB04DFA9D588B9EBBF1EF48304F24849AD05AA73A0DB746945CF65
                                                                                                                                                            Function 02AED638 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 02AED6B6
                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02AED6F3
                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 02AED730
                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02AED789
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2063062207-0
                                                                                                                                                            • Opcode ID: 779bdacacc0b37d31e5343b63720a5d32aa91f3f2beae7b435b1750fd5cbe14e
                                                                                                                                                            • Instruction ID: 0bd214c937a07699599faa5c8cb48be3fac92499fe551cb9552c72bda07162b5
                                                                                                                                                            • Opcode Fuzzy Hash: 779bdacacc0b37d31e5343b63720a5d32aa91f3f2beae7b435b1750fd5cbe14e
                                                                                                                                                            • Instruction Fuzzy Hash: C35158B0900609CFDF14DFAAD588B9EBBF5FB48304F208459E01AA7360CB746945CF65
                                                                                                                                                            Function 06E7B6EC Relevance: 1.8, APIs: 1, Instructions: 272processCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 455 6e7b6ec-6e7b6f0 456 6e7b6f2-6e7b78d 455->456 457 6e7b69d-6e7b6b2 455->457 463 6e7b7c6-6e7b7e6 456->463 464 6e7b78f-6e7b799 456->464 461 6e7b6b4-6e7b6ba 457->461 462 6e7b6bb-6e7b6e0 457->462 461->462 473 6e7b81f-6e7b84e 463->473 474 6e7b7e8-6e7b7f2 463->474 464->463 465 6e7b79b-6e7b79d 464->465 468 6e7b7c0-6e7b7c3 465->468 469 6e7b79f-6e7b7a9 465->469 468->463 471 6e7b7ad-6e7b7bc 469->471 472 6e7b7ab 469->472 471->471 476 6e7b7be 471->476 472->471 481 6e7b887-6e7b941 CreateProcessA 473->481 482 6e7b850-6e7b85a 473->482 474->473 477 6e7b7f4-6e7b7f6 474->477 476->468 479 6e7b819-6e7b81c 477->479 480 6e7b7f8-6e7b802 477->480 479->473 483 6e7b806-6e7b815 480->483 484 6e7b804 480->484 495 6e7b943-6e7b949 481->495 496 6e7b94a-6e7b9d0 481->496 482->481 486 6e7b85c-6e7b85e 482->486 483->483 485 6e7b817 483->485 484->483 485->479 487 6e7b881-6e7b884 486->487 488 6e7b860-6e7b86a 486->488 487->481 490 6e7b86e-6e7b87d 488->490 491 6e7b86c 488->491 490->490 493 6e7b87f 490->493 491->490 493->487 495->496 506 6e7b9d2-6e7b9d6 496->506 507 6e7b9e0-6e7b9e4 496->507 506->507 508 6e7b9d8 506->508 509 6e7b9e6-6e7b9ea 507->509 510 6e7b9f4-6e7b9f8 507->510 508->507 509->510 511 6e7b9ec 509->511 512 6e7b9fa-6e7b9fe 510->512 513 6e7ba08-6e7ba0c 510->513 511->510 512->513 516 6e7ba00 512->516 514 6e7ba1e-6e7ba25 513->514 515 6e7ba0e-6e7ba14 513->515 517 6e7ba27-6e7ba36 514->517 518 6e7ba3c 514->518 515->514 516->513 517->518 520 6e7ba3d 518->520 520->520
                                                                                                                                                            APIs
                                                                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06E7B92E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                            • Opcode ID: 9a5744c48fefcf22b54723180aea7e87674fb4d39f08ca7952cc15b4866acd9c
                                                                                                                                                            • Instruction ID: 3e52a7654725c516a33936cd284c5edae50308d7ad460164156476a6f4354e4a
                                                                                                                                                            • Opcode Fuzzy Hash: 9a5744c48fefcf22b54723180aea7e87674fb4d39f08ca7952cc15b4866acd9c
                                                                                                                                                            • Instruction Fuzzy Hash: DBA16C71D00319CFEB50DFA9C8817EEBBB2BF48314F148569E859A7280DB749985CF91
                                                                                                                                                            Function 06E7B6F8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 521 6e7b6f8-6e7b78d 524 6e7b7c6-6e7b7e6 521->524 525 6e7b78f-6e7b799 521->525 532 6e7b81f-6e7b84e 524->532 533 6e7b7e8-6e7b7f2 524->533 525->524 526 6e7b79b-6e7b79d 525->526 527 6e7b7c0-6e7b7c3 526->527 528 6e7b79f-6e7b7a9 526->528 527->524 530 6e7b7ad-6e7b7bc 528->530 531 6e7b7ab 528->531 530->530 534 6e7b7be 530->534 531->530 539 6e7b887-6e7b941 CreateProcessA 532->539 540 6e7b850-6e7b85a 532->540 533->532 535 6e7b7f4-6e7b7f6 533->535 534->527 537 6e7b819-6e7b81c 535->537 538 6e7b7f8-6e7b802 535->538 537->532 541 6e7b806-6e7b815 538->541 542 6e7b804 538->542 553 6e7b943-6e7b949 539->553 554 6e7b94a-6e7b9d0 539->554 540->539 544 6e7b85c-6e7b85e 540->544 541->541 543 6e7b817 541->543 542->541 543->537 545 6e7b881-6e7b884 544->545 546 6e7b860-6e7b86a 544->546 545->539 548 6e7b86e-6e7b87d 546->548 549 6e7b86c 546->549 548->548 551 6e7b87f 548->551 549->548 551->545 553->554 564 6e7b9d2-6e7b9d6 554->564 565 6e7b9e0-6e7b9e4 554->565 564->565 566 6e7b9d8 564->566 567 6e7b9e6-6e7b9ea 565->567 568 6e7b9f4-6e7b9f8 565->568 566->565 567->568 569 6e7b9ec 567->569 570 6e7b9fa-6e7b9fe 568->570 571 6e7ba08-6e7ba0c 568->571 569->568 570->571 574 6e7ba00 570->574 572 6e7ba1e-6e7ba25 571->572 573 6e7ba0e-6e7ba14 571->573 575 6e7ba27-6e7ba36 572->575 576 6e7ba3c 572->576 573->572 574->571 575->576 578 6e7ba3d 576->578 578->578
                                                                                                                                                            APIs
                                                                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06E7B92E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                            • Opcode ID: 3339cd55ac2b83be1781373087a3fe2601d9da2452845fb0696c9b931aed1ded
                                                                                                                                                            • Instruction ID: 230392c9d11cfa89eaa3ce689b2583d90224fbc7752cd34c4adc7df3de45b530
                                                                                                                                                            • Opcode Fuzzy Hash: 3339cd55ac2b83be1781373087a3fe2601d9da2452845fb0696c9b931aed1ded
                                                                                                                                                            • Instruction Fuzzy Hash: 25916C71D003198FEB50DFA8C881BEEBBB2BF44314F148569E859A7280DB749985CF91
                                                                                                                                                            Function 02AEB3A1 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 579 2aeb3a1-2aeb3bf 580 2aeb3eb-2aeb3ef 579->580 581 2aeb3c1-2aeb3ce call 2ae8840 579->581 582 2aeb403-2aeb444 580->582 583 2aeb3f1-2aeb3fb 580->583 588 2aeb3e4 581->588 589 2aeb3d0 581->589 590 2aeb446-2aeb44e 582->590 591 2aeb451-2aeb45f 582->591 583->582 588->580 634 2aeb3d6 call 2aeb638 589->634 635 2aeb3d6 call 2aeb648 589->635 590->591 593 2aeb483-2aeb485 591->593 594 2aeb461-2aeb466 591->594 592 2aeb3dc-2aeb3de 592->588 595 2aeb520-2aeb5e0 592->595 596 2aeb488-2aeb48f 593->596 597 2aeb468-2aeb46f call 2aead94 594->597 598 2aeb471 594->598 629 2aeb5e8-2aeb613 GetModuleHandleW 595->629 630 2aeb5e2-2aeb5e5 595->630 600 2aeb49c-2aeb4a3 596->600 601 2aeb491-2aeb499 596->601 599 2aeb473-2aeb481 597->599 598->599 599->596 604 2aeb4a5-2aeb4ad 600->604 605 2aeb4b0-2aeb4b9 call 2aeada4 600->605 601->600 604->605 610 2aeb4bb-2aeb4c3 605->610 611 2aeb4c6-2aeb4cb 605->611 610->611 612 2aeb4cd-2aeb4d4 611->612 613 2aeb4e9-2aeb4ed 611->613 612->613 615 2aeb4d6-2aeb4e6 call 2aeadb4 call 2aeadc4 612->615 617 2aeb4f3-2aeb4f6 613->617 615->613 620 2aeb4f8-2aeb516 617->620 621 2aeb519-2aeb51f 617->621 620->621 631 2aeb61c-2aeb630 629->631 632 2aeb615-2aeb61b 629->632 630->629 632->631 634->592 635->592
                                                                                                                                                            APIs
                                                                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 02AEB606
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                                            • Opcode ID: d780655fa1f147247ffdb280383366c2fe613420bbf5de6f43f8741c450088d3
                                                                                                                                                            • Instruction ID: 27cda3e06247cb74e8bf8726606d8b26b35642d8cd86c62486a3a5651c301544
                                                                                                                                                            • Opcode Fuzzy Hash: d780655fa1f147247ffdb280383366c2fe613420bbf5de6f43f8741c450088d3
                                                                                                                                                            • Instruction Fuzzy Hash: 018115B0A00B058FDB25DF29D59475ABBF1BF88308F04892ED496D7B50DB75E806CBA0
                                                                                                                                                            Function 052C1E84 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 636 52c1e84-52c1ef6 637 52c1ef8-52c1efe 636->637 638 52c1f01-52c1f08 636->638 637->638 639 52c1f0a-52c1f10 638->639 640 52c1f13-52c1f4b 638->640 639->640 641 52c1f53-52c1fb2 CreateWindowExW 640->641 642 52c1fbb-52c1ff3 641->642 643 52c1fb4-52c1fba 641->643 647 52c1ff5-52c1ff8 642->647 648 52c2000 642->648 643->642 647->648 649 52c2001 648->649 649->649
                                                                                                                                                            APIs
                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 052C1FA2
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185050349.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_52c0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateWindow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                                            • Opcode ID: 5a6a86fe699dda21f8ba181baac22198146730aad36e41b27c3dd283201ae8c3
                                                                                                                                                            • Instruction ID: 3c806bb00f58f9eead25220c0174dc98ea000c2b98473e4321e6c73389e4c901
                                                                                                                                                            • Opcode Fuzzy Hash: 5a6a86fe699dda21f8ba181baac22198146730aad36e41b27c3dd283201ae8c3
                                                                                                                                                            • Instruction Fuzzy Hash: F051EFB1D10319DFDB14CF99C885ADEBFB1BF48310F24826AE819AB251D774A845CF90
                                                                                                                                                            Function 052C1E90 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 650 52c1e90-52c1ef6 651 52c1ef8-52c1efe 650->651 652 52c1f01-52c1f08 650->652 651->652 653 52c1f0a-52c1f10 652->653 654 52c1f13-52c1fb2 CreateWindowExW 652->654 653->654 656 52c1fbb-52c1ff3 654->656 657 52c1fb4-52c1fba 654->657 661 52c1ff5-52c1ff8 656->661 662 52c2000 656->662 657->656 661->662 663 52c2001 662->663 663->663
                                                                                                                                                            APIs
                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 052C1FA2
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185050349.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_52c0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateWindow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                                            • Opcode ID: a3fbfdac556718e59c01f72eab2fc28b18ef080a50ba0a66e969ebe94ecd4e1b
                                                                                                                                                            • Instruction ID: f2d9ae63a57520eac164bfcf7797ec64e374e3b7bee79a055ff8edafe1e83288
                                                                                                                                                            • Opcode Fuzzy Hash: a3fbfdac556718e59c01f72eab2fc28b18ef080a50ba0a66e969ebe94ecd4e1b
                                                                                                                                                            • Instruction Fuzzy Hash: 4441D0B1C103499FDB14CF99C884ADEBFB5BF48310F24822AE819AB211D771A845CF90
                                                                                                                                                            Function 052C0D94 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 664 52c0d94-52c449c 667 52c454c-52c456c call 52c0c6c 664->667 668 52c44a2-52c44a7 664->668 676 52c456f-52c457c 667->676 669 52c44a9-52c44e0 668->669 670 52c44fa-52c4532 CallWindowProcW 668->670 677 52c44e9-52c44f8 669->677 678 52c44e2-52c44e8 669->678 673 52c453b-52c454a 670->673 674 52c4534-52c453a 670->674 673->676 674->673 677->676 678->677
                                                                                                                                                            APIs
                                                                                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 052C4521
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185050349.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_52c0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CallProcWindow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2714655100-0
                                                                                                                                                            • Opcode ID: d02cd743d2dbe1084625a9014cfee8a6d521bda8b6e6349f02236c0066123f52
                                                                                                                                                            • Instruction ID: e97bc45ac0fa90ebe05dad89c0bcc261b2ffdef39179f632a7b981c850449b22
                                                                                                                                                            • Opcode Fuzzy Hash: d02cd743d2dbe1084625a9014cfee8a6d521bda8b6e6349f02236c0066123f52
                                                                                                                                                            • Instruction Fuzzy Hash: CD4128B5A102099FCB10DF99C488AABBFF5FF88315F24C599D419AB321D774A841CBA0
                                                                                                                                                            Function 02AE480C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 681 2ae480c-2ae5cd1 CreateActCtxA 685 2ae5cda-2ae5d34 681->685 686 2ae5cd3-2ae5cd9 681->686 693 2ae5d36-2ae5d39 685->693 694 2ae5d43-2ae5d47 685->694 686->685 693->694 695 2ae5d58 694->695 696 2ae5d49-2ae5d55 694->696 698 2ae5d59 695->698 696->695 698->698
                                                                                                                                                            APIs
                                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 02AE5CC1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Create
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                            • Opcode ID: cace0f68fcd48078688b5199b7e0f64d76a6c50cb8f5088202fa28ce394a2018
                                                                                                                                                            • Instruction ID: 5050aa6718bf857b64f281a3f23a25440ca6b1ab2327349bd55223614ec0b3ec
                                                                                                                                                            • Opcode Fuzzy Hash: cace0f68fcd48078688b5199b7e0f64d76a6c50cb8f5088202fa28ce394a2018
                                                                                                                                                            • Instruction Fuzzy Hash: D341B1B1C00718CFEF24DFAAC884B9EBBB5BF45308F608059D419AB251DB75694ACF90
                                                                                                                                                            Function 02AE5C04 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 699 2ae5c04-2ae5c8b 700 2ae5c93-2ae5ca5 699->700 701 2ae5ca6-2ae5cd1 CreateActCtxA 700->701 702 2ae5cda-2ae5d34 701->702 703 2ae5cd3-2ae5cd9 701->703 710 2ae5d36-2ae5d39 702->710 711 2ae5d43-2ae5d47 702->711 703->702 710->711 712 2ae5d58 711->712 713 2ae5d49-2ae5d55 711->713 715 2ae5d59 712->715 713->712 715->715
                                                                                                                                                            APIs
                                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 02AE5CC1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Create
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                            • Opcode ID: 45e2edd29ce6b9d54ffb21b4bff7ccd219d16c482d4e98ed9c3a32bbf0f82142
                                                                                                                                                            • Instruction ID: 981bc0a610e81abbc926de300e5ab307ca86bcb5014ef16fe1d1cc2bc56177ab
                                                                                                                                                            • Opcode Fuzzy Hash: 45e2edd29ce6b9d54ffb21b4bff7ccd219d16c482d4e98ed9c3a32bbf0f82142
                                                                                                                                                            • Instruction Fuzzy Hash: AE41E0B1C00319CEEB24DFA9C884ADEBBB1BF49314F608069D419AB251DB75694ACF50
                                                                                                                                                            Function 06E7B2D2 Relevance: 1.6, APIs: 1, Instructions: 84threadCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 716 6e7b2d2-6e7b2d4 717 6e7b2d6-6e7b323 716->717 718 6e7b28b-6e7b297 716->718 725 6e7b325-6e7b331 717->725 726 6e7b333-6e7b363 Wow64SetThreadContext 717->726 720 6e7b2a0-6e7b2c5 718->720 721 6e7b299-6e7b29f 718->721 721->720 725->726 729 6e7b365-6e7b36b 726->729 730 6e7b36c-6e7b39c 726->730 729->730
                                                                                                                                                            APIs
                                                                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E7B356
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ContextThreadWow64
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 983334009-0
                                                                                                                                                            • Opcode ID: d21ba443222d37ae17975886536e5569293aa1f65942d2fd9a84390bc83f1de1
                                                                                                                                                            • Instruction ID: 20e15e1f33dfc9acff4345729fa399aacbba1202324a6c501108ff954288f97a
                                                                                                                                                            • Opcode Fuzzy Hash: d21ba443222d37ae17975886536e5569293aa1f65942d2fd9a84390bc83f1de1
                                                                                                                                                            • Instruction Fuzzy Hash: 36314772D003088FDB50DFAAD4857EEBBF5EF48324F24882AD459A7240C779A985CF94
                                                                                                                                                            Function 02AE9EBA Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 734 2ae9eba-2ae9f6b 735 2ae9f6d-2ae9f70 734->735 736 2ae9f73-2ae9f77 734->736 735->736 737 2ae9f7f-2ae9fab FindWindowW 736->737 738 2ae9f79-2ae9f7c 736->738 739 2ae9fad-2ae9fb3 737->739 740 2ae9fb4-2ae9fc8 737->740 738->737 739->740
                                                                                                                                                            APIs
                                                                                                                                                            • FindWindowW.USER32(00000000,00000000), ref: 02AE9F9E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FindWindow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 134000473-0
                                                                                                                                                            • Opcode ID: e3dbfcb00fdfcd8154fa2538cddbe563775cafa480c18a09cbf743a053096ed3
                                                                                                                                                            • Instruction ID: a2378e51d3e7306c099b30cb79e878fd76e1646ce2afa76d97ba3596a4079fa1
                                                                                                                                                            • Opcode Fuzzy Hash: e3dbfcb00fdfcd8154fa2538cddbe563775cafa480c18a09cbf743a053096ed3
                                                                                                                                                            • Instruction Fuzzy Hash: D13158B68013458FCB11CFA9D8817CABFF0FB1A214F58849ED849A7642D3799949CF52
                                                                                                                                                            Function 06E7B468 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 742 6e7b468-6e7b4be 745 6e7b4c0-6e7b4cc 742->745 746 6e7b4ce-6e7b50d WriteProcessMemory 742->746 745->746 748 6e7b516-6e7b546 746->748 749 6e7b50f-6e7b515 746->749 749->748
                                                                                                                                                            APIs
                                                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06E7B500
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3559483778-0
                                                                                                                                                            • Opcode ID: 10bf8dd22619a2db4377a48172132efa3af43ce3eaaf2cf0959fa9154db88b7b
                                                                                                                                                            • Instruction ID: 5266bd1cb6e52899ce11a82b44bb8ffafbb440c22e452930f45bf7f4690bde21
                                                                                                                                                            • Opcode Fuzzy Hash: 10bf8dd22619a2db4377a48172132efa3af43ce3eaaf2cf0959fa9154db88b7b
                                                                                                                                                            • Instruction Fuzzy Hash: F12133729003099FCB00CFA9C8817EEBBF1BF48310F10882AE959A7240D7789A44DBA4
                                                                                                                                                            Function 06E7B470 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06E7B500
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3559483778-0
                                                                                                                                                            • Opcode ID: dcc78add60eba238d75093a1f25a8e0f8efca29de944e24dd304a1df2416a404
                                                                                                                                                            • Instruction ID: 9479b77fc7a4a0f8b353851696f2968d093099634f66a5700871ede16eb2fc9d
                                                                                                                                                            • Opcode Fuzzy Hash: dcc78add60eba238d75093a1f25a8e0f8efca29de944e24dd304a1df2416a404
                                                                                                                                                            • Instruction Fuzzy Hash: BF2126729003599FCB10CFA9C885BDEBBF5FF48314F10882AE959A7340D778A944DBA4
                                                                                                                                                            Function 02AE5D7C Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 753 2ae5d7c-2ae5d88 754 2ae5d3a-2ae5d41 753->754 755 2ae5d8a-2ae5d8f 753->755 759 2ae5d43-2ae5d47 754->759 756 2ae5e01-2ae5e2f 755->756 760 2ae5d58 759->760 761 2ae5d49-2ae5d55 759->761 763 2ae5d59 760->763 761->760 763->763
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: adb6fdf1a7c05fa6466cb6979f3254b737456d292b1ea2e4aff574f9b7736542
                                                                                                                                                            • Instruction ID: f7b38b31a7aaaae23345c0e2bdfeb8d61286a288cc8b128c354a149f9329a335
                                                                                                                                                            • Opcode Fuzzy Hash: adb6fdf1a7c05fa6466cb6979f3254b737456d292b1ea2e4aff574f9b7736542
                                                                                                                                                            • Instruction Fuzzy Hash: EF219AB1C04348CEEF11DFA8C8A83ADBBB1EF62308F904089D4466B251CB795946CF51
                                                                                                                                                            Function 06E7B55A Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06E7B5E0
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MemoryProcessRead
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1726664587-0
                                                                                                                                                            • Opcode ID: 00ba25db30c5b27bf439a2e1dbb569d417c41613dc6c6b256751f6756f175fd5
                                                                                                                                                            • Instruction ID: 9cacd454fab2a3943460c735551a393b691539b112dd86bc91a96b23ee829e5a
                                                                                                                                                            • Opcode Fuzzy Hash: 00ba25db30c5b27bf439a2e1dbb569d417c41613dc6c6b256751f6756f175fd5
                                                                                                                                                            • Instruction Fuzzy Hash: 042134728003499FCB10CFAAD880AEEFBF5FF48310F10882AE559A7240C7389945CBA4
                                                                                                                                                            Function 06E7B560 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06E7B5E0
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MemoryProcessRead
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1726664587-0
                                                                                                                                                            • Opcode ID: 3c3984ec04e5176c6fa3ed50e7d2f6657ed7d8f7a17bf51ae6a3f3b29379baed
                                                                                                                                                            • Instruction ID: 75f29f2d9f3003b1019d27a9146846f65f321978d345ea04153344b9753b268f
                                                                                                                                                            • Opcode Fuzzy Hash: 3c3984ec04e5176c6fa3ed50e7d2f6657ed7d8f7a17bf51ae6a3f3b29379baed
                                                                                                                                                            • Instruction Fuzzy Hash: 64212871C003599FCB10CFAAC881ADEFBF5FF48310F50882AE559A7240C7789944CBA5
                                                                                                                                                            Function 06E7B2D8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E7B356
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ContextThreadWow64
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 983334009-0
                                                                                                                                                            • Opcode ID: 51d51f81fbd2f772dd2495590f8cc9828291727cb171b85a3fab353d2b37dafc
                                                                                                                                                            • Instruction ID: 20a6dec4d4c2540d57fe4a024db0fed434c98f03f1c00b015cb7d97cab353928
                                                                                                                                                            • Opcode Fuzzy Hash: 51d51f81fbd2f772dd2495590f8cc9828291727cb171b85a3fab353d2b37dafc
                                                                                                                                                            • Instruction Fuzzy Hash: 49210472D003099FDB10DFAAC4857AEBBF4EF48324F54842AD459A7340D778A985CFA5
                                                                                                                                                            Function 02AED880 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02AED907
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                                            • Opcode ID: 95788ea3a16c57685f8cdf91aae31b065c8f7a901b1e970edb4b814df6b86404
                                                                                                                                                            • Instruction ID: 269afa53d0d89a4fece9027172f558fb709409d17dacb3f28811748ee6e0b4d5
                                                                                                                                                            • Opcode Fuzzy Hash: 95788ea3a16c57685f8cdf91aae31b065c8f7a901b1e970edb4b814df6b86404
                                                                                                                                                            • Instruction Fuzzy Hash: 0A21D5B5900258AFDB10CFAAD984ADEFFF9FB48310F14841AE954A3350D374A944CF65
                                                                                                                                                            Function 02AED878 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02AED907
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                                            • Opcode ID: 0341e560691813475bfb98c4d81232518d06ed23f875c0e09114167702385348
                                                                                                                                                            • Instruction ID: 48eac64d8d321224b40e11cf93af493eebf0efd6154c004d870aa093e3b79a3f
                                                                                                                                                            • Opcode Fuzzy Hash: 0341e560691813475bfb98c4d81232518d06ed23f875c0e09114167702385348
                                                                                                                                                            • Instruction Fuzzy Hash: 0421F5B6D00208AFDB00CFA9D985AEEBBF5FB08310F14841AE954B3710D378A944CF65
                                                                                                                                                            Function 02AE87C4 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • FindWindowW.USER32(00000000,00000000), ref: 02AE9F9E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FindWindow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 134000473-0
                                                                                                                                                            • Opcode ID: 99eb9d0a145e3fbd72694ff5b3d5dd98dce6c534744e579dbf4ff69183d8bba0
                                                                                                                                                            • Instruction ID: 4f593849b1d6905e9ff898cfd3e040ef2a09be1c53009a0801db94012ebdc273
                                                                                                                                                            • Opcode Fuzzy Hash: 99eb9d0a145e3fbd72694ff5b3d5dd98dce6c534744e579dbf4ff69183d8bba0
                                                                                                                                                            • Instruction Fuzzy Hash: BF2113B58003099FCF10CF9AD484ADEFBF4FB48214F14856EE81AA7200C775A545CBA5
                                                                                                                                                            Function 06E7B3A8 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E7B41E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                            • Opcode ID: 9e68f47a3eea6dc192d862625f3bbba310f9abc28a861679e6a45ea5cb200fcb
                                                                                                                                                            • Instruction ID: 8fd4966fc68ff909572833fef917c2ca076ae380aee48be167472255df34f9e2
                                                                                                                                                            • Opcode Fuzzy Hash: 9e68f47a3eea6dc192d862625f3bbba310f9abc28a861679e6a45ea5cb200fcb
                                                                                                                                                            • Instruction Fuzzy Hash: 591153728002099FDB10CFA9C8847EEBFF1AB48324F24881AE455A7240C7799A45DFA4
                                                                                                                                                            Function 06E7B3B0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E7B41E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                            • Opcode ID: 6a9150c0be1f76ef4b7fc5bae6f8f4d7e7eb1804b17dc354be3a77ef4bc88c5e
                                                                                                                                                            • Instruction ID: 40058f10eff76db474bb4bfca80f7d3437374b096d6f9bb2ffe6e84ffb61a768
                                                                                                                                                            • Opcode Fuzzy Hash: 6a9150c0be1f76ef4b7fc5bae6f8f4d7e7eb1804b17dc354be3a77ef4bc88c5e
                                                                                                                                                            • Instruction Fuzzy Hash: 6B1156728003089FCB10CFAAC844ADEBFF5EF48324F14881AE455A7240D779A944DFA4
                                                                                                                                                            Function 06E7B228 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ResumeThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 947044025-0
                                                                                                                                                            • Opcode ID: e2cfddef92596f7119ba9ed77e751719501a92daee965a9384d6623605aee4d3
                                                                                                                                                            • Instruction ID: c0257298dab431b5b21384a0983b66e883c94ea4e2c16099b6866ff9b4cdd053
                                                                                                                                                            • Opcode Fuzzy Hash: e2cfddef92596f7119ba9ed77e751719501a92daee965a9384d6623605aee4d3
                                                                                                                                                            • Instruction Fuzzy Hash: 7D11F5719003498FDB10DFAAC88579EFBF5AB88324F24881AD459A7340C779A945CBA5
                                                                                                                                                            Function 06E7B222 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ResumeThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 947044025-0
                                                                                                                                                            • Opcode ID: b95611a948b75ccb1870c4aa9938b4b9a338603cb75899a2640b1d4079effba8
                                                                                                                                                            • Instruction ID: 346e722d21a2f04928cb80a1740c17db184f8186c0d4b75bf223d1111bdf3a17
                                                                                                                                                            • Opcode Fuzzy Hash: b95611a948b75ccb1870c4aa9938b4b9a338603cb75899a2640b1d4079effba8
                                                                                                                                                            • Instruction Fuzzy Hash: 0A1125729003488FDB10DFA9D5457EEFBF1AB48314F24882AD459A7340C779A945CBA5
                                                                                                                                                            Function 06E79CD8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 06E7DA9D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessagePost
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 410705778-0
                                                                                                                                                            • Opcode ID: dfa1679a82437c17405de6c0a5f398a18aa4cbc818f6a363f78117d26ce28199
                                                                                                                                                            • Instruction ID: 6cb834f48dc504083bbd584381b303b98ef066fa437943c43a85d1df52c1a3c0
                                                                                                                                                            • Opcode Fuzzy Hash: dfa1679a82437c17405de6c0a5f398a18aa4cbc818f6a363f78117d26ce28199
                                                                                                                                                            • Instruction Fuzzy Hash: 4511F2B58003499FDB10DF9AC885BDEBBF8FF48320F20845AE859A7240C375A944CFA5
                                                                                                                                                            Function 06E7DA3A Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 06E7DA9D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessagePost
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 410705778-0
                                                                                                                                                            • Opcode ID: 6d5b5d96c2e739fca65d23b28382e7205527bb3e510e293e6eeb5a4aa4bc41f4
                                                                                                                                                            • Instruction ID: a48b837acdf2b5b3e42d57641056674f89c7e3d226186c212c9028bc6dd8b65c
                                                                                                                                                            • Opcode Fuzzy Hash: 6d5b5d96c2e739fca65d23b28382e7205527bb3e510e293e6eeb5a4aa4bc41f4
                                                                                                                                                            • Instruction Fuzzy Hash: A411B0B58003499FDB10CF9AD885BEEBBF8EB48314F24841AE458A7640C375A945CFA5
                                                                                                                                                            Function 02AEB5A0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 02AEB606
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                                            • Opcode ID: aeb6c1ae2ece26d0d595511f74e9279e89f0afd2839fd09f690e6dcb2b82cc10
                                                                                                                                                            • Instruction ID: 01779e3366a7d4628b03efd7a38c603a4157972247e3cee33403664e33519cbe
                                                                                                                                                            • Opcode Fuzzy Hash: aeb6c1ae2ece26d0d595511f74e9279e89f0afd2839fd09f690e6dcb2b82cc10
                                                                                                                                                            • Instruction Fuzzy Hash: B911DFB6C002498FDB10CF9AC484A9EFBF4AB89324F14846AD469B7610C375A545CFA5
                                                                                                                                                            Function 06E7EDA8 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • CloseHandle.KERNELBASE(?), ref: 06E7EE08
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                            • Opcode ID: f24d04c8e6f2ef5d98f96d92f33da8d544ffdd1e904e73ede4a2b869f15cfeb3
                                                                                                                                                            • Instruction ID: 33204554e4f78bab7906b874c0e536b8df22fffe7ad78e248e2044a888d37ed3
                                                                                                                                                            • Opcode Fuzzy Hash: f24d04c8e6f2ef5d98f96d92f33da8d544ffdd1e904e73ede4a2b869f15cfeb3
                                                                                                                                                            • Instruction Fuzzy Hash: 7A1115B6800349CFDB10CF99D4857EEBBF0EB48320F24885AD568A7741D339AA44CFA5
                                                                                                                                                            Function 06E7EDB0 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • CloseHandle.KERNELBASE(?), ref: 06E7EE08
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                            • Opcode ID: 6cdf4a363b0429bd4540327580128212bad2339db5f8a3c66612a2c1ea9447d5
                                                                                                                                                            • Instruction ID: cea0705187cf3e392efca73771d662bc0f206456d5dc3f25ff3c4b02f37f1cf0
                                                                                                                                                            • Opcode Fuzzy Hash: 6cdf4a363b0429bd4540327580128212bad2339db5f8a3c66612a2c1ea9447d5
                                                                                                                                                            • Instruction Fuzzy Hash: 341115B68003498FCB10DF9AC485BDEFBF4EB48320F24845AE468A7341D378A544CFA5
                                                                                                                                                            Function 02A0D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178180937891.0000000002A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A0D000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2a0d000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 76bae255d120a84405cb67cb1c71c40dc31035fcbe03b49405781efefb84ce3a
                                                                                                                                                            • Instruction ID: 560f42bee748e7eb813cc5c5c46530ff41db3446ef27f46903b6ce3bda5e0af4
                                                                                                                                                            • Opcode Fuzzy Hash: 76bae255d120a84405cb67cb1c71c40dc31035fcbe03b49405781efefb84ce3a
                                                                                                                                                            • Instruction Fuzzy Hash: B821F572504640EFDB05DF54E9C0F2ABF65FB88318F24C569EC091B296C736E456CBA2
                                                                                                                                                            Function 02A1D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181038625.0000000002A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A1D000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2a1d000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0c74adc8981f6abceeb57ecc93851f750c3a74eccdb3a1bf9dd2f2a89a7e1df2
                                                                                                                                                            • Instruction ID: 56e7ef9ff5213ba1e910b327379a8cb6d69ec4c763451469e938097a70752382
                                                                                                                                                            • Opcode Fuzzy Hash: 0c74adc8981f6abceeb57ecc93851f750c3a74eccdb3a1bf9dd2f2a89a7e1df2
                                                                                                                                                            • Instruction Fuzzy Hash: BA210471504640EFDB09DF14D9C0B26FBA5FB88324F24C66DE8495B342CB3AD446CA61
                                                                                                                                                            Function 02A1D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181038625.0000000002A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A1D000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2a1d000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: fd2f3aa43c0bb605411336e0e7325ac133cb39926c45fd6af72bd1580086914d
                                                                                                                                                            • Instruction ID: 7fa543ea915b0f129ad4e1e656f23d450b92cb2f74f197bc0a458f79b347baec
                                                                                                                                                            • Opcode Fuzzy Hash: fd2f3aa43c0bb605411336e0e7325ac133cb39926c45fd6af72bd1580086914d
                                                                                                                                                            • Instruction Fuzzy Hash: 3821F275604640EFDB15DF14E8C4B16BB65FB88324F24C569E84A4B346CB3AD847CAA2
                                                                                                                                                            Function 02A1D006 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181038625.0000000002A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A1D000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2a1d000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5858c852ed804d72a695beb17ec55de44e5a54665e93b814ecee64da818de445
                                                                                                                                                            • Instruction ID: f21f254913633237e3b3b4a105670e61ca44b7db90ebd8fc0e5dca5c523f8170
                                                                                                                                                            • Opcode Fuzzy Hash: 5858c852ed804d72a695beb17ec55de44e5a54665e93b814ecee64da818de445
                                                                                                                                                            • Instruction Fuzzy Hash: 4521A1755087808FDB02CF24D9D4B15BF71EB45214F28C5DAD8498B2A7C33AD84ACB62
                                                                                                                                                            Function 02A0D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178180937891.0000000002A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A0D000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2a0d000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f74d666f04ddc3b24759b173e0bcb22430f0878ef40f034fbea5f1c7c3a47537
                                                                                                                                                            • Instruction ID: ad6cdf5971a50e322a5f606b6b1ec885cfa19234a80905dd1733debd5c22c6b0
                                                                                                                                                            • Opcode Fuzzy Hash: f74d666f04ddc3b24759b173e0bcb22430f0878ef40f034fbea5f1c7c3a47537
                                                                                                                                                            • Instruction Fuzzy Hash: 9B11D676504680CFDB11CF54E5C4B1ABF71FB88314F24C5A9DC490B656C336E45ACB91
                                                                                                                                                            Function 02A1D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181038625.0000000002A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A1D000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2a1d000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: efe1a8789817cdc5642f93c0ea296bc99134840a42bac7cd1235edf7bf13e05b
                                                                                                                                                            • Instruction ID: 5bc50053004d52aa53960818d4c24dbe0dfc1e4b9475c52e6a436496266fc999
                                                                                                                                                            • Opcode Fuzzy Hash: efe1a8789817cdc5642f93c0ea296bc99134840a42bac7cd1235edf7bf13e05b
                                                                                                                                                            • Instruction Fuzzy Hash: D1118B75904680DFDB16CF14D5C4B15FBA2FB84224F28C6AAD8494B696C33AD44ACB62

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            Function 06E70006 Relevance: 3.9, Strings: 3, Instructions: 171COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: '<"C$'<"C$NvTt
                                                                                                                                                            • API String ID: 0-1787953242
                                                                                                                                                            • Opcode ID: f3359f1378d0f6dafd1150e72e65eb90a75a324e33fea6e3bf82e3a7fcf75a56
                                                                                                                                                            • Instruction ID: 5e930b67834a04dee343f2d700527d6a8af01706c390a52e0a6bb5e2784a6b8d
                                                                                                                                                            • Opcode Fuzzy Hash: f3359f1378d0f6dafd1150e72e65eb90a75a324e33fea6e3bf82e3a7fcf75a56
                                                                                                                                                            • Instruction Fuzzy Hash: 886156B4E053098FDB48CFA6E9845AEBBF2EF89310F14982AD415E7254E7344A42CF90
                                                                                                                                                            Function 06E70040 Relevance: 3.9, Strings: 3, Instructions: 143COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: '<"C$'<"C$NvTt
                                                                                                                                                            • API String ID: 0-1787953242
                                                                                                                                                            • Opcode ID: e6c059d318d92a27b3b1647a723d13745e54384db263ea4ec55bdd6a1700a806
                                                                                                                                                            • Instruction ID: 77c53b298d20db4674ea576780a1f53b43f4fc80930c2acd55e8ca0c11729ca6
                                                                                                                                                            • Opcode Fuzzy Hash: e6c059d318d92a27b3b1647a723d13745e54384db263ea4ec55bdd6a1700a806
                                                                                                                                                            • Instruction Fuzzy Hash: E251F5B4E112099FDB44CFAAE5855EEFBF2BF88310F10942AE415A7354E7345A41CF90
                                                                                                                                                            Function 052C01D8 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185050349.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_52c0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4298d23a2479b7f8de0e1397d003db5cc15c7b2e26e6db06082d27a24488be53
                                                                                                                                                            • Instruction ID: 0ea6cc77a440362133888d20b34aa07576771b2ab9e90c22c25f8e9fb5f37c7d
                                                                                                                                                            • Opcode Fuzzy Hash: 4298d23a2479b7f8de0e1397d003db5cc15c7b2e26e6db06082d27a24488be53
                                                                                                                                                            • Instruction Fuzzy Hash: 5712C9B0C917468BE732CF65E8CC5893B71B760398FD04B0AD2611BAE9DBB4146ACF54
                                                                                                                                                            Function 06E7A5C8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e0808c1f98e7e7c688e2c404ad43d68571be74507c83e0fa22dfe07595bc0296
                                                                                                                                                            • Instruction ID: 774af7fe3aae90dd73c4f70cfdf1535545b16bb4cc003284c12dbad3ffd54de9
                                                                                                                                                            • Opcode Fuzzy Hash: e0808c1f98e7e7c688e2c404ad43d68571be74507c83e0fa22dfe07595bc0296
                                                                                                                                                            • Instruction Fuzzy Hash: 26E12974E002598FDB54DFA9D580AAEFBB2FF88304F248169D419AB355DB31AD41CFA0
                                                                                                                                                            Function 06E78558 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 507206acb0e6f3e637dbe3f449f4783069169a8db181a843847301a20a30be95
                                                                                                                                                            • Instruction ID: d70934f59524e58cee38ebb29d9d912c5b739067e41705ba6210853d38f7790a
                                                                                                                                                            • Opcode Fuzzy Hash: 507206acb0e6f3e637dbe3f449f4783069169a8db181a843847301a20a30be95
                                                                                                                                                            • Instruction Fuzzy Hash: 55E12674E002598FDB54DFA9C584AAEFBB2FF88304F248169D409AB355DB30AD41CFA1
                                                                                                                                                            Function 06E78DC8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f60d74e94046462362e620833ea7c3c9126ccce1cefdbd6b3c052a621076debd
                                                                                                                                                            • Instruction ID: 8904658749976a0afe415a729e400025194d269d1e4a490afaf58cda3a71d207
                                                                                                                                                            • Opcode Fuzzy Hash: f60d74e94046462362e620833ea7c3c9126ccce1cefdbd6b3c052a621076debd
                                                                                                                                                            • Instruction Fuzzy Hash: 6AE11A74E002598FDB14DFA9C584AAEFBB2FF89304F249169D419AB356D730AD41CFA0
                                                                                                                                                            Function 06E7AA00 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f05c92b18bad158c1ba0030986851a5c2b6646eb98c77361e33749bd34643522
                                                                                                                                                            • Instruction ID: d4a1e4e60c576832444ed8d0842df6ae1609c164cfa078b0ed56f396feb93ad6
                                                                                                                                                            • Opcode Fuzzy Hash: f05c92b18bad158c1ba0030986851a5c2b6646eb98c77361e33749bd34643522
                                                                                                                                                            • Instruction Fuzzy Hash: EEE11874E002198FDB24DFA8C580AAEFBB2FF88305F249169D415AB355DB30AD41CFA1
                                                                                                                                                            Function 06E78990 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 533a85d810092ef4ecfdab6bee5909588c07ecbab0ba702edea64484751a497c
                                                                                                                                                            • Instruction ID: ff7dd705ca60da4724ecb36b2154e2b6cba6f21415e8de19a28d93cf7ee9771b
                                                                                                                                                            • Opcode Fuzzy Hash: 533a85d810092ef4ecfdab6bee5909588c07ecbab0ba702edea64484751a497c
                                                                                                                                                            • Instruction Fuzzy Hash: FFE12874E002198FDB54DFA8C584AAEFBB2FF89304F249169D419AB359DB30AD41CF61
                                                                                                                                                            Function 06E71558 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b7eb2d22974895526aa19e76492a3d6bc5b21b0fd5b4e206bda2dadf0511b643
                                                                                                                                                            • Instruction ID: 7c6b62b29314dd56e4e96be85bd500cd293e4a0db23abc5cab4241ef9856cb3a
                                                                                                                                                            • Opcode Fuzzy Hash: b7eb2d22974895526aa19e76492a3d6bc5b21b0fd5b4e206bda2dadf0511b643
                                                                                                                                                            • Instruction Fuzzy Hash: C0B1F571E0471ADFDB58CFA6D9805DEFBB2BF89200F14A52AD416EB254EB349906CF40
                                                                                                                                                            Function 06E71568 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 75a150698e628e7fe5ba92f5cf1345d29ecda4213d93d195e6f2348f2817a8e5
                                                                                                                                                            • Instruction ID: c1b0b95b5d248259d92be21a4ac251d6733810154d4d066894854f83fe77bff2
                                                                                                                                                            • Opcode Fuzzy Hash: 75a150698e628e7fe5ba92f5cf1345d29ecda4213d93d195e6f2348f2817a8e5
                                                                                                                                                            • Instruction Fuzzy Hash: A4B1F471D0471ADFEB58CFA6D9805DEFBB2BF89300F14A52AD416AB254DB349906CF40
                                                                                                                                                            Function 02AEE1F4 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178181414868.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_2ae0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 00cb0e6a7fa97b616d81178a4810286bcd2d6d0f178c2e6858fad7cc319d0d3f
                                                                                                                                                            • Instruction ID: a82f82e978c827818011f572e706b76c2df117ff344d8e188a8e1e9e1a5c4db7
                                                                                                                                                            • Opcode Fuzzy Hash: 00cb0e6a7fa97b616d81178a4810286bcd2d6d0f178c2e6858fad7cc319d0d3f
                                                                                                                                                            • Instruction Fuzzy Hash: F2A13A32E00209CFCF19DFB4C98459EB7B2FF85314B15456AE806AB265DF71A956CB40
                                                                                                                                                            Function 06E70568 Relevance: .3, Instructions: 252COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0d7214d2a5701d1509d67dd521dfd0fff19cb8f785617c158632ca4adfa02f3a
                                                                                                                                                            • Instruction ID: c5dda082383e64e548205f67d3959badcbbee4eb2c288dc02ee29c18bd2e0280
                                                                                                                                                            • Opcode Fuzzy Hash: 0d7214d2a5701d1509d67dd521dfd0fff19cb8f785617c158632ca4adfa02f3a
                                                                                                                                                            • Instruction Fuzzy Hash: 0CB11BB0E142198FDB54DFA9D580AAEFBF2FF89304F249169D409AB355D730A941CFA0
                                                                                                                                                            Function 06E70559 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1dfaa58c9d337251bb6dfdcfee0b739cf40c5da08118dc23faea1e7590fbc8e7
                                                                                                                                                            • Instruction ID: 5a9f83c65c07a8b784ae4a117438a0e1e4f268704b955a1bf4193616fae3f806
                                                                                                                                                            • Opcode Fuzzy Hash: 1dfaa58c9d337251bb6dfdcfee0b739cf40c5da08118dc23faea1e7590fbc8e7
                                                                                                                                                            • Instruction Fuzzy Hash: 6EB12DB0E142198FDB54DFA9D580AAEFBF2BF89304F24D169D409AB355D730A941CFA0
                                                                                                                                                            Function 052C01C8 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185050349.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_52c0000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ab93ad58e73ba33ec625eab7213ccbd69cf7cbc240763ce66cbd5c55c8771fd4
                                                                                                                                                            • Instruction ID: 828bb04c981522c8214ab541f70e886b65a919d926a3e1bbc77ac46c504cf907
                                                                                                                                                            • Opcode Fuzzy Hash: ab93ad58e73ba33ec625eab7213ccbd69cf7cbc240763ce66cbd5c55c8771fd4
                                                                                                                                                            • Instruction Fuzzy Hash: 39C11CB0C907468BE732CF65E88C5893B71BBA5394FD04B0AD1612BAD8DBB4146ACF54
                                                                                                                                                            Function 06E70613 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: de50b85c774688661ec8a084cd1e21c714891a1e6f89377f860306b51fcaa52e
                                                                                                                                                            • Instruction ID: 5f40f8f032174fcb36b8a3264944c03832dfa21ff2b31518a74bce6b31967c74
                                                                                                                                                            • Opcode Fuzzy Hash: de50b85c774688661ec8a084cd1e21c714891a1e6f89377f860306b51fcaa52e
                                                                                                                                                            • Instruction Fuzzy Hash: 3EA10BB4E142198FDB54DFA4D580AAEFBF2BF89304F249159D409AB355D730AA41CFA0
                                                                                                                                                            Function 06E7A5B8 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.178185764421.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_6e70000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0aa1391a942c79d15706e2af322ddaea630dd20e7d164aa4b868640157253023
                                                                                                                                                            • Instruction ID: 8b478008c111316c203d7b907c9923d0e7ababcac4b04b826f04d529ff5d5375
                                                                                                                                                            • Opcode Fuzzy Hash: 0aa1391a942c79d15706e2af322ddaea630dd20e7d164aa4b868640157253023
                                                                                                                                                            • Instruction Fuzzy Hash: 13510974E1021A8FDB14CFA9D5806AEFBF2FF89304F248169D418AB355D7319A41CFA1

                                                                                                                                                            Execution Graph

                                                                                                                                                            Execution Coverage:1.6%
                                                                                                                                                            Dynamic/Decrypted Code Coverage:5.8%
                                                                                                                                                            Signature Coverage:8.3%
                                                                                                                                                            Total number of Nodes:156
                                                                                                                                                            Total number of Limit Nodes:10
                                                                                                                                                            execution_graph 74787 42e053 74790 42c223 74787->74790 74791 42c23d 74790->74791 74794 16d2eb0 LdrInitializeThunk 74791->74794 74792 42c269 74794->74792 74795 42f253 74796 42f263 74795->74796 74797 42f269 74795->74797 74800 42e173 74797->74800 74799 42f28f 74803 42c313 74800->74803 74802 42e18e 74802->74799 74804 42c330 74803->74804 74805 42c341 RtlAllocateHeap 74804->74805 74805->74802 74806 424453 74807 42446f 74806->74807 74808 424497 74807->74808 74809 4244ab 74807->74809 74810 42bff3 NtClose 74808->74810 74811 42bff3 NtClose 74809->74811 74812 4244a0 74810->74812 74813 4244b4 74811->74813 74816 42e1b3 74813->74816 74815 4244bf 74817 42c313 RtlAllocateHeap 74816->74817 74818 42e1d0 74817->74818 74818->74815 74819 42b613 74820 42b62d 74819->74820 74823 16d2d10 LdrInitializeThunk 74820->74823 74821 42b655 74823->74821 74949 4247e3 74952 4247fc 74949->74952 74950 424844 74951 42e093 RtlFreeHeap 74950->74951 74953 424854 74951->74953 74952->74950 74954 424887 74952->74954 74956 42488c 74952->74956 74955 42e093 RtlFreeHeap 74954->74955 74955->74956 74762 4154c3 74763 4154e8 74762->74763 74768 4172f3 74763->74768 74767 415543 74769 417317 74768->74769 74770 41551b 74769->74770 74771 417353 LdrLoadDll 74769->74771 74770->74767 74772 419063 74770->74772 74771->74770 74773 419096 74772->74773 74774 4190ba 74773->74774 74779 42bb73 74773->74779 74774->74767 74776 4190dd 74776->74774 74783 42bff3 74776->74783 74778 41915f 74778->74767 74780 42bb8d 74779->74780 74786 16d2bc0 LdrInitializeThunk 74780->74786 74781 42bbb9 74781->74776 74784 42c010 74783->74784 74785 42c021 NtClose 74784->74785 74785->74778 74786->74781 74824 41a0d3 74825 41a0e8 74824->74825 74827 41a13f 74824->74827 74825->74827 74828 41dfc3 74825->74828 74829 41dfe9 74828->74829 74833 41e0e0 74829->74833 74834 42f383 74829->74834 74831 41e081 74831->74833 74840 42b663 74831->74840 74833->74827 74835 42f2f3 74834->74835 74836 42f350 74835->74836 74837 42e173 RtlAllocateHeap 74835->74837 74836->74831 74838 42f32d 74837->74838 74844 42e093 74838->74844 74841 42b67d 74840->74841 74850 16d2b2a 74841->74850 74842 42b6a9 74842->74833 74847 42c363 74844->74847 74846 42e0ac 74846->74836 74848 42c37d 74847->74848 74849 42c38e RtlFreeHeap 74848->74849 74849->74846 74851 16d2b3f LdrInitializeThunk 74850->74851 74852 16d2b31 74850->74852 74851->74842 74852->74842 74853 413b93 74854 413bac 74853->74854 74855 4172f3 LdrLoadDll 74854->74855 74856 413bc7 74855->74856 74857 413c13 74856->74857 74858 413c00 PostThreadMessageW 74856->74858 74858->74857 74859 413692 74860 413635 74859->74860 74862 413652 74859->74862 74863 42c273 74860->74863 74864 42c28d 74863->74864 74867 16d2b90 LdrInitializeThunk 74864->74867 74865 42c2b5 74865->74862 74867->74865 74868 401994 74870 40199b 74868->74870 74869 401a58 74870->74869 74872 42f723 74870->74872 74875 42dc53 74872->74875 74876 42dc79 74875->74876 74887 407463 74876->74887 74878 42dc8f 74886 42dceb 74878->74886 74890 41ac23 74878->74890 74880 42dcae 74883 42dcc3 74880->74883 74905 42c3b3 74880->74905 74901 427d23 74883->74901 74884 42dcdd 74885 42c3b3 ExitProcess 74884->74885 74885->74886 74886->74869 74908 415fb3 74887->74908 74889 407470 74889->74878 74891 41ac4f 74890->74891 74919 41ab13 74891->74919 74894 41ac94 74898 42bff3 NtClose 74894->74898 74899 41acb0 74894->74899 74895 41ac7c 74896 42bff3 NtClose 74895->74896 74897 41ac87 74895->74897 74896->74897 74897->74880 74900 41aca6 74898->74900 74899->74880 74900->74880 74902 427d84 74901->74902 74903 427d91 74902->74903 74930 418163 74902->74930 74903->74884 74906 42c3cd 74905->74906 74907 42c3de ExitProcess 74906->74907 74907->74883 74909 415fd0 74908->74909 74911 415fe9 74909->74911 74912 42ca53 74909->74912 74911->74889 74914 42ca6d 74912->74914 74913 42ca9c 74913->74911 74914->74913 74915 42b663 LdrInitializeThunk 74914->74915 74916 42cafc 74915->74916 74917 42e093 RtlFreeHeap 74916->74917 74918 42cb15 74917->74918 74918->74911 74920 41ac09 74919->74920 74921 41ab2d 74919->74921 74920->74894 74920->74895 74925 42b703 74921->74925 74924 42bff3 NtClose 74924->74920 74926 42b720 74925->74926 74929 16d34e0 LdrInitializeThunk 74926->74929 74927 41abfd 74927->74924 74929->74927 74932 41818d 74930->74932 74931 41868b 74931->74903 74932->74931 74938 413813 74932->74938 74934 4182ba 74934->74931 74935 42e093 RtlFreeHeap 74934->74935 74936 4182d2 74935->74936 74936->74931 74937 42c3b3 ExitProcess 74936->74937 74937->74931 74942 413830 74938->74942 74941 413896 74941->74934 74942->74941 74943 41af33 74942->74943 74944 41af58 74943->74944 74946 41388c 74944->74946 74947 42e093 RtlFreeHeap 74944->74947 74948 41ad73 LdrInitializeThunk 74944->74948 74946->74934 74947->74944 74948->74944 74957 16d2a80 LdrInitializeThunk

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 004172F3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 56 4172f3-41730f 57 417317-41731c 56->57 58 417312 call 42ed93 56->58 59 417322-417330 call 42f393 57->59 60 41731e-417321 57->60 58->57 63 417340-417351 call 42d723 59->63 64 417332-41733d call 42f633 59->64 69 417353-417367 LdrLoadDll 63->69 70 41736a-41736d 63->70 64->63 69->70
                                                                                                                                                            APIs
                                                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417365
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Load
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2234796835-0
                                                                                                                                                            • Opcode ID: 6555885b03e424912a974b2ad71a9bf35cbf2a7f4b5f4a85ec69b3e21490f823
                                                                                                                                                            • Instruction ID: d0811db12d0f146c06d79ceb3f2dab9860b08131f12c425baa9d12ee8bf14660
                                                                                                                                                            • Opcode Fuzzy Hash: 6555885b03e424912a974b2ad71a9bf35cbf2a7f4b5f4a85ec69b3e21490f823
                                                                                                                                                            • Instruction Fuzzy Hash: 720152B1E0010DA7DB10DAE1DC42FDEB3789B54308F4041AAED1897240F634EB49CB55
                                                                                                                                                            Function 0042BFF3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 76 42bff3-42c02f call 4047d3 call 42d233 NtClose
                                                                                                                                                            APIs
                                                                                                                                                            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C02A
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Close
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3535843008-0
                                                                                                                                                            • Opcode ID: c34ef89e7b9cdae7ad94ebfb894588efeabc20d9fa43539f963b23359dc65b50
                                                                                                                                                            • Instruction ID: 155e8618e93c42cb7bf45a07eaa79e030e7167f9385490bd2c7e5f42732bba29
                                                                                                                                                            • Opcode Fuzzy Hash: c34ef89e7b9cdae7ad94ebfb894588efeabc20d9fa43539f963b23359dc65b50
                                                                                                                                                            • Instruction Fuzzy Hash: 8BE04F766002147BD220AA5ADC42FDB776DDFC5714F40441AFA086B241C775B91186F5
                                                                                                                                                            Function 016D34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 95 16d34e0-16d34ec LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 3f9f22532a682865a30af02d65849cbb2397c562a316ce1d4b584c711bf2ec10
                                                                                                                                                            • Instruction ID: b501102b81adc21162a3588496cda45f6e6be30b5439cf5b1ee8e95d668704eb
                                                                                                                                                            • Opcode Fuzzy Hash: 3f9f22532a682865a30af02d65849cbb2397c562a316ce1d4b584c711bf2ec10
                                                                                                                                                            • Instruction Fuzzy Hash: 2590023160620402D50066585A18707104997D0201F62C915A4424668DC7A5895175A2
                                                                                                                                                            Function 016D2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 92 16d2bc0-16d2bcc LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 609ce8a65eb30679b925edd996551872cb06fa945091c2a733dc8e93e433582b
                                                                                                                                                            • Instruction ID: 2c48b58f1ef85e234d8ddaf76a850ace61417095d16be85c2694dc671d002f5d
                                                                                                                                                            • Opcode Fuzzy Hash: 609ce8a65eb30679b925edd996551872cb06fa945091c2a733dc8e93e433582b
                                                                                                                                                            • Instruction Fuzzy Hash: F490023120210402D5006A98690C647004997E0301F52D515A9024655EC67588917131
                                                                                                                                                            Function 016D2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 91 16d2b90-16d2b9c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 3a048be3424875e8d4cc3de90a65e68c37866419e714d7bce9d0ef0a2d67310a
                                                                                                                                                            • Instruction ID: 12670139480edd10bc65928f0f52fb246ae6860041d696a4047ed6cc70b65e46
                                                                                                                                                            • Opcode Fuzzy Hash: 3a048be3424875e8d4cc3de90a65e68c37866419e714d7bce9d0ef0a2d67310a
                                                                                                                                                            • Instruction Fuzzy Hash: F690023120218802D5106658990874B004997D0301F56C915A8424758DC6A588917121
                                                                                                                                                            Function 016D2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 90 16d2a80-16d2a8c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 4edaed0eebcae95d77dffc975ea776582ded4730fa84f61239980b1c4924ed60
                                                                                                                                                            • Instruction ID: 7e44b829d0333ce7e34d16a305a0867e77c70a6e258d06c993f016fd18773b1d
                                                                                                                                                            • Opcode Fuzzy Hash: 4edaed0eebcae95d77dffc975ea776582ded4730fa84f61239980b1c4924ed60
                                                                                                                                                            • Instruction Fuzzy Hash: B190026120310003850576585918617404E97E0201B52C525E5014690DC53588917125
                                                                                                                                                            Function 016D2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 93 16d2d10-16d2d1c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: c168a71b5c2fa3e52e178c4faf0e366155d4073d19b1685990804b1d92089e7c
                                                                                                                                                            • Instruction ID: fdedea0b07d298098d6f3f873f5b002adc38d5ffafb7f8769b1325927e3ed290
                                                                                                                                                            • Opcode Fuzzy Hash: c168a71b5c2fa3e52e178c4faf0e366155d4073d19b1685990804b1d92089e7c
                                                                                                                                                            • Instruction Fuzzy Hash: E590023120210413D51166585A08707004D97D0241F92C916A4424658DD6668952B121
                                                                                                                                                            Function 016D2EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 94 16d2eb0-16d2ebc LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 5dc5eb8296b23614250a3ef04a59642979ea70a3d628c7076e308313b5e44513
                                                                                                                                                            • Instruction ID: 78efc2bc09f48de49c76ed58f78272ab4fb70281cf17fd3d91be110eb97eabd5
                                                                                                                                                            • Opcode Fuzzy Hash: 5dc5eb8296b23614250a3ef04a59642979ea70a3d628c7076e308313b5e44513
                                                                                                                                                            • Instruction Fuzzy Hash: 0C90023120250402D50066585D1870B004997D0302F52C515A5164655DC63588517571
                                                                                                                                                            Function 00413B88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • PostThreadMessageW.USER32(297268BLQ,00000111,00000000,00000000), ref: 00413C0D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                                            • String ID: 297268BLQ$297268BLQ
                                                                                                                                                            • API String ID: 1836367815-2296095138
                                                                                                                                                            • Opcode ID: 1af129441032b496bd40eed0ce9d410f271536bea43bc203cbba9472e8e933f1
                                                                                                                                                            • Instruction ID: 9fee5f7370640ccb0f943e733cf75d796cd6401a56ad5369163ceaf19d72f062
                                                                                                                                                            • Opcode Fuzzy Hash: 1af129441032b496bd40eed0ce9d410f271536bea43bc203cbba9472e8e933f1
                                                                                                                                                            • Instruction Fuzzy Hash: 9A114872E402187AEB20DA91CC02FDEBB78DF81B10F044059FA007B280E7B867028BD9
                                                                                                                                                            Function 00413B93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 37 413b93-413ba3 38 413bac-413bfe call 42eb43 call 4172f3 call 404743 call 424903 37->38 39 413ba7 call 42e133 37->39 48 413c20-413c25 38->48 49 413c00-413c11 PostThreadMessageW 38->49 39->38 49->48 50 413c13-413c1d 49->50 50->48
                                                                                                                                                            APIs
                                                                                                                                                            • PostThreadMessageW.USER32(297268BLQ,00000111,00000000,00000000), ref: 00413C0D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                                            • String ID: 297268BLQ$297268BLQ
                                                                                                                                                            • API String ID: 1836367815-2296095138
                                                                                                                                                            • Opcode ID: 208047ed80bebd8ca56128c23ae3e157862ca78c62b04f6beffd0e8f293f8384
                                                                                                                                                            • Instruction ID: 6255a44e8c8f5c0889ef331e0fe61ac5b76c677aa3b3c5e7e49ac7416300411a
                                                                                                                                                            • Opcode Fuzzy Hash: 208047ed80bebd8ca56128c23ae3e157862ca78c62b04f6beffd0e8f293f8384
                                                                                                                                                            • Instruction Fuzzy Hash: 8401DB71E4025876EB2096919C02FDFBB7C9F41B14F044059FE047B281E6B8570687E9
                                                                                                                                                            Function 0042C363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 51 42c363-42c3a4 call 4047d3 call 42d233 RtlFreeHeap
                                                                                                                                                            APIs
                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C39F
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                            • String ID: D`A
                                                                                                                                                            • API String ID: 3298025750-3975472815
                                                                                                                                                            • Opcode ID: 0b935935a9d9b665681f9f846ad136466a8349b47cf30abd535d1b6c75b0e6ef
                                                                                                                                                            • Instruction ID: a134c26ef84a2a4f5bf24abd6bc72dd655432f47ba180a3ec584b479eeffd2ea
                                                                                                                                                            • Opcode Fuzzy Hash: 0b935935a9d9b665681f9f846ad136466a8349b47cf30abd535d1b6c75b0e6ef
                                                                                                                                                            • Instruction Fuzzy Hash: ADE06DB5614304BBC610EE59DC41EEB73ACEFC5714F404059FA09A7241C774B9118BB5
                                                                                                                                                            Function 0042C313 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 71 42c313-42c357 call 4047d3 call 42d233 RtlAllocateHeap
                                                                                                                                                            APIs
                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,0041E081,?,?,00000000,?,0041E081,?,?,?), ref: 0042C352
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                            • Opcode ID: 6f0cf94ae48c5e444ba0bc735870bf2409f609eddd7a64d5d078c79487ed6f59
                                                                                                                                                            • Instruction ID: fe7f86bbdd520bdc572053dcc912469014bb562f93d2c6e71bd44db230938668
                                                                                                                                                            • Opcode Fuzzy Hash: 6f0cf94ae48c5e444ba0bc735870bf2409f609eddd7a64d5d078c79487ed6f59
                                                                                                                                                            • Instruction Fuzzy Hash: 3EE06DB57002047BD610EE59DC41EDB73ADEFC5714F400019FE08A7242C770BA118AB9
                                                                                                                                                            Function 0042C3B3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 81 42c3b3-42c3ec call 4047d3 call 42d233 ExitProcess
                                                                                                                                                            APIs
                                                                                                                                                            • ExitProcess.KERNEL32(?,00000000,00000000,?,F3121F26,?,?,F3121F26), ref: 0042C3E7
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178538615808.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                            • Opcode ID: c19161363ccc2e7a333328da921f80d604decca90989d1272e64322321a710cb
                                                                                                                                                            • Instruction ID: 502c90c13fd6c734b44df5e34100ab266e412ed8be16975681a8e27cb637c129
                                                                                                                                                            • Opcode Fuzzy Hash: c19161363ccc2e7a333328da921f80d604decca90989d1272e64322321a710cb
                                                                                                                                                            • Instruction Fuzzy Hash: 5CE08C36600614BBD220EE5ADC41F9BB76DEFC5714F40405EFA08A7241CB75BA1187F6
                                                                                                                                                            Function 016D2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 86 16d2b2a-16d2b2f 87 16d2b3f-16d2b46 LdrInitializeThunk 86->87 88 16d2b31-16d2b38 86->88
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: abb4d8ab27dcecefe795684906f24c28b3f841e19a102f5418361b1630d6fbe8
                                                                                                                                                            • Instruction ID: d0e1f3d657ec74e5d4343da3029098d617ee7049c4ed84be8ded41219afa5599
                                                                                                                                                            • Opcode Fuzzy Hash: abb4d8ab27dcecefe795684906f24c28b3f841e19a102f5418361b1630d6fbe8
                                                                                                                                                            • Instruction Fuzzy Hash: 10B09272D025C5CAEA12EB645F0CB1B7E44BBD0705F26C56AE2470791F8778C091F276

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            Function 016C8540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01705215, 017052A1, 01705324
                                                                                                                                                            • Critical section address, xrefs: 01705230, 017052C7, 0170533F
                                                                                                                                                            • Critical section address., xrefs: 0170530D
                                                                                                                                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017052ED
                                                                                                                                                            • Invalid debug info address of this critical section, xrefs: 017052C1
                                                                                                                                                            • Critical section debug info address, xrefs: 0170522A, 01705339
                                                                                                                                                            • corrupted critical section, xrefs: 017052CD
                                                                                                                                                            • double initialized or corrupted critical section, xrefs: 01705313
                                                                                                                                                            • Address of the debug info found in the active list., xrefs: 017052B9, 01705305
                                                                                                                                                            • undeleted critical section in freed memory, xrefs: 01705236
                                                                                                                                                            • 8, xrefs: 017050EE
                                                                                                                                                            • Thread identifier, xrefs: 01705345
                                                                                                                                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017052D9
                                                                                                                                                            • Thread is in a state in which it cannot own a critical section, xrefs: 0170534E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                            • API String ID: 0-2368682639
                                                                                                                                                            • Opcode ID: 28c88f6955cd5c0d9e098c394646d67c8561bdadafa1c7b37d7b161fda5e191e
                                                                                                                                                            • Instruction ID: 8c6e02512f7e0240da6d105b9650adaa9eafeaca865ce874da77eeb6d1f369dc
                                                                                                                                                            • Opcode Fuzzy Hash: 28c88f6955cd5c0d9e098c394646d67c8561bdadafa1c7b37d7b161fda5e191e
                                                                                                                                                            • Instruction Fuzzy Hash: FC8179B1A41348EFDB61CF99CC45BAEFBF9EB08B14F204159F905A7280D3B1A940CB64
                                                                                                                                                            Function 0168D2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                                                            • API String ID: 0-3532704233
                                                                                                                                                            • Opcode ID: fee40a67443007452d8fcf54565ecb21309b1127ce547d19382c01ce170fb1a8
                                                                                                                                                            • Instruction ID: 7365d083200e3614ef761fcf08d2ca5e8bc5c626ede64a930aa4c0c1a4a816b2
                                                                                                                                                            • Opcode Fuzzy Hash: fee40a67443007452d8fcf54565ecb21309b1127ce547d19382c01ce170fb1a8
                                                                                                                                                            • Instruction Fuzzy Hash: 39B19D719093569FC721EF98C840A6FBBE9AB88704F054A2EF98597380D770D944CBA6
                                                                                                                                                            Function 0168D02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0168D0E6
                                                                                                                                                            • Control Panel\Desktop\LanguageConfiguration, xrefs: 0168D136
                                                                                                                                                            • @, xrefs: 0168D2B3
                                                                                                                                                            • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0168D06F
                                                                                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0168D263
                                                                                                                                                            • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0168D202
                                                                                                                                                            • @, xrefs: 0168D24F
                                                                                                                                                            • @, xrefs: 0168D09D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                                                            • API String ID: 0-1356375266
                                                                                                                                                            • Opcode ID: e0ef1327fe6852fd8534f1ee97e3ca454e97abb0dfbebfdc944b914b8e9a6cdc
                                                                                                                                                            • Instruction ID: 27f7c02958f435355795697987de202041911eb7a8fc8e1503d89102281fbc69
                                                                                                                                                            • Opcode Fuzzy Hash: e0ef1327fe6852fd8534f1ee97e3ca454e97abb0dfbebfdc944b914b8e9a6cdc
                                                                                                                                                            • Instruction Fuzzy Hash: 2EA13D719083469FD721DF54C884B6BB7E9BF84715F004A2EFA8997280D774D908CBA3
                                                                                                                                                            Function 0173F51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                                                                                            • API String ID: 0-2224505338
                                                                                                                                                            • Opcode ID: 9f7f677b93fd088a9d8a5d6e99db7e39e6ee17bcaca823cc5172f396f53ad230
                                                                                                                                                            • Instruction ID: da1fa74ccc78f42f69cac3a806b80fff9df9ea88fa7a692218e2fb06db30090c
                                                                                                                                                            • Opcode Fuzzy Hash: 9f7f677b93fd088a9d8a5d6e99db7e39e6ee17bcaca823cc5172f396f53ad230
                                                                                                                                                            • Instruction Fuzzy Hash: CE514632A51245EFCB12EF68CC45F1AF7ADFF45BA0F18849DF4029B262C675D940CA16
                                                                                                                                                            Function 0168F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                            • API String ID: 0-523794902
                                                                                                                                                            • Opcode ID: 68e9176fb8d547c733373e4dbeae7ecbb139fcab0b00fb59577bb485a9786b7f
                                                                                                                                                            • Instruction ID: 0e6e993a958fb8fb4c30fabbb8b4fd48a40db422e13a4bf5b03a6fd73db7008e
                                                                                                                                                            • Opcode Fuzzy Hash: 68e9176fb8d547c733373e4dbeae7ecbb139fcab0b00fb59577bb485a9786b7f
                                                                                                                                                            • Instruction Fuzzy Hash: E342E1312053429FD715EF28CC88B6ABBE6FF84644F084AADF4868B351D734D945CB52
                                                                                                                                                            Function 016AB0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                            • API String ID: 0-122214566
                                                                                                                                                            • Opcode ID: 836ed20ae20fa445930ab574c9d9eef6303cb3128e92e6e1af1f1418f31e06a2
                                                                                                                                                            • Instruction ID: 6c43d76b9338e2ea69cdcd306e698c3bd52f4bec4ead08b37da4d1cfbcec10dc
                                                                                                                                                            • Opcode Fuzzy Hash: 836ed20ae20fa445930ab574c9d9eef6303cb3128e92e6e1af1f1418f31e06a2
                                                                                                                                                            • Instruction Fuzzy Hash: 8AC15C31A002169BDF258B68CC91BBFBBA9AF55700F54C1AEDA029B391D774EC45CB90
                                                                                                                                                            Function 016C631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                            • API String ID: 0-792281065
                                                                                                                                                            • Opcode ID: fd751cf8c6ef87e72aac52dc614bdf365911ec1e8eb08032a9f68f7e3b3c670c
                                                                                                                                                            • Instruction ID: aa1a5c16e10de62b340a02b2972a97f9abf0ee454e899273f680c3ab725e3551
                                                                                                                                                            • Opcode Fuzzy Hash: fd751cf8c6ef87e72aac52dc614bdf365911ec1e8eb08032a9f68f7e3b3c670c
                                                                                                                                                            • Instruction Fuzzy Hash: 00910470A41315EBEB26DF18CC59B6DBBA6FB00B24F14406DEA066B3C5D7709842C7A5
                                                                                                                                                            Function 0173F0A5 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                                            • API String ID: 0-1745908468
                                                                                                                                                            • Opcode ID: 8e680fbfc0db2f00113c96882e900d2709411658273825144ae753f686da04e7
                                                                                                                                                            • Instruction ID: 85357189da8643017519a1f9ae50353e166e082c082d7e1a19c568c943b6052c
                                                                                                                                                            • Opcode Fuzzy Hash: 8e680fbfc0db2f00113c96882e900d2709411658273825144ae753f686da04e7
                                                                                                                                                            • Instruction Fuzzy Hash: C6914532E04646DFDB21EFA8C840AADFBF2FF99750F18814EE4429B252C7759940CB15
                                                                                                                                                            Function 0168640D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • apphelp.dll, xrefs: 01686446
                                                                                                                                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 016E97B9
                                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 016E97A0, 016E97C9
                                                                                                                                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 016E977C
                                                                                                                                                            • LdrpInitShimEngine, xrefs: 016E9783, 016E9796, 016E97BF
                                                                                                                                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 016E9790
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                            • API String ID: 0-204845295
                                                                                                                                                            • Opcode ID: cfa55437e8e82bbd40b2333d1f1cdb4236dc258d684489ed810ede5da0eaa9f7
                                                                                                                                                            • Instruction ID: 37a2b35fd3c698bae35d5cd98564b78c6ea7d3d200f84b0eb1c7517315fad2d3
                                                                                                                                                            • Opcode Fuzzy Hash: cfa55437e8e82bbd40b2333d1f1cdb4236dc258d684489ed810ede5da0eaa9f7
                                                                                                                                                            • Instruction Fuzzy Hash: B751E3712893019FE721EF24CC95A6B77E9FF84728F104A1DF58597260DB30D905CB92
                                                                                                                                                            Function 016C2594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01701F82
                                                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01701F8A
                                                                                                                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01701FA9
                                                                                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01701FC9
                                                                                                                                                            • SXS: %s() passed the empty activation context, xrefs: 01701F6F
                                                                                                                                                            • RtlGetAssemblyStorageRoot, xrefs: 01701F6A, 01701FA4, 01701FC4
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                            • API String ID: 0-861424205
                                                                                                                                                            • Opcode ID: 8c661fbf0f56e53296ea0498e58f73b9ebfb659dc84cfa7352b474082db8dd8a
                                                                                                                                                            • Instruction ID: cc0fcd7ebb3b5aac20d9aef85fd0c9896793ba86619620e6ef85488e7163bb9b
                                                                                                                                                            • Opcode Fuzzy Hash: 8c661fbf0f56e53296ea0498e58f73b9ebfb659dc84cfa7352b474082db8dd8a
                                                                                                                                                            • Instruction Fuzzy Hash: 3B31E972B01325BBE7119A8B8C55F6BBAACDB60F54F05406DBE0177245D770FA01C6E0
                                                                                                                                                            Function 016B510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • Kernel-MUI-Language-Disallowed, xrefs: 016B5272
                                                                                                                                                            • Kernel-MUI-Number-Allowed, xrefs: 016B5167
                                                                                                                                                            • Kernel-MUI-Language-SKU, xrefs: 016B534B
                                                                                                                                                            • WindowsExcludedProcs, xrefs: 016B514A
                                                                                                                                                            • Kernel-MUI-Language-Allowed, xrefs: 016B519B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                            • API String ID: 0-258546922
                                                                                                                                                            • Opcode ID: 48aa24fbf90d355c306814c5c5fb269facb3e967d23e93bd32965ed0e97512b2
                                                                                                                                                            • Instruction ID: 9f6814d4205530b2a338a957265268e8245621e243a9e3118feb401616c6e958
                                                                                                                                                            • Opcode Fuzzy Hash: 48aa24fbf90d355c306814c5c5fb269facb3e967d23e93bd32965ed0e97512b2
                                                                                                                                                            • Instruction Fuzzy Hash: CBF11A72D11219EFCB11DF98CD80AEEBBB9FF58650F15406AE902A7310E7749E41CBA4
                                                                                                                                                            Function 0169A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                            • API String ID: 0-379654539
                                                                                                                                                            • Opcode ID: bf3443c7492e85fa469a998dfaf0809a545a5d6dba9f0e4af2d9c7d25b1e4a2c
                                                                                                                                                            • Instruction ID: 8e077b6adca14a878a9a6d91de96b3836160b634648cc5ef77c0b46a0a14129f
                                                                                                                                                            • Opcode Fuzzy Hash: bf3443c7492e85fa469a998dfaf0809a545a5d6dba9f0e4af2d9c7d25b1e4a2c
                                                                                                                                                            • Instruction Fuzzy Hash: 98C16A74208382CBDB11CF98C944B6AB7E8BF84704F04896EF996CB351E774C94ACB56
                                                                                                                                                            Function 016963CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016F0EB5
                                                                                                                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 016F0E72
                                                                                                                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 016F0DEC
                                                                                                                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 016F0E2F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                            • API String ID: 0-1468400865
                                                                                                                                                            • Opcode ID: caf091f8e9d5b5fabfc493d0822830b5e4603fc7592541e9cc11540ce0b2d1fe
                                                                                                                                                            • Instruction ID: 54a3b920c98af80ea2fe0a70f0b4ced2915edd4cb99585887f7bf33f2ff63a6c
                                                                                                                                                            • Opcode Fuzzy Hash: caf091f8e9d5b5fabfc493d0822830b5e4603fc7592541e9cc11540ce0b2d1fe
                                                                                                                                                            • Instruction Fuzzy Hash: 4971CD719043059FCB61EF58CC84B9B7BAEAB94B60F404569FD498B286C734E588CBD2
                                                                                                                                                            Function 0168F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                                                            • API String ID: 0-2586055223
                                                                                                                                                            • Opcode ID: 89d0c34f2349ad6f401f45ee828e481a93dcff44ec7b98baab1edffba5244925
                                                                                                                                                            • Instruction ID: 164e5452c1c6b385d45a69b9ced78b749fe556ded0d3f3db339f3ef137b06005
                                                                                                                                                            • Opcode Fuzzy Hash: 89d0c34f2349ad6f401f45ee828e481a93dcff44ec7b98baab1edffba5244925
                                                                                                                                                            • Instruction Fuzzy Hash: 3E610331205281AFE722DB68CC48F67BBE9FF84B54F044699F9558B391C734E841CB62
                                                                                                                                                            Function 016B237A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • apphelp.dll, xrefs: 016B2382
                                                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 016FA7AF
                                                                                                                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 016FA79F
                                                                                                                                                            • LdrpDynamicShimModule, xrefs: 016FA7A5
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                            • API String ID: 0-176724104
                                                                                                                                                            • Opcode ID: 1c9e7830ca52cb8ca54d527787966c11113e68e42a61bf086167bf4ceb4c852a
                                                                                                                                                            • Instruction ID: 5483b825db64a4eec67ae7712c29c9bfab754cd374c108afc683935a2645096c
                                                                                                                                                            • Opcode Fuzzy Hash: 1c9e7830ca52cb8ca54d527787966c11113e68e42a61bf086167bf4ceb4c852a
                                                                                                                                                            • Instruction Fuzzy Hash: A2312876A80201EFDB219F5DDC95E7E77B5FB80B20F25405DEA066B345D7B0A842CB50
                                                                                                                                                            Function 016CC5C6 Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 01707FF0
                                                                                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01707F8C, 01708000
                                                                                                                                                            • Loading import redirection DLL: '%wZ', xrefs: 01707F7B
                                                                                                                                                            • LdrpInitializeImportRedirection, xrefs: 01707F82, 01707FF6
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: LdrpInitializeImportRedirection$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrredirect.c
                                                                                                                                                            • API String ID: 0-3140213256
                                                                                                                                                            • Opcode ID: 2e8ff93d37507e61df38130d962cc0c5704c3658fa6a57017d2c9b2c7f850662
                                                                                                                                                            • Instruction ID: aaff61d11cae992dfb469544bb5c08dfe1fd1c0e15d2da7c1011d943fa747914
                                                                                                                                                            • Opcode Fuzzy Hash: 2e8ff93d37507e61df38130d962cc0c5704c3658fa6a57017d2c9b2c7f850662
                                                                                                                                                            • Instruction Fuzzy Hash: D3311671A443429FD325EF2CEC95E6ABBD5EF94B20F00456CF985AB391D620EC05C7A2
                                                                                                                                                            Function 016890F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                            • API String ID: 2994545307-1391187441
                                                                                                                                                            • Opcode ID: 3d6ed4beed2e2c0b0385638f8124e4bb6ba394eac248e4bc88f201a584cfb3b4
                                                                                                                                                            • Instruction ID: 7c0f36339401518e69d86480755b4762c2de1a0a5475ecd3a6dfbea9d3d2a8f5
                                                                                                                                                            • Opcode Fuzzy Hash: 3d6ed4beed2e2c0b0385638f8124e4bb6ba394eac248e4bc88f201a584cfb3b4
                                                                                                                                                            • Instruction Fuzzy Hash: 4A31F432A01105EFCB11EB59CC89FAABBFDEB45760F1542A9F502A7391D770E940CA60
                                                                                                                                                            Function 01739060 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: $ $0
                                                                                                                                                            • API String ID: 0-3352262554
                                                                                                                                                            • Opcode ID: 83cf132c81959fe5f478110a511e70eecd7ec5366e4df7eb6185ba66c1c1e879
                                                                                                                                                            • Instruction ID: a5cb571529870b0540a042e3204c87ebb7bf898f5534dee8b96dae5f6ec80d59
                                                                                                                                                            • Opcode Fuzzy Hash: 83cf132c81959fe5f478110a511e70eecd7ec5366e4df7eb6185ba66c1c1e879
                                                                                                                                                            • Instruction Fuzzy Hash: D532F7B16083818FD350CF68C584B9BFBE5BBC8348F14492EF69987291D7B5E948CB52
                                                                                                                                                            Function 01691380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • HEAP: , xrefs: 016914B6
                                                                                                                                                            • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01691648
                                                                                                                                                            • HEAP[%wZ]: , xrefs: 01691632
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                            • API String ID: 0-3178619729
                                                                                                                                                            • Opcode ID: 684492eb96b2060c1fb109b4120e481587d09201801703f372b1363a2fe3fb76
                                                                                                                                                            • Instruction ID: e5fb2f01a2f594b4fb8890ff55a199a102e139e4f170e5097e48ebfefba4705e
                                                                                                                                                            • Opcode Fuzzy Hash: 684492eb96b2060c1fb109b4120e481587d09201801703f372b1363a2fe3fb76
                                                                                                                                                            • Instruction Fuzzy Hash: 5BE11370A002429BDF29CF28C84477ABBF9EF5A320F28859DE596CB346E334D941CB50
                                                                                                                                                            Function 016BF4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017000F1
                                                                                                                                                            • RTL: Re-Waiting, xrefs: 01700128
                                                                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017000C7
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                            • API String ID: 0-2474120054
                                                                                                                                                            • Opcode ID: 4789a6d60d3a963184beb4ad36fc4eb0e6fce75c28510fa754a87adfac1604e3
                                                                                                                                                            • Instruction ID: 48b046d4f99963e18526cba09c6aeda1bab94eecee609b00c52da196a9bed7b9
                                                                                                                                                            • Opcode Fuzzy Hash: 4789a6d60d3a963184beb4ad36fc4eb0e6fce75c28510fa754a87adfac1604e3
                                                                                                                                                            • Instruction Fuzzy Hash: 4AE1AC31608741DFD726CF2CCC84B6ABBE1AB84324F144AADF5A58B2E1D774D985CB42
                                                                                                                                                            Function 0169B5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                                                            • API String ID: 0-1145731471
                                                                                                                                                            • Opcode ID: ded092b515040e404357461fe25ba66f9ece7038c6d89276247a4f3e2ee749b6
                                                                                                                                                            • Instruction ID: b4f0fa29fd6fa7f14f81aa0a688b3ef87b8243a891f5a42d1d231dd4bea2dded
                                                                                                                                                            • Opcode Fuzzy Hash: ded092b515040e404357461fe25ba66f9ece7038c6d89276247a4f3e2ee749b6
                                                                                                                                                            • Instruction Fuzzy Hash: E8B16631A006258BDF25CF69DD90BADBBBABF84714F18852DEA11EB790D730E841CB54
                                                                                                                                                            Function 0171330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                                            • API String ID: 0-2391371766
                                                                                                                                                            • Opcode ID: e5b85a8f7ce4a7453378d28e8d9c5d8c8e42a4a008399f98bd43214004f368cf
                                                                                                                                                            • Instruction ID: 762cba77179e0d22915c307c9a6f1df74d60f2a66c7c4d7d0df139133ac27f2f
                                                                                                                                                            • Opcode Fuzzy Hash: e5b85a8f7ce4a7453378d28e8d9c5d8c8e42a4a008399f98bd43214004f368cf
                                                                                                                                                            • Instruction Fuzzy Hash: 6EB18B71644342AFE722DF58CC85B6BFBE9BB44720F10492DFA449B294DB74E804CB96
                                                                                                                                                            Function 0168A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                            • API String ID: 0-2779062949
                                                                                                                                                            • Opcode ID: 4e131e3d048497bbb37636d1e7c43c2335db6930cd73a263970509bfd1253af4
                                                                                                                                                            • Instruction ID: f174a1af3c38b578616cd7d04de8ca4df9377b2a8b3cfc136a6a6c428e413b57
                                                                                                                                                            • Opcode Fuzzy Hash: 4e131e3d048497bbb37636d1e7c43c2335db6930cd73a263970509bfd1253af4
                                                                                                                                                            • Instruction Fuzzy Hash: A7A17E319012299BDB31DF68CC98BEAB7B8EF44711F1006EAEA09A7250D7359EC4CF54
                                                                                                                                                            Function 0172327E Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                                                                                            • API String ID: 0-318774311
                                                                                                                                                            • Opcode ID: 8774ff8d59ab855736bb25d81a983d670aa3ce54c1ce6892ca27184cd1f4caa1
                                                                                                                                                            • Instruction ID: 637b87bfd0361bb3061d6eb4b3363e1924d653dbec87a6738c778e1a6d418aae
                                                                                                                                                            • Opcode Fuzzy Hash: 8774ff8d59ab855736bb25d81a983d670aa3ce54c1ce6892ca27184cd1f4caa1
                                                                                                                                                            • Instruction Fuzzy Hash: 6F818D71608351AFE311CB29C844B6AFBE9FF88750F04096DFA859B391DB78DA01CB56
                                                                                                                                                            Function 0169B360 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                                                            • API String ID: 0-373624363
                                                                                                                                                            • Opcode ID: 662947083c322dbf53cc92c6eb2706acf7737c50eff2f6d20323d03e6d607d67
                                                                                                                                                            • Instruction ID: c073c93b297ce5b457d75dcd8f4db47c5cf61d6b41ef496b3446782512da891e
                                                                                                                                                            • Opcode Fuzzy Hash: 662947083c322dbf53cc92c6eb2706acf7737c50eff2f6d20323d03e6d607d67
                                                                                                                                                            • Instruction Fuzzy Hash: 8391D071A05259CBEF21CF58EC44BAEB7B9FF40724F148199E911AB390D3789E41CB90
                                                                                                                                                            Function 0176B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 0176B3AA
                                                                                                                                                            • GlobalizationUserSettings, xrefs: 0176B3B4
                                                                                                                                                            • TargetNtPath, xrefs: 0176B3AF
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                                            • API String ID: 0-505981995
                                                                                                                                                            • Opcode ID: eee0a00590636845829d4e349d9bd3ea17ba5754501af17a6c03ca6d59968362
                                                                                                                                                            • Instruction ID: ad6fa6d43a843779fc7ada64cee5ad4d0fc4541a283f069ea31fbac9238e2e06
                                                                                                                                                            • Opcode Fuzzy Hash: eee0a00590636845829d4e349d9bd3ea17ba5754501af17a6c03ca6d59968362
                                                                                                                                                            • Instruction Fuzzy Hash: 3F619032A40229ABDB31DF54CC88BD9FBB9AB15710F0101E9EA09E7250D774DE84CF94
                                                                                                                                                            Function 016B9723 Relevance: 3.9, Strings: 3, Instructions: 179COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                                            • API String ID: 0-2283098728
                                                                                                                                                            • Opcode ID: e4526668b4288dfe3aa147a5e9583f16ba4411ba2362d654e5aa0d01d564bef1
                                                                                                                                                            • Instruction ID: 79c89b4c5d0d51650fb778d131223ddc1b99af52200bfa39c6757750f31a9cc0
                                                                                                                                                            • Opcode Fuzzy Hash: e4526668b4288dfe3aa147a5e9583f16ba4411ba2362d654e5aa0d01d564bef1
                                                                                                                                                            • Instruction Fuzzy Hash: 8E5127B17403029BD721EF38CCD4A79B7E2BB84718F140A2DE6428B791E770E881CB95
                                                                                                                                                            Function 0168F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • HEAP: , xrefs: 016EE442
                                                                                                                                                            • HEAP[%wZ]: , xrefs: 016EE435
                                                                                                                                                            • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 016EE455
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                                            • API String ID: 0-1340214556
                                                                                                                                                            • Opcode ID: 719038a2f3d85df6857593077d83c00fd5ad0dd895b3ce53c7329030a9bf4ca2
                                                                                                                                                            • Instruction ID: 53fe710f758514fb9893f7c9ea3f841f8b2812acd342a926291269f37712471a
                                                                                                                                                            • Opcode Fuzzy Hash: 719038a2f3d85df6857593077d83c00fd5ad0dd895b3ce53c7329030a9bf4ca2
                                                                                                                                                            • Instruction Fuzzy Hash: 9C51F531611685EFE722EBA8CC88FAABBF8FF05704F0446A9E5518B752D374E941CB50
                                                                                                                                                            Function 016B1514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • LdrpCompleteMapModule, xrefs: 016FA39D
                                                                                                                                                            • minkernel\ntdll\ldrmap.c, xrefs: 016FA3A7
                                                                                                                                                            • Could not validate the crypto signature for DLL %wZ, xrefs: 016FA396
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                                            • API String ID: 0-1676968949
                                                                                                                                                            • Opcode ID: b8161246e9bc3a749540f444919897c05cf6ebf764e6632de154390c57692460
                                                                                                                                                            • Instruction ID: fe4d9a4d672f885be3da3e35d80123055ceb913a402687a821b0cbaae48d896c
                                                                                                                                                            • Opcode Fuzzy Hash: b8161246e9bc3a749540f444919897c05cf6ebf764e6632de154390c57692460
                                                                                                                                                            • Instruction Fuzzy Hash: 72514772600741EBE721CF9CDC94BA9BBE5FB02710F184199EA568B3D2D770E881CB40
                                                                                                                                                            Function 0168753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                                                            • API String ID: 0-1151232445
                                                                                                                                                            • Opcode ID: 75c86361f097362896d57c07e69d3d483ecbd9a8422fedf7e3c4adf5237510d7
                                                                                                                                                            • Instruction ID: fa150939c29333568b450308589c658a675a5ec84ae3b946a5de051c0d36affe
                                                                                                                                                            • Opcode Fuzzy Hash: 75c86361f097362896d57c07e69d3d483ecbd9a8422fedf7e3c4adf5237510d7
                                                                                                                                                            • Instruction Fuzzy Hash: 594126352012908FEF35EB5CCCC87757BD5AF01209F3846A9D5868B757CB66D48ACB21
                                                                                                                                                            Function 016C15EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • LdrpAllocateTls, xrefs: 0170194A
                                                                                                                                                            • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 01701943
                                                                                                                                                            • minkernel\ntdll\ldrtls.c, xrefs: 01701954
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                                                            • API String ID: 0-4274184382
                                                                                                                                                            • Opcode ID: 650ba35eb3ad876eed6a3c18dce03cd3d81a1aab89102f296f18e0c4af3a1b68
                                                                                                                                                            • Instruction ID: 2df810b1c063acf4af1d703bc396a98375fb3f62bdf185e63eb3f6d47b2fe87d
                                                                                                                                                            • Opcode Fuzzy Hash: 650ba35eb3ad876eed6a3c18dce03cd3d81a1aab89102f296f18e0c4af3a1b68
                                                                                                                                                            • Instruction Fuzzy Hash: 6D418671A40206EFDB15DFA9CC41AAEBBF6FF48710F14812DE806A7341DB34A9018BA4
                                                                                                                                                            Function 017143D5 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01714519
                                                                                                                                                            • LdrpCheckRedirection, xrefs: 0171450F
                                                                                                                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01714508
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                            • API String ID: 0-3154609507
                                                                                                                                                            • Opcode ID: 7385b648811a5db043eb524a57301a0cf5f6868be297a6998cc502df6d02aac7
                                                                                                                                                            • Instruction ID: 6a5eeafb884f3d7f1dd13006fb47263ac6f4ce3a23c6d6b2c6fe419406617e87
                                                                                                                                                            • Opcode Fuzzy Hash: 7385b648811a5db043eb524a57301a0cf5f6868be297a6998cc502df6d02aac7
                                                                                                                                                            • Instruction Fuzzy Hash: 5D41A1726846119BCB31DF5CD840A26FBE4AF88B60F1946A9ED5ADB25ED730D8008B91
                                                                                                                                                            Function 016C32C0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • Actx , xrefs: 016C32CC
                                                                                                                                                            • RtlCreateActivationContext, xrefs: 01702803
                                                                                                                                                            • SXS: %s() passed the empty activation context data, xrefs: 01702808
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                                                                            • API String ID: 0-859632880
                                                                                                                                                            • Opcode ID: 4c44ab8d5c9f783fe16f02a0c4fe2508db3a4d58362636a5903a01086d7bcfae
                                                                                                                                                            • Instruction ID: 78f7b05382435ae087eeee78a2ec5619f52f4057952ac4ffdea0afcda637d71f
                                                                                                                                                            • Opcode Fuzzy Hash: 4c44ab8d5c9f783fe16f02a0c4fe2508db3a4d58362636a5903a01086d7bcfae
                                                                                                                                                            • Instruction Fuzzy Hash: 5F3120326403059BEB12CE18CC84BAABBA4FB14B14F10846CFD058F386CB70E906CBD0
                                                                                                                                                            Function 0171B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • @, xrefs: 0171B2F0
                                                                                                                                                            • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 0171B2B2
                                                                                                                                                            • GlobalFlag, xrefs: 0171B30F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                                            • API String ID: 0-4192008846
                                                                                                                                                            • Opcode ID: 8d99fb9e1f819b15a8dfdad99269c155a21f8faebf645ed150d4908470fff6e0
                                                                                                                                                            • Instruction ID: 7ec6e933881152eaa4544c589d0563d6fb7554f6f7d75be0d4c4b53340455ec0
                                                                                                                                                            • Opcode Fuzzy Hash: 8d99fb9e1f819b15a8dfdad99269c155a21f8faebf645ed150d4908470fff6e0
                                                                                                                                                            • Instruction Fuzzy Hash: EC313AB1E00209AFDB10EFA8CC91AEEBBBDEF54744F4404ADEA01A7245D7749E048B94
                                                                                                                                                            Function 016C1527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • DLL "%wZ" has TLS information at %p, xrefs: 0170184A
                                                                                                                                                            • LdrpInitializeTls, xrefs: 01701851
                                                                                                                                                            • minkernel\ntdll\ldrtls.c, xrefs: 0170185B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                                                            • API String ID: 0-931879808
                                                                                                                                                            • Opcode ID: 4b3a2176399be8f883df54dfa5cbfaa568fab5e888019af1d7b93daf8f5c1275
                                                                                                                                                            • Instruction ID: 638cca1ee70e8fef5d430ce2538821a7fde55bbb37b44bc46f16649f845f62fe
                                                                                                                                                            • Opcode Fuzzy Hash: 4b3a2176399be8f883df54dfa5cbfaa568fab5e888019af1d7b93daf8f5c1275
                                                                                                                                                            • Instruction Fuzzy Hash: 36316EB1A90201EBE7209F49CC85F7E77A8FB51B64F55012DE502A72C1E770EE4187A0
                                                                                                                                                            Function 016D1190 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 016D119B
                                                                                                                                                            • BuildLabEx, xrefs: 016D122F
                                                                                                                                                            • @, xrefs: 016D11C5
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                                            • API String ID: 0-3051831665
                                                                                                                                                            • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                            • Instruction ID: 010fdf3b7af4d0621d269e866282cb40b6e3c04485148ef20940d93a02fa17a9
                                                                                                                                                            • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                            • Instruction Fuzzy Hash: 9C31A4B2D0021ABBDB11DB94CC44EAFBBBEEB54614F008029E605A7250D771DA45CB94
                                                                                                                                                            Function 016A51C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @$@
                                                                                                                                                            • API String ID: 0-149943524
                                                                                                                                                            • Opcode ID: 514ffea3f9a8a07e315e0900289454590d3d9d8f18fadb0271c139a8c4cccfa1
                                                                                                                                                            • Instruction ID: f146f348e3efcff4dc8da687cec190065331f8a09e5c071eeba34a238d1af2de
                                                                                                                                                            • Opcode Fuzzy Hash: 514ffea3f9a8a07e315e0900289454590d3d9d8f18fadb0271c139a8c4cccfa1
                                                                                                                                                            • Instruction Fuzzy Hash: AC326A705083518BD724CF19C890B7EBBE2AF89704F94892EFA969B290E734DD45CF52
                                                                                                                                                            Function 016C8322 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 016C847E
                                                                                                                                                            • @, xrefs: 016C84B1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                                                                                                                                                            • API String ID: 0-3559684138
                                                                                                                                                            • Opcode ID: bd1fe63778d8d15f74c23f3db80583154a95ef107372f9b82b64917fe47d419e
                                                                                                                                                            • Instruction ID: c5e1164d2437df42592ed146fe880dfa85c286681e71e26f0b8ce72a406ed78a
                                                                                                                                                            • Opcode Fuzzy Hash: bd1fe63778d8d15f74c23f3db80583154a95ef107372f9b82b64917fe47d419e
                                                                                                                                                            • Instruction Fuzzy Hash: 99919971509341AFD732EE25CC40EBBBBEDEB94A44F44492EFA8993151E334D904CB66
                                                                                                                                                            Function 0170E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID: Legacy$UEFI
                                                                                                                                                            • API String ID: 2994545307-634100481
                                                                                                                                                            • Opcode ID: c7d1201417d62111070b3e8a14547720f0eb87176fa686e84c9af80259a8239e
                                                                                                                                                            • Instruction ID: 936fb94250dac20862bdde277baa54f4229560c127c96e5e6fe16d7c0d1512d0
                                                                                                                                                            • Opcode Fuzzy Hash: c7d1201417d62111070b3e8a14547720f0eb87176fa686e84c9af80259a8239e
                                                                                                                                                            • Instruction Fuzzy Hash: 28612E71A00319DFDB16DFA8CC50AADFBF9FB44704F24486EE649EB291EA319940CB54
                                                                                                                                                            Function 0176B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • RedirectedKey, xrefs: 0176B60E
                                                                                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 0176B5C4
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                                                                            • API String ID: 0-1388552009
                                                                                                                                                            • Opcode ID: b6d1ad143a81b468f32e88c69cc30e815165b75939f59418a98b0f7f29ee1cf8
                                                                                                                                                            • Instruction ID: 34dbd093fa2c300e20c864f32fe48837922a1a386926f950a9e8790002bd1010
                                                                                                                                                            • Opcode Fuzzy Hash: b6d1ad143a81b468f32e88c69cc30e815165b75939f59418a98b0f7f29ee1cf8
                                                                                                                                                            • Instruction Fuzzy Hash: FC610EB1D00219EBDB21DF94CC88ADEFBB8FB08714F14406AE905E7254E7349A49DFA0
                                                                                                                                                            Function 01690485 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01690586
                                                                                                                                                            • kLsE, xrefs: 016905FE
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                            • API String ID: 0-2547482624
                                                                                                                                                            • Opcode ID: 5c897b3089c30730d1814dd420cab5c4ec9000d0a7da89edf76c560cf12fe70b
                                                                                                                                                            • Instruction ID: 50343841795b944b9fdeb9c0515c2b7798fb78c481c018fd7a055f70ba8e35ef
                                                                                                                                                            • Opcode Fuzzy Hash: 5c897b3089c30730d1814dd420cab5c4ec9000d0a7da89edf76c560cf12fe70b
                                                                                                                                                            • Instruction Fuzzy Hash: 3951CC71A00746DFDF24DFA8C9446BAB7FCAF44304F10893EE69A83241E734A505CBA1
                                                                                                                                                            Function 0169A1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 0169A21B
                                                                                                                                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 0169A229
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                            • API String ID: 0-2876891731
                                                                                                                                                            • Opcode ID: 6fd3fe0a22dee94ec79ad004f5c7fe877164f861454af3cc20fbefbdc2c946a0
                                                                                                                                                            • Instruction ID: c71ea3cf69064b9f3d66e9f3de8cd36ac7e11ee0661b3128184f5f700e8cf1dc
                                                                                                                                                            • Opcode Fuzzy Hash: 6fd3fe0a22dee94ec79ad004f5c7fe877164f861454af3cc20fbefbdc2c946a0
                                                                                                                                                            • Instruction Fuzzy Hash: 57419A30A006559BDF15CF9ACC54B6ABBF8FF85744F1880A9EA05DB3A5E736D901CB10
                                                                                                                                                            Function 0172314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                                            • API String ID: 0-118005554
                                                                                                                                                            • Opcode ID: 44a81793c2ffbb3a4a9c8b30d7bb8bfea41724a8d6058a877612014cd3aad1df
                                                                                                                                                            • Instruction ID: 57c15814afda8e3fcb81fb1f657349969c8d75558ae6650a199d365706d618fb
                                                                                                                                                            • Opcode Fuzzy Hash: 44a81793c2ffbb3a4a9c8b30d7bb8bfea41724a8d6058a877612014cd3aad1df
                                                                                                                                                            • Instruction Fuzzy Hash: A631DE312087519BE315DF68DC48B2AFBE4FF89710F14086DE9558B390EB38D906CB56
                                                                                                                                                            Function 016C31BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: .Local\$@
                                                                                                                                                            • API String ID: 0-380025441
                                                                                                                                                            • Opcode ID: 67629d3668b8c04ace91ecef013f8f24c6e2b300611438eb5f217caab6564aed
                                                                                                                                                            • Instruction ID: f94792065395aa658e931a75901074e06143b0f7da570ac8c5871b329c5fbcaa
                                                                                                                                                            • Opcode Fuzzy Hash: 67629d3668b8c04ace91ecef013f8f24c6e2b300611438eb5f217caab6564aed
                                                                                                                                                            • Instruction Fuzzy Hash: DF316F72549301AFDB21DF28CC80A6BBBE9FB95A54F00892EF99583350D738DD05CB92
                                                                                                                                                            Function 016C33D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • RtlpInitializeAssemblyStorageMap, xrefs: 0170289A
                                                                                                                                                            • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 0170289F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                                                            • API String ID: 0-2653619699
                                                                                                                                                            • Opcode ID: 8e7460b734033faa7a8f8a027928169b9268d89ba106fde336d7513fe2fbac6e
                                                                                                                                                            • Instruction ID: 42bdde5303c1b9cabe0fb0b630dcad847bbae907a9cf68a8e29470f9b479917a
                                                                                                                                                            • Opcode Fuzzy Hash: 8e7460b734033faa7a8f8a027928169b9268d89ba106fde336d7513fe2fbac6e
                                                                                                                                                            • Instruction Fuzzy Hash: D8110A76B41205EBE7168A4C8C45F6ABAE9DB84B10F14C02DBA049B385DA74DD0186A4
                                                                                                                                                            Function 016CA4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID: Cleanup Group$Threadpool!
                                                                                                                                                            • API String ID: 2994545307-4008356553
                                                                                                                                                            • Opcode ID: 6ffdb106398d47b4c45bdb18feaa9c79cb82a2839086f33d72442348154e3be1
                                                                                                                                                            • Instruction ID: f2e8fa71c9059e5cd10ecfaba300852ce8b8b96ef3ac6871979a279f5c065919
                                                                                                                                                            • Opcode Fuzzy Hash: 6ffdb106398d47b4c45bdb18feaa9c79cb82a2839086f33d72442348154e3be1
                                                                                                                                                            • Instruction Fuzzy Hash: 9001DCB2290744AFD321DF64CD06B267BE8EB50B29F00893DF659C7690E734E900CB4A
                                                                                                                                                            Function 016CA580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: GlobalTags
                                                                                                                                                            • API String ID: 0-1106856819
                                                                                                                                                            • Opcode ID: fb437b643848d33268d665ed8a3aabe5503a9ccfc4436e8fc7104e83bfd1a30c
                                                                                                                                                            • Instruction ID: 574177398a12b1e1079fde01682aad3b4c9a425487057a42ec28e7f8beb76629
                                                                                                                                                            • Opcode Fuzzy Hash: fb437b643848d33268d665ed8a3aabe5503a9ccfc4436e8fc7104e83bfd1a30c
                                                                                                                                                            • Instruction Fuzzy Hash: 1B716A71E0030ADBDF2ACF98D9A06ADBBF2BB48710F24816EE505A7285E7718951CB54
                                                                                                                                                            Function 016A02F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: #%u
                                                                                                                                                            • API String ID: 0-232158463
                                                                                                                                                            • Opcode ID: 24bbd78745655777f9e83bbe4fd626d25fe368e1ac86e5a90cbc27c753964680
                                                                                                                                                            • Instruction ID: 06cb593a6e02c798a498495e0d054b4679161e0e0ae0190c1c4a5e46ea5f565f
                                                                                                                                                            • Opcode Fuzzy Hash: 24bbd78745655777f9e83bbe4fd626d25fe368e1ac86e5a90cbc27c753964680
                                                                                                                                                            • Instruction Fuzzy Hash: 7D714771A0020A9FDB15DFA9CD84BAEB7F9EF18704F144069EA01E7251EB34ED41CBA4
                                                                                                                                                            Function 0171F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @
                                                                                                                                                            • API String ID: 0-2766056989
                                                                                                                                                            • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                                                            • Instruction ID: ab3c1508dbafb677755e2bedb8cf217fc1e7336b2a27850c5b84e3086873b061
                                                                                                                                                            • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                                                            • Instruction Fuzzy Hash: 19519972504742AFE7229E68CC40F6BBBE9FB94710F10092DFA4197290D7B4ED08CB95
                                                                                                                                                            Function 016AE547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: EXT-
                                                                                                                                                            • API String ID: 0-1948896318
                                                                                                                                                            • Opcode ID: 6d7258f018aec7b3f196e985565a0d12e89c1c6d906dd4d1aac9debca0051076
                                                                                                                                                            • Instruction ID: 65cd4401d65b3bde80c59c3955930493d2b4e72e7dcda0df1cf408c2061f2579
                                                                                                                                                            • Opcode Fuzzy Hash: 6d7258f018aec7b3f196e985565a0d12e89c1c6d906dd4d1aac9debca0051076
                                                                                                                                                            • Instruction Fuzzy Hash: 7A41A0725183229BD710DA69CC44B6BBAE9AF88704F840E2DF685E7280E775DD04CB96
                                                                                                                                                            Function 016C41BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @
                                                                                                                                                            • API String ID: 0-2766056989
                                                                                                                                                            • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                                            • Instruction ID: d129bc525b34b7d5de3815fb31aad5fe749c16adc30b9a456fa9668ab3caf73a
                                                                                                                                                            • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                                            • Instruction Fuzzy Hash: 2C51BB725007119FC321CF28C841A6BBBF9FF48B10F00892EFA95872A0E7B4E904CB95
                                                                                                                                                            Function 0170C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: BinaryHash
                                                                                                                                                            • API String ID: 0-2202222882
                                                                                                                                                            • Opcode ID: eeb5f80862a565f9364bb323ccdfa24d7e918ce9a89e6d62b349064ab33aedb9
                                                                                                                                                            • Instruction ID: 51037d52f483b2ea2939dc551c6b1de798b3b137964e9ed7038ef4abb8a706cf
                                                                                                                                                            • Opcode Fuzzy Hash: eeb5f80862a565f9364bb323ccdfa24d7e918ce9a89e6d62b349064ab33aedb9
                                                                                                                                                            • Instruction Fuzzy Hash: BA4144B1D0022D9BDB22DA54CC84FDEB77DAB54714F1146E9E708A7180DB709E898FA8
                                                                                                                                                            Function 01719429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: verifier.dll
                                                                                                                                                            • API String ID: 0-3265496382
                                                                                                                                                            • Opcode ID: 15a3c6f6667ab481068e57c016a1219d9aa722708a55fa35d117948c9d6453bc
                                                                                                                                                            • Instruction ID: 8c18becce66721556f8619054dad94e74beaae8cfbc8ee756ce180c3f0c19af0
                                                                                                                                                            • Opcode Fuzzy Hash: 15a3c6f6667ab481068e57c016a1219d9aa722708a55fa35d117948c9d6453bc
                                                                                                                                                            • Instruction Fuzzy Hash: 1131D575740201AFEB249F5C9860B36B7E5EB98718F648029EB09DF285EA318D828750
                                                                                                                                                            Function 016C7425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: #
                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                            • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                                            • Instruction ID: 216573144db5ba06307592862493e95302ff93d3659da09ca0978ddccf124b2a
                                                                                                                                                            • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                                            • Instruction Fuzzy Hash: B541A071A0061ADBCF21DF88C890BBEFBB5FF54B01F01805EE95697241D7349942CB91
                                                                                                                                                            Function 017185AA Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 017185DE
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                            • API String ID: 0-702105204
                                                                                                                                                            • Opcode ID: 48ba1c3d5d371bcd456b96e3dfb7178ec599c6a6d77cd7d6ad7798ea39a17b69
                                                                                                                                                            • Instruction ID: c60f07dff02f8d128ccefcac46111621596526dc72988b6a4dfbcc2b834fdd89
                                                                                                                                                            • Opcode Fuzzy Hash: 48ba1c3d5d371bcd456b96e3dfb7178ec599c6a6d77cd7d6ad7798ea39a17b69
                                                                                                                                                            • Instruction Fuzzy Hash: A90126713482019BDB357A1D9C48A6AFF6BEF90764F14086DF6021746BCF20A880CB9B
                                                                                                                                                            Function 016E717A Relevance: .7, Instructions: 705COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5e995e5afe6bfc26ba612e10d428a2e9d56dc095d900c46eef640ae5f2770a72
                                                                                                                                                            • Instruction ID: ed6c74b706e071daf23e863f82e8837a2eb5a03380fb0a7c32e0e0ad96ba2664
                                                                                                                                                            • Opcode Fuzzy Hash: 5e995e5afe6bfc26ba612e10d428a2e9d56dc095d900c46eef640ae5f2770a72
                                                                                                                                                            • Instruction Fuzzy Hash: 31428071A016168FDB19CF59C8946AEB7F2FF88314B14865DE952AB381DB34EC42CBD0
                                                                                                                                                            Function 016BB1E0 Relevance: .6, Instructions: 629COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d127189fbae5b5d02c11dfa4fd75b13a7726bf68db594187a7958273bcc9f109
                                                                                                                                                            • Instruction ID: f641f1686b73aeb0ed18dc860a49889cfa62d7f76c880de146bf5435a503b818
                                                                                                                                                            • Opcode Fuzzy Hash: d127189fbae5b5d02c11dfa4fd75b13a7726bf68db594187a7958273bcc9f109
                                                                                                                                                            • Instruction Fuzzy Hash: B7329C72E01219DBCB24DF98DC84AEEBBB6FF54704F19402DE905AB391E7359941CB90
                                                                                                                                                            Function 016A2760 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: fa136f449b9a57889cd23ca349b56439823649586ca892e1ee83212db413f843
                                                                                                                                                            • Instruction ID: 1a258eb9edbd02bc009c312489b92908a5331a7893eb461e249903dde4739db5
                                                                                                                                                            • Opcode Fuzzy Hash: fa136f449b9a57889cd23ca349b56439823649586ca892e1ee83212db413f843
                                                                                                                                                            • Instruction Fuzzy Hash: 0232BB70A007658BEB25CF69CC547BEBBF2BF84704F24811DE6469B789D735A842CB50
                                                                                                                                                            Function 0175124C Relevance: .6, Instructions: 571COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bae2f00ef9fc7f14cb2393841ab9a3e4838d0e3069ce2ee2aa875337a264a426
                                                                                                                                                            • Instruction ID: 9f81d7dca7565ebdd17d17c9825645cf4afcc0669a56555df7f4d0272b86fb63
                                                                                                                                                            • Opcode Fuzzy Hash: bae2f00ef9fc7f14cb2393841ab9a3e4838d0e3069ce2ee2aa875337a264a426
                                                                                                                                                            • Instruction Fuzzy Hash: 0022BF30A002168FDB59CF58C490BBAF7B2FF88315B68856DD952DB345DB70A942CB90
                                                                                                                                                            Function 016964F0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 596b4e545c553225a8cbd64828903cc20c9663f75eb74a6abcaf9ddd875276ac
                                                                                                                                                            • Instruction ID: c8bfcb4eea1e70a98ae424f99a763ee39cbfc0070474725e10cf40baee2b571b
                                                                                                                                                            • Opcode Fuzzy Hash: 596b4e545c553225a8cbd64828903cc20c9663f75eb74a6abcaf9ddd875276ac
                                                                                                                                                            • Instruction Fuzzy Hash: 79E19F71609342CFCB15CF28C990A6ABBE5FF89314F05896DF9858B351DB31E906CB92
                                                                                                                                                            Function 01688347 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 872a3c5107bde6733948aae35da5915ff8fa245bada1c47d7f6af93b3367f395
                                                                                                                                                            • Instruction ID: 36d89261ebdf992d1e1e4f4d20534e1105f58ee09173d564015d016668ade014
                                                                                                                                                            • Opcode Fuzzy Hash: 872a3c5107bde6733948aae35da5915ff8fa245bada1c47d7f6af93b3367f395
                                                                                                                                                            • Instruction Fuzzy Hash: 41D1C071A01216DBDB14EF68CC95ABE77FABF54204F84432DE916DB280EB34E946CB50
                                                                                                                                                            Function 0169D700 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e6e643018cfde95299edcd18da30f4094dee1b47152d4fceee686bfcff81e7bc
                                                                                                                                                            • Instruction ID: ad413da152611e3800374d48dc32ec0ba3c2b2dca09c0914e91183e1e5bf3055
                                                                                                                                                            • Opcode Fuzzy Hash: e6e643018cfde95299edcd18da30f4094dee1b47152d4fceee686bfcff81e7bc
                                                                                                                                                            • Instruction Fuzzy Hash: FBC1A371A012169BEF28DF9DCC40BADBBB6BF44314F14826DEA55AB381D770E941CB90
                                                                                                                                                            Function 016D1763 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 395bff0107929227e9318f5b0cfa9bb2b2e1964a299778fa8c90d3a8dcc968c2
                                                                                                                                                            • Instruction ID: a0f3e90c70bd5ca4063ddb8a9fb91a8b6a697a9d9c8bf3cd1476d8bce41aaf4c
                                                                                                                                                            • Opcode Fuzzy Hash: 395bff0107929227e9318f5b0cfa9bb2b2e1964a299778fa8c90d3a8dcc968c2
                                                                                                                                                            • Instruction Fuzzy Hash: A3D1F471A00605DFDB52DF68C980B9ABBE9FF09344F0440BAEE09DB256D771D905CBA4
                                                                                                                                                            Function 016AF380 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e7c543b2a1a7f5eb3fb0e68a915d60ce258c7514441c1f3ad4a8a2572de236e1
                                                                                                                                                            • Instruction ID: 9f34cf428e19fc76c54f0596b8dc4a47560dba0b6a036572d4b32c37698ddeec
                                                                                                                                                            • Opcode Fuzzy Hash: e7c543b2a1a7f5eb3fb0e68a915d60ce258c7514441c1f3ad4a8a2572de236e1
                                                                                                                                                            • Instruction Fuzzy Hash: 92C10171A022218BDB24CF1CC8947BDBBE1EF54714F998199E9829B396D7348D41CFA2
                                                                                                                                                            Function 016937E4 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2df44a47d567a8009d605917b0e7a08eefee4c3a9cf032e1afe4db3984439fc1
                                                                                                                                                            • Instruction ID: ae4dce5233c81efbfad2060fd0c0ef0c89731e46dc16500600d6afc8c67e8aeb
                                                                                                                                                            • Opcode Fuzzy Hash: 2df44a47d567a8009d605917b0e7a08eefee4c3a9cf032e1afe4db3984439fc1
                                                                                                                                                            • Instruction Fuzzy Hash: 15C146B1A01205DFCB15DFA9C940AAEBBF9FB48714F11816EE51AAB350E734A901CF54
                                                                                                                                                            Function 016A0445 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                                                                            • Instruction ID: 24a8b78c19887fc17afa5ad0675d2433b0d18c9171e8a44df743a5e21821f224
                                                                                                                                                            • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                                                                            • Instruction Fuzzy Hash: 46B1D131604646AFDB25CBA8CC90BBFBBF6BF85204F540569E6529B781DB30ED41CB50
                                                                                                                                                            Function 016982E0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d8b9600bb332ea10df0c9778964e29237915c23d6867bfccf594a911b4e69286
                                                                                                                                                            • Instruction ID: 170d49b6464c5c2e6a2745aabf0a60bbd6aae1324569492813203e86dc6060bc
                                                                                                                                                            • Opcode Fuzzy Hash: d8b9600bb332ea10df0c9778964e29237915c23d6867bfccf594a911b4e69286
                                                                                                                                                            • Instruction Fuzzy Hash: 26C16874208345CFDB64CF18C894BAAB7E9BF88744F44496EE98987391D774E908CB92
                                                                                                                                                            Function 0168C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9ee47eec8b39fa18fc97f9f46843221bc1f9f3bcbfb2818fdb0047571f0f17e8
                                                                                                                                                            • Instruction ID: 7cef17b90a65672799ceb90d0a87a74599bd62e5078fdc563b1a81c1c2e0c603
                                                                                                                                                            • Opcode Fuzzy Hash: 9ee47eec8b39fa18fc97f9f46843221bc1f9f3bcbfb2818fdb0047571f0f17e8
                                                                                                                                                            • Instruction Fuzzy Hash: D0B15F70A002658BDB64DF58CC90BA9B7F6EF44704F0486EAD50AA7381EB309DC6CB35
                                                                                                                                                            Function 016BE507 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ef323eb038821d6253182c4a8eaf1ad23e515df87374211b0c5d62c03e8a0cd9
                                                                                                                                                            • Instruction ID: 61676d8b7a189ddf12ef6ed30cd3eb028a42eb03dac9ceb04aa266b8a0725346
                                                                                                                                                            • Opcode Fuzzy Hash: ef323eb038821d6253182c4a8eaf1ad23e515df87374211b0c5d62c03e8a0cd9
                                                                                                                                                            • Instruction Fuzzy Hash: 8AA12A32E00225EFEB21CBA8CC88BEDBBB5AF04714F050199EB11A7391E7759D45CB91
                                                                                                                                                            Function 016D00A5 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8143e5da4977483686d5ea4e0de60f772e50957f72b32c5681fc3f9ce1d345c2
                                                                                                                                                            • Instruction ID: 524357b721f6ce5e7ecd2dbd0c259747eabffc90f414cb9e47b0bb6243bdeb0a
                                                                                                                                                            • Opcode Fuzzy Hash: 8143e5da4977483686d5ea4e0de60f772e50957f72b32c5681fc3f9ce1d345c2
                                                                                                                                                            • Instruction Fuzzy Hash: 6FA18A70F01716DBDB25DFA9CD90BAAB7B5FF44318F114029FA0997282EB74A805CB80
                                                                                                                                                            Function 01764080 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 00ff1664520fda77a9e812a04ce7e7dd2c49ded843592e8b05267de276a43fd1
                                                                                                                                                            • Instruction ID: 7bc6318a3d79a6eddcc28cbc8d005b4cc8b61c119396f4c85daea758f41578a6
                                                                                                                                                            • Opcode Fuzzy Hash: 00ff1664520fda77a9e812a04ce7e7dd2c49ded843592e8b05267de276a43fd1
                                                                                                                                                            • Instruction Fuzzy Hash: 8AA1BA72644602EFC722DF18C980B5AFBEAFF58704F54452CE986AB651C334EC41CB95
                                                                                                                                                            Function 016AE310 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3ee7063437a890b32395ed29857da45235c3c6257668d184adddad98d85a3a08
                                                                                                                                                            • Instruction ID: 89313ea2263e8de32a3d582b1ef1a144d6e06429077b145cc22490bc7a2857cc
                                                                                                                                                            • Opcode Fuzzy Hash: 3ee7063437a890b32395ed29857da45235c3c6257668d184adddad98d85a3a08
                                                                                                                                                            • Instruction Fuzzy Hash: D1912371A01611DBE7249B69CC80B7EBBB6EF84718F5540ADFA019B380E7359D42CFA1
                                                                                                                                                            Function 01691051 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6714d17e934139f1336b1e0993a34420f44eb0032ffb08da21d6da8dc0fbbf00
                                                                                                                                                            • Instruction ID: b2ed00a81a1458c1ac3beaa1b365e8e62da42283af6aff8573637fa6e49b8ab0
                                                                                                                                                            • Opcode Fuzzy Hash: 6714d17e934139f1336b1e0993a34420f44eb0032ffb08da21d6da8dc0fbbf00
                                                                                                                                                            • Instruction Fuzzy Hash: 5FB114B55093419FD754CF28C880A5AFBF1BB89314F188AAEF999C7351D731E845CB82
                                                                                                                                                            Function 016993A6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6a7db11df4e1cf06892cdf3bd398e07dc9e6a9755e72908bfa0c7f31d1d0c0c3
                                                                                                                                                            • Instruction ID: ca0fb38d3cf5724fee99e7b7be41e55fb960eaca0144c1612036d4958967f04c
                                                                                                                                                            • Opcode Fuzzy Hash: 6a7db11df4e1cf06892cdf3bd398e07dc9e6a9755e72908bfa0c7f31d1d0c0c3
                                                                                                                                                            • Instruction Fuzzy Hash: 25B17D74941206CFDF26CF58D844BA9BBB8BF08728F28815DD9229B396D771D842CF90
                                                                                                                                                            Function 01697290 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 55fc684d83fca1173150102c3eb4fdff59526e121a8c45cefab36fbb6fbdb557
                                                                                                                                                            • Instruction ID: 0ed6c29ab0d858fcca5b8b3b87479843028a30cbb4e74d14fa2b6713cafca81d
                                                                                                                                                            • Opcode Fuzzy Hash: 55fc684d83fca1173150102c3eb4fdff59526e121a8c45cefab36fbb6fbdb557
                                                                                                                                                            • Instruction Fuzzy Hash: EEA18C71618342CFCB15CF28C880A2ABBEAFF98744F14496DE5858B351EB30E945CF92
                                                                                                                                                            Function 0174B0AF Relevance: .2, Instructions: 222COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                            • Instruction ID: d1483f6281b500c3442b14b44c2c914add0ece29cdc4609799720e781dfc18ff
                                                                                                                                                            • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                            • Instruction Fuzzy Hash: 22719131A0021ADBDB20CFAAC990ABFFBB9EF54650F55415ADD01EB245E734DD81CB90
                                                                                                                                                            Function 016CE1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 13dc12e8ecd852249ab9725603cd9212427657619b9a57520f0130d2ac27707f
                                                                                                                                                            • Instruction ID: 65bba7e9ad1c9104e85c47957d8564989ed89a70630ee1aa318ceb9d45ad6f8a
                                                                                                                                                            • Opcode Fuzzy Hash: 13dc12e8ecd852249ab9725603cd9212427657619b9a57520f0130d2ac27707f
                                                                                                                                                            • Instruction Fuzzy Hash: 85813E71900609EFDB26CFA8C880BEABBFAFF48754F14842DE555A7250DB31AD45CB60
                                                                                                                                                            Function 0175970B Relevance: .2, Instructions: 210COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c245a808ab520fab158afa932557fad87987276a830e0fa8f3fb18592bc85a02
                                                                                                                                                            • Instruction ID: 9d2a021bca778c71a691fab9f4a9be621d8baa7ffee2a0d4a140945642ca64b3
                                                                                                                                                            • Opcode Fuzzy Hash: c245a808ab520fab158afa932557fad87987276a830e0fa8f3fb18592bc85a02
                                                                                                                                                            • Instruction Fuzzy Hash: 6561C570F40216DBEB659F69C884BBEFBBAAF84318F144159EE1197284DBB0DD41C7A0
                                                                                                                                                            Function 016AC560 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a2ff2bda902723bbaff395569e6457b98c9b086f8eb11f7151fc927eed24017d
                                                                                                                                                            • Instruction ID: 1ec24ce8eb115082d1b41afad8a66a12ec7b9f6458420f80244288543c955b02
                                                                                                                                                            • Opcode Fuzzy Hash: a2ff2bda902723bbaff395569e6457b98c9b086f8eb11f7151fc927eed24017d
                                                                                                                                                            • Instruction Fuzzy Hash: 3971CEB1805629DBCB25CF58CD907BEBBB5FF49710F1451AEE952AB340E3349801CBA4
                                                                                                                                                            Function 016A252B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 826361a5d6ac5712360c73faffff07cb043865c84bb123db79a5d57a9467be6b
                                                                                                                                                            • Instruction ID: b8b4e743fba864730e1b25257eb0aa33a2f3720f7f17d3f1297291d4f96ca384
                                                                                                                                                            • Opcode Fuzzy Hash: 826361a5d6ac5712360c73faffff07cb043865c84bb123db79a5d57a9467be6b
                                                                                                                                                            • Instruction Fuzzy Hash: 10719D316446519FD311DF2CC894B2AB7E5FF85700F0485ADE8998B352EB34DD46CBA1
                                                                                                                                                            Function 016977F9 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9855bffa4d7cd7396dd4e7373d8aea1786b193a4aeebb4d909d9219d6eea469c
                                                                                                                                                            • Instruction ID: 74de64e2f11bcb1f6484e74c7381d9ecfd4a1ef8352fe4c7978dbc5cfc578a2c
                                                                                                                                                            • Opcode Fuzzy Hash: 9855bffa4d7cd7396dd4e7373d8aea1786b193a4aeebb4d909d9219d6eea469c
                                                                                                                                                            • Instruction Fuzzy Hash: F8517A70A18301DFCB24CF29C980A2AFBE9FB88650F15496EE69997355D730E844CF82
                                                                                                                                                            Function 0168B273 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5b88ee45473bc1ee75d56ab7b5dcce65d8fac06d484b980079abf3ec4a4748f0
                                                                                                                                                            • Instruction ID: 3b7bd178ad12322cf653e01e5193e9362aaf48a841f2aa5d390cf36ae2a02147
                                                                                                                                                            • Opcode Fuzzy Hash: 5b88ee45473bc1ee75d56ab7b5dcce65d8fac06d484b980079abf3ec4a4748f0
                                                                                                                                                            • Instruction Fuzzy Hash: 56411431280601DBDB26AF1DDC90B2ABBA6FF54B20F15852EFA099B751D770EC02CB54
                                                                                                                                                            Function 016CB490 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0502e060be3ee86ee158508ac7f09ec127c86f7fee9ac72d2c169be7d86dda49
                                                                                                                                                            • Instruction ID: 44204d5d3cc8fac6f922201f6c050803330412f2554b4b1f1ca6346a1bbcb743
                                                                                                                                                            • Opcode Fuzzy Hash: 0502e060be3ee86ee158508ac7f09ec127c86f7fee9ac72d2c169be7d86dda49
                                                                                                                                                            • Instruction Fuzzy Hash: CC51F571604342DBE725EF68DC90F6BB7EAEB94724F10062DEA51872D1D730E840CBA9
                                                                                                                                                            Function 016B94FA Relevance: .2, Instructions: 160COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 562d8c8ef48a68d46b7cdf64694dcc9622f4736a9ee16d95074ab3885c2aad21
                                                                                                                                                            • Instruction ID: 349a8bdaf0a99975ae106f305f4de16b6d361cab0edf25d102d3776a27fbe72b
                                                                                                                                                            • Opcode Fuzzy Hash: 562d8c8ef48a68d46b7cdf64694dcc9622f4736a9ee16d95074ab3885c2aad21
                                                                                                                                                            • Instruction Fuzzy Hash: DF51CE7194420AAFEB229FB4CC90BEDBBB9FF11304F20402DEA91A7251DB719945DF14
                                                                                                                                                            Function 01697072 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3914bcb1292392735baf0aa2a59e51ec108d1d28d2926d211f4b2564215408f6
                                                                                                                                                            • Instruction ID: 9073643ad764530ad31c91911b49152581fbdf6e802d778be8f4a9756ab40b02
                                                                                                                                                            • Opcode Fuzzy Hash: 3914bcb1292392735baf0aa2a59e51ec108d1d28d2926d211f4b2564215408f6
                                                                                                                                                            • Instruction Fuzzy Hash: FE510DB0A10606EFDF16DB68CC487BDB7A9BF55325F14812EE60297290DB709912CF80
                                                                                                                                                            Function 016CE363 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4304e0f39286bc19e26ce08ec37679ee3dcf18d1e7097113ef0213a051a4aab2
                                                                                                                                                            • Instruction ID: bd0593cd8a23857647455d106a7d59b4e709fd8f8f6f714da35915d4eb61e947
                                                                                                                                                            • Opcode Fuzzy Hash: 4304e0f39286bc19e26ce08ec37679ee3dcf18d1e7097113ef0213a051a4aab2
                                                                                                                                                            • Instruction Fuzzy Hash: D6513631600A05DFCB22EFA8CD90E6AF7FAFB28644F40442EE656972A1D735E941CB51
                                                                                                                                                            Function 016B44D1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                                                            • Instruction ID: 9148da9c265281a5b41f7993f04c5f31528489577a22b63decf3c7536f78a553
                                                                                                                                                            • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                                                            • Instruction Fuzzy Hash: 3A519371D0021AABDF15DF98CC90BEEBBB5AF44714F044069EA02AB341EB74D985CBA4
                                                                                                                                                            Function 0169510D Relevance: .1, Instructions: 149COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 812624e9a26b2916795c8d9a51460b93fb9ae290810d0ce8c46858914e96bd29
                                                                                                                                                            • Instruction ID: 420f74651d6188676152a9248d396ff006ff1759f2b8aa321aca37944db9e27d
                                                                                                                                                            • Opcode Fuzzy Hash: 812624e9a26b2916795c8d9a51460b93fb9ae290810d0ce8c46858914e96bd29
                                                                                                                                                            • Instruction Fuzzy Hash: BD518DB1A052169FEF22DFA8CC40BADB7B9AB09750F10805EF902EB251D77499418B55
                                                                                                                                                            Function 01763157 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                            • Instruction ID: 72b7be2ea9c5b1a749aa3f62ad5980262850821b1e8481a92c249db6a886cdd0
                                                                                                                                                            • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                            • Instruction Fuzzy Hash: 65518A71600606EFDB16CF58C980A56FBF9FF45304F1581AAE90C9F252E371EA85CB90
                                                                                                                                                            Function 016CA350 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: dcf90f0f0e10d867884270471f4cf2c9babbb2596b8259f204d900b229483de3
                                                                                                                                                            • Instruction ID: 2c9748e3b237a85a3bce470b27ee50fe2360938aa8e3e188d1143f97e48f4359
                                                                                                                                                            • Opcode Fuzzy Hash: dcf90f0f0e10d867884270471f4cf2c9babbb2596b8259f204d900b229483de3
                                                                                                                                                            • Instruction Fuzzy Hash: C9414D71684306DBCB25EF99DC91B7EB766EB94B18F01802DFA06DB241E7719C01C794
                                                                                                                                                            Function 0175A553 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                                                            • Instruction ID: 3be13ce6741c6293211cbdfcf4f728f8c0ff3554d5112d6e91a4a9437da9dbf5
                                                                                                                                                            • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                                                            • Instruction Fuzzy Hash: 2941D5716007169FD765CE28C894E6AF7A9FF84318B14467DED1287644EB70ED04CB90
                                                                                                                                                            Function 016C0118 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d34a72b24deb0923b502a5e6385e5b9a5eaf441fe3ae941316ab2a76afd8d62a
                                                                                                                                                            • Instruction ID: 904fde98918c70601345d9d3592e3219da1e3deac9c5ce57cea512456938d369
                                                                                                                                                            • Opcode Fuzzy Hash: d34a72b24deb0923b502a5e6385e5b9a5eaf441fe3ae941316ab2a76afd8d62a
                                                                                                                                                            • Instruction Fuzzy Hash: D441AB39901219DBCB10DF98C840ABEB7B6EF58A14F14815EF815A7250D7399C41CBA4
                                                                                                                                                            Function 0169D454 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 15a23ab51967def2c658c4a108e348892dd24b6d81763c9427e2da419057015b
                                                                                                                                                            • Instruction ID: 2ff266d6904278a161557340e43f3e20060cca5f589954fc23dac0ee90d4d9ad
                                                                                                                                                            • Opcode Fuzzy Hash: 15a23ab51967def2c658c4a108e348892dd24b6d81763c9427e2da419057015b
                                                                                                                                                            • Instruction Fuzzy Hash: 0251AF722056918FDB22CF5CCC44B6AB7E9BB40B94F0904B9EA118B7A1D738EC41DB61
                                                                                                                                                            Function 01696074 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c02c9435d519974245ab621567877acf782e2d2ffe84ff457f68b5c4f9e47ac0
                                                                                                                                                            • Instruction ID: a0c761fe67f1c73be34eba8ba153b988c4064c1cbc3e69ec220e4500dc8933cb
                                                                                                                                                            • Opcode Fuzzy Hash: c02c9435d519974245ab621567877acf782e2d2ffe84ff457f68b5c4f9e47ac0
                                                                                                                                                            • Instruction Fuzzy Hash: BA51D3B0A802069BDF25DB28CC50BB9BBB6FF11318F1482ADE519977D2D7749982CF44
                                                                                                                                                            Function 0168B0D6 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 32b1f08f2dd0c9c8e38e8faf66161cf03d3abef2a71a9a61e9763bf54c85bccd
                                                                                                                                                            • Instruction ID: 757d2bcde918e4dafe451872cd5f7c41b2b9640b65829c9542e8044f76309cf2
                                                                                                                                                            • Opcode Fuzzy Hash: 32b1f08f2dd0c9c8e38e8faf66161cf03d3abef2a71a9a61e9763bf54c85bccd
                                                                                                                                                            • Instruction Fuzzy Hash: 5A41CCB1641202EFDB22EF68CC90B2ABBE9EF50B54F00856DE681DB650D770E901CB94
                                                                                                                                                            Function 017581EE Relevance: .1, Instructions: 129COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                            • Instruction ID: 4ba281020edd1636b1d85408c032ae8ab036fee141784a69c88906746a3379a1
                                                                                                                                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                            • Instruction Fuzzy Hash: 3B41C671B00205ABDF55DF9AC884AAFFFBAEF98650F144069ED05A7342DAB0DE00C761
                                                                                                                                                            Function 016907A7 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 54931b36b782a6113e6ede3f06a2d80dde6705dd295038440c65746e9fcd8ee3
                                                                                                                                                            • Instruction ID: cd6d715dbad2dd15bfee9440dbbd34f6ecb1ef47bebb8491b840f45bc48d5b92
                                                                                                                                                            • Opcode Fuzzy Hash: 54931b36b782a6113e6ede3f06a2d80dde6705dd295038440c65746e9fcd8ee3
                                                                                                                                                            • Instruction Fuzzy Hash: AB41AC717007019FDB28CF28CD84A26BBFDFF48314B118A6DE9568BA50E730E846CB90
                                                                                                                                                            Function 016BA390 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 59f9f0d7d51fc9453e0618631dc7ef92506478f2fc35cc1617ae0235cf07ace0
                                                                                                                                                            • Instruction ID: 9fab116f934dbe502b8094107aeaa37dc61fad1aca5aad30d4cfd02ccb08b470
                                                                                                                                                            • Opcode Fuzzy Hash: 59f9f0d7d51fc9453e0618631dc7ef92506478f2fc35cc1617ae0235cf07ace0
                                                                                                                                                            • Instruction Fuzzy Hash: C841B031942206CFDB21DFA8CD94BEDBBB1FB18320F18415DD502AB391DB749981CBA4
                                                                                                                                                            Function 016CF523 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d9580eaf8de19e86ac9162e754248bfca48c811c4c4626db34939c815a96c19c
                                                                                                                                                            • Instruction ID: 9cf137a9ffa2bbb97e59e78197b604dad8cb6f167dddb52760f1436e065e6d43
                                                                                                                                                            • Opcode Fuzzy Hash: d9580eaf8de19e86ac9162e754248bfca48c811c4c4626db34939c815a96c19c
                                                                                                                                                            • Instruction Fuzzy Hash: 2A413CB4D50248AFDB24DFA9D880AADFBF5FB58710F60856EE559A7201DB309A01CF60
                                                                                                                                                            Function 0175D7A7 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9a54cf00f57f964ab06eb859cf2b579fd9f2a358d9add01212bcd52b6bf66b06
                                                                                                                                                            • Instruction ID: f31246eea0352316dde013967f815565a87f3f0e3d6d138ed8e802ddb3492bb9
                                                                                                                                                            • Opcode Fuzzy Hash: 9a54cf00f57f964ab06eb859cf2b579fd9f2a358d9add01212bcd52b6bf66b06
                                                                                                                                                            • Instruction Fuzzy Hash: 7741D1716443019BD365DFA8C884B2AFBE6EBC4310F08456CED9A87381DBB4E845CB91
                                                                                                                                                            Function 0169254C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2ed5ab2974e372465539f7841da51bbe06acc0d69d825d3a9ddf76cbd5123906
                                                                                                                                                            • Instruction ID: 75d2b6f8688b7b7da88c4319c7cf2044bb725338caf27b538e0c21c6623cbcec
                                                                                                                                                            • Opcode Fuzzy Hash: 2ed5ab2974e372465539f7841da51bbe06acc0d69d825d3a9ddf76cbd5123906
                                                                                                                                                            • Instruction Fuzzy Hash: EF41A1B1541701EFCB21EF28CD60769B7FAFF54714F2082ADD10A9B691DB30A941CB81
                                                                                                                                                            Function 01710227 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a638199ae2485d1de43683fc3d910d21687387dcb5b7ee643d49e6238340cb74
                                                                                                                                                            • Instruction ID: ae2f32121103ace6880eabc99f19f4ad6275bf9547dc66abfb05c58c9f25b6db
                                                                                                                                                            • Opcode Fuzzy Hash: a638199ae2485d1de43683fc3d910d21687387dcb5b7ee643d49e6238340cb74
                                                                                                                                                            • Instruction Fuzzy Hash: 0E41BF326087429FD320DF6CD854A6AF7E9FF98700F040A2DF95887694E730E944C7AA
                                                                                                                                                            Function 01694779 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e64916034921ba6021a3a20b92869a5faf00cc201b5160fe7027956a18893d1a
                                                                                                                                                            • Instruction ID: f409373468fcbb705a2c1053831cdf6dba139d6305a274d2f04cec643d8be9c2
                                                                                                                                                            • Opcode Fuzzy Hash: e64916034921ba6021a3a20b92869a5faf00cc201b5160fe7027956a18893d1a
                                                                                                                                                            • Instruction Fuzzy Hash: 6741B1706043419BDB25DF28DE94B3ABBEAEF81354F15442DE6418B3A1DB30D842CB51
                                                                                                                                                            Function 016A01F1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                                            • Instruction ID: 471a12cd86e82d2b186b4db282bb6cf3f9c9aafa4ae377acc97c03dfc2e1c4be
                                                                                                                                                            • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                                            • Instruction Fuzzy Hash: E6312831A00344AFDB12CBACCC44BAABFE9EF44350F0481AAF855D7352D7749884CB65
                                                                                                                                                            Function 016B9194 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: d2515a48f7a476e107a65a1ba9f434eec31442a5c70b12ad57e7704d73810531
                                                                                                                                                            • Instruction ID: 2f7d375675e729f53ef5b95905b9aa737a8f3a5df814c24f917ec9337d5ccadb
                                                                                                                                                            • Opcode Fuzzy Hash: d2515a48f7a476e107a65a1ba9f434eec31442a5c70b12ad57e7704d73810531
                                                                                                                                                            • Instruction Fuzzy Hash: 613186B1E106299FDB218B68CC80FDABBB5AF86714F1141E9EA4CA7340DB309D858F55
                                                                                                                                                            Function 01694180 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3030c69d0f9aa6d628db7509f3780ea9ce1bf88f6dc3ecd0b151d43cb8b87559
                                                                                                                                                            • Instruction ID: 210d9fcaa54feae93036246933a7bbb87aa477f231c0cf633e0679e6d3b897ce
                                                                                                                                                            • Opcode Fuzzy Hash: 3030c69d0f9aa6d628db7509f3780ea9ce1bf88f6dc3ecd0b151d43cb8b87559
                                                                                                                                                            • Instruction Fuzzy Hash: F641AF31200741DFDB22CF28CE90F967BEAAF55314F00845DEA5A8B351DB74E805CBA0
                                                                                                                                                            Function 016B5004 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                            • Instruction ID: ae45c9151e2fb2336a65c6b960ce46566a1b68c5cc02eb0cd0e70fa46806798e
                                                                                                                                                            • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                            • Instruction Fuzzy Hash: 0E31C6316082419FE721EA2CCC90BE6BBD5AB95350F44852EF9868B391D775C8C2C7D3
                                                                                                                                                            Function 0168B420 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1b61dae5f15e1ed058901ad4cd0a4c4a3ba35a39202f7b8af202b207e3e0b25b
                                                                                                                                                            • Instruction ID: 57815e759b14dd7bfd1c1d2edce6c9e25a98dc023c0e8e9316a6f592df7830ba
                                                                                                                                                            • Opcode Fuzzy Hash: 1b61dae5f15e1ed058901ad4cd0a4c4a3ba35a39202f7b8af202b207e3e0b25b
                                                                                                                                                            • Instruction Fuzzy Hash: 8831E2725412049FC721EF18CC81A6A7BA5FF45724F14826DEE554B3A6C731ED42CBE4
                                                                                                                                                            Function 01698470 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 724730d19be898fc761860305aaab4e24ff060e174a0f8c0652704923de3428d
                                                                                                                                                            • Instruction ID: bd6f6d10d663206b07a85719b47b2ff24941f21ab03e96a51395350a8a2e43d3
                                                                                                                                                            • Opcode Fuzzy Hash: 724730d19be898fc761860305aaab4e24ff060e174a0f8c0652704923de3428d
                                                                                                                                                            • Instruction Fuzzy Hash: 9F316B72A05342CFEB20CF19C800B66BBE9BF89B40F05496DEA8897391D774E844CB91
                                                                                                                                                            Function 016CA5E7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                                                                            • Instruction ID: 7412f6dfd015b7dbf86ffa818a9998e1d3254cd615fae2fd7c5e4d4e8e79e530
                                                                                                                                                            • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                                                                            • Instruction Fuzzy Hash: 79312872B00B15AFD765CFAADD45B66BBE8EB48B54F04092DA59AC3740F730E9008B64
                                                                                                                                                            Function 0173E750 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 290b8e58c6c61567dce4c8bcbfe86022571b10998c64c62281adabbbef90856f
                                                                                                                                                            • Instruction ID: 3ac4f6637130cbecbbbe60bdb2594c44ba3f56f2e491b20c1a706c6e3d054e3c
                                                                                                                                                            • Opcode Fuzzy Hash: 290b8e58c6c61567dce4c8bcbfe86022571b10998c64c62281adabbbef90856f
                                                                                                                                                            • Instruction Fuzzy Hash: 08318BB19893029FCB11EF19C44095AFBE2FF89714F4495AEE4889B252D730DD45CF92
                                                                                                                                                            Function 017617BC Relevance: .1, Instructions: 91COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                            • Instruction ID: c0767205088841b930d9fad9a5ed38389f077d036d061241795642f630d96bed
                                                                                                                                                            • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                            • Instruction Fuzzy Hash: 683190B2D00115EFC714DF69C484AADB7F5FF88321F558169D854DB341D734AA11CBA0
                                                                                                                                                            Function 016991E5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                            • Instruction ID: a45778ebdde3f447afbb0cc31c5b940b3c41f8f6b4f524571bd4dbc7db6f407d
                                                                                                                                                            • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                            • Instruction Fuzzy Hash: D531A6B16082468FCB06DF18DC40A5ABBEAEF99710F0405AEF9519B3A1C730DC05CBA6
                                                                                                                                                            Function 016B42AF Relevance: .1, Instructions: 89COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d1253354a0c67f6570a6aae59fa49e1449ffb5854a8f96249f57ae2d02d8752a
                                                                                                                                                            • Instruction ID: ef57d001f88d3fb5021697867747c6aa57f5b4b32fabbbff8d729adea7a9557a
                                                                                                                                                            • Opcode Fuzzy Hash: d1253354a0c67f6570a6aae59fa49e1449ffb5854a8f96249f57ae2d02d8752a
                                                                                                                                                            • Instruction Fuzzy Hash: 4A31BF72B01205AFD720EFA9CDC0AAEBBFAEB54304F14842DD646D7255DB30E981CB91
                                                                                                                                                            Function 0168C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3e711a14d05d8b48a4fc2a9ac22446ed05d6467aa8ea1144644f4eba1ee26849
                                                                                                                                                            • Instruction ID: 8c82a43c6504ac2f777a2e0a9b6de4f9ab72979f016ed2c3128f86c008b998f1
                                                                                                                                                            • Opcode Fuzzy Hash: 3e711a14d05d8b48a4fc2a9ac22446ed05d6467aa8ea1144644f4eba1ee26849
                                                                                                                                                            • Instruction Fuzzy Hash: 08319BB1502201DBDB21AF58CC44BA977F9EF61318F44C2ADE9459B386DB34ED82CB90
                                                                                                                                                            Function 0168E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 678bd4f0476717afc142938dd3d16c8dc9929ec20173cf717e28ffe0884dad83
                                                                                                                                                            • Instruction ID: ffd292c87a7fb32b2e3f9dd6589b3c2d394455b4515bf313f0ca0dc3eaa62cac
                                                                                                                                                            • Opcode Fuzzy Hash: 678bd4f0476717afc142938dd3d16c8dc9929ec20173cf717e28ffe0884dad83
                                                                                                                                                            • Instruction Fuzzy Hash: D7312931A0112CABDB31EB1CCC41FEEB7BAEB15740F0102A5E649A7290D7B59E81CF94
                                                                                                                                                            Function 016C43D0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b4f9c33e96ace67065ca95715b9c242f0d7ce4dfc3b0dc39adce47f8c286a6f2
                                                                                                                                                            • Instruction ID: 902ab98a2fdd71fa130f7eb2c5ec3544f5d4a2b9b0c2803f22f836bfd16ac750
                                                                                                                                                            • Opcode Fuzzy Hash: b4f9c33e96ace67065ca95715b9c242f0d7ce4dfc3b0dc39adce47f8c286a6f2
                                                                                                                                                            • Instruction Fuzzy Hash: 9C21BF725057419BCB21DE58CC90B6BB7E9FF98B20F10851DFD889B241CB30E901CBA2
                                                                                                                                                            Function 016C44A8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                                                                            • Instruction ID: b5964f20683905adb8c441437fe0810e59af4fea19a4fe7c1425b2e85ef3b8ba
                                                                                                                                                            • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                                                                            • Instruction Fuzzy Hash: 58216076A00605EBCB11CFA8C990AAABBA5FF58720F50C079ED059B641DB70EE058B90
                                                                                                                                                            Function 0168E328 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                                            • Instruction ID: 342d4c3447025adf0edbee7a70045217e91d745451b2f96d4177587dad9daddf
                                                                                                                                                            • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                                            • Instruction Fuzzy Hash: A8318731600644EFEB21DB68CC84F6AB7F9EF45354F1446A9E5229B380E770EE42CB50
                                                                                                                                                            Function 0170E289 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 47212ec0d561a89848413c3b008285d93544234fc8e301fb818750e00484d1d5
                                                                                                                                                            • Instruction ID: 385ce67ee986da5d4369ce8872dafa8d7744a00369559a66dfa08ab187640bd6
                                                                                                                                                            • Opcode Fuzzy Hash: 47212ec0d561a89848413c3b008285d93544234fc8e301fb818750e00484d1d5
                                                                                                                                                            • Instruction Fuzzy Hash: 0C315E75600205EFCB15CF18C8849AEFBF6FF84704B158869E8199B391EB71E941CB94
                                                                                                                                                            Function 016CD450 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: db9e20d366a769236d59d08e3868a975bf51c4016c884b4f662d202fdacc76a9
                                                                                                                                                            • Instruction ID: 85418b567fefcceda54c74eb1403882d99ccf42cfc7d0fd105201da169e9e0f8
                                                                                                                                                            • Opcode Fuzzy Hash: db9e20d366a769236d59d08e3868a975bf51c4016c884b4f662d202fdacc76a9
                                                                                                                                                            • Instruction Fuzzy Hash: A221D6B1584741ABC721FF68DD44B2BB7EAFB64A28F40042DB60597680D730DD05CBEA
                                                                                                                                                            Function 01693536 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e1fe5b5584d5723b971407168bc7b9a26d569c957bd745402aec068b4e17aad2
                                                                                                                                                            • Instruction ID: 87a277636c6c73ddba4b6d0ded9329238dc532f83625e7f9eae6fbd80811f9d3
                                                                                                                                                            • Opcode Fuzzy Hash: e1fe5b5584d5723b971407168bc7b9a26d569c957bd745402aec068b4e17aad2
                                                                                                                                                            • Instruction Fuzzy Hash: 11210131242610AFDB32AF29CE44B2ABBAAFF84B20F45001DE8414B781C770EC49CBD1
                                                                                                                                                            Function 01710371 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 82b4c5faf6d61587b8f0f493bf52c6873b06743d4a6c0efd0189c324600bd063
                                                                                                                                                            • Instruction ID: 0ae1f699da2e7708e80a65c103fabf910ed93f46969abb40a33ae87888c88330
                                                                                                                                                            • Opcode Fuzzy Hash: 82b4c5faf6d61587b8f0f493bf52c6873b06743d4a6c0efd0189c324600bd063
                                                                                                                                                            • Instruction Fuzzy Hash: 1821AD71900229ABCF20DF59C881ABEF7F4FF08740B504069F801AB244D778AD41CBA4
                                                                                                                                                            Function 016BF24A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                            • Instruction ID: 55f7915fa976f692e5184b7e012d8aa1bf0ba58f788b297d04a11272d04dc3ba
                                                                                                                                                            • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                            • Instruction Fuzzy Hash: CA21D4752012059FD719DF59CC80BA6BBEAFF95361F1181ADE0068B3A0E7B0EC81CB94
                                                                                                                                                            Function 016C9580 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3b69804dac4aa5b376ba700986c8234ea8104cc62db1466c125a750c63cd0a33
                                                                                                                                                            • Instruction ID: 04939e738c73d0b1c9d1d3d39fee3553d8cd588655e1c5ddfaa3c5dd998615c3
                                                                                                                                                            • Opcode Fuzzy Hash: 3b69804dac4aa5b376ba700986c8234ea8104cc62db1466c125a750c63cd0a33
                                                                                                                                                            • Instruction Fuzzy Hash: F621E570154701EBCF366A29CC54B36B7A2EF24B28F60461DE44B4A6D5E731F882CF95
                                                                                                                                                            Function 016B2755 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 41044c033744797a2b5538393d5711011be69a3c11d76a833b7c2a8f5998e758
                                                                                                                                                            • Instruction ID: e234eb15be440f4182137a2054da4852f4c93e975ed8861d9578c1accd439c5a
                                                                                                                                                            • Opcode Fuzzy Hash: 41044c033744797a2b5538393d5711011be69a3c11d76a833b7c2a8f5998e758
                                                                                                                                                            • Instruction Fuzzy Hash: 6B213831644681ABE323576CCC9CF747BD6AB45B30F2907BCEA259B7E2D7689841C318
                                                                                                                                                            Function 016CA22B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 44f74cbd2d243dfe83cacbbd42e254580d83424d0909c1cf7a88d371236757fa
                                                                                                                                                            • Instruction ID: a02075979bcc26d3e21b551ea2e89f9ce00967e00a4bb0fc518d2d6e7653bc77
                                                                                                                                                            • Opcode Fuzzy Hash: 44f74cbd2d243dfe83cacbbd42e254580d83424d0909c1cf7a88d371236757fa
                                                                                                                                                            • Instruction Fuzzy Hash: 79219875640A11EBC725EF69CC10B56B7E6FF08B04F24846CA509CBB62E335E842CB98
                                                                                                                                                            Function 017105C6 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4f01ea2223f1b1def5418664e4466525aca68c2c7c7f201ab83f227af4807a19
                                                                                                                                                            • Instruction ID: 7acfc6c3af3aae67244ebd476e7a1e597f3bc2e23f6b0eed37424b8791f59888
                                                                                                                                                            • Opcode Fuzzy Hash: 4f01ea2223f1b1def5418664e4466525aca68c2c7c7f201ab83f227af4807a19
                                                                                                                                                            • Instruction Fuzzy Hash: A521F8B1E00209ABCB20DFAAD9859AEFBF9FF98710F20412FE505A7254D7709941CF64
                                                                                                                                                            Function 016B14C9 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                                            • Instruction ID: 9691d8fda4c7c2a8159b69544a74068f8553760c685b64e940bb5c279505aede
                                                                                                                                                            • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                                            • Instruction Fuzzy Hash: 27212372701291ABE7168BDDCD88B65BBEAFF01640F0D00A4DE058B392E778CC81C750
                                                                                                                                                            Function 0168B705 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 041c77066fb25c20754f6b8a2fcb70edc82630598ce4133bc40f03856c61b07c
                                                                                                                                                            • Instruction ID: 5dc90ae9dc4cc1d52d22ed60a54b6c111ee9c9bd469f9e0ded7285d0224086ff
                                                                                                                                                            • Opcode Fuzzy Hash: 041c77066fb25c20754f6b8a2fcb70edc82630598ce4133bc40f03856c61b07c
                                                                                                                                                            • Instruction Fuzzy Hash: A0215772141642EFC726EF58CD50F59B7F6FF28718F14466CE00696661CB34E801CB48
                                                                                                                                                            Function 016C0044 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                                            • Instruction ID: 228f6b28b4213e337e44a4bb5106255111ab633287514bc8e9aaf332b2fded4f
                                                                                                                                                            • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                                            • Instruction Fuzzy Hash: 6611D076600605EFE7229F48CC45FAEBBADEB84B54F11402EFB509B240D671ED45CBA4
                                                                                                                                                            Function 01698009 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4110f416dff0989dac5d0aa5af2942d56b6c6a06772882a6c909c06b629383a2
                                                                                                                                                            • Instruction ID: 8df518f2a5350c4368521ff00ae92456699937c8959f969b2096b934d843a67b
                                                                                                                                                            • Opcode Fuzzy Hash: 4110f416dff0989dac5d0aa5af2942d56b6c6a06772882a6c909c06b629383a2
                                                                                                                                                            • Instruction Fuzzy Hash: DC215E75A40209DFCF14CF98C990A6EBBB9FB49718F20416DD105A7310C771AD06CBD0
                                                                                                                                                            Function 016891F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: de21e45a370c47e82d50f6d3c13846c0d78f8eacaa82c3fd947f5a44b0fb2a40
                                                                                                                                                            • Instruction ID: 2946e26d2bae2a214d65d6e9ae67cd680fb0c28f2276613891e7d2aef1d19fef
                                                                                                                                                            • Opcode Fuzzy Hash: de21e45a370c47e82d50f6d3c13846c0d78f8eacaa82c3fd947f5a44b0fb2a40
                                                                                                                                                            • Instruction Fuzzy Hash: 3211273B192581AAD335AF58EE40A7A77F9FFA8BA4F608029E50097354E334DC02C765
                                                                                                                                                            Function 01726400 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1b4201946a4881626266700f4c5074438c7ca6da64cbb6df8b7aa123b84a6d2c
                                                                                                                                                            • Instruction ID: f1a3af8f58e2609b31d25e0591335ab9768b605b918d331de049519f2d584065
                                                                                                                                                            • Opcode Fuzzy Hash: 1b4201946a4881626266700f4c5074438c7ca6da64cbb6df8b7aa123b84a6d2c
                                                                                                                                                            • Instruction Fuzzy Hash: 4611E732281520ABC722DF9DCD40F4AB7AAEB55750F00406AFA45DB251EA70EA02C7D0
                                                                                                                                                            Function 016BE7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1a6ca0d5904888e2056129dbd31f44733757967359f93651b00ca7adbb6de7d2
                                                                                                                                                            • Instruction ID: 777d80e6d41dc203e1ee3230b4fd779f4c89cbb7478e5a5c242ef3c32a77c64b
                                                                                                                                                            • Opcode Fuzzy Hash: 1a6ca0d5904888e2056129dbd31f44733757967359f93651b00ca7adbb6de7d2
                                                                                                                                                            • Instruction Fuzzy Hash: B311E533604500ABCB19EB288CC1AABB357EBE5770B25413DE5128B390DA319C46C7D4
                                                                                                                                                            Function 016C65D0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c3118ffec52b1432313d03576b121bf1804fee2de1da8d19d4d1c8869e440fc5
                                                                                                                                                            • Instruction ID: 859ce7d58b1f451823dd09b11772b8d65347344457832b24c667adad89f9ecd8
                                                                                                                                                            • Opcode Fuzzy Hash: c3118ffec52b1432313d03576b121bf1804fee2de1da8d19d4d1c8869e440fc5
                                                                                                                                                            • Instruction Fuzzy Hash: 5911C172A01211EFCB21DF5AC980A6ABBF5EF94A10F11807DE906DB311D730DD01CB98
                                                                                                                                                            Function 0175A464 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                                                                            • Instruction ID: 8b79fa48ba1250b213e382a7580bbfb718fe1c3308c84f1c89e97c425aefa1fe
                                                                                                                                                            • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                                                                            • Instruction Fuzzy Hash: BC11C432A10519EFDB59CF58CC09B9DFBB5EF84210F048269EC5697354EAB1AE51CB80
                                                                                                                                                            Function 016B270D Relevance: .1, Instructions: 58COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 52e1f183b4304ab0c69980ce7432f5449109a20eb0ebf8790310a80cad6afbef
                                                                                                                                                            • Instruction ID: 9a1eae85811eeb1280f6902c66f83252ef75b3f4761b083fc8b87b1dcf321063
                                                                                                                                                            • Opcode Fuzzy Hash: 52e1f183b4304ab0c69980ce7432f5449109a20eb0ebf8790310a80cad6afbef
                                                                                                                                                            • Instruction Fuzzy Hash: 3C012635344244ABE32592AE8C98F77BBCEEF40650F09007DFA058B350DB14EC41C225
                                                                                                                                                            Function 0174D270 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                            • Instruction ID: c9f48f38f38c6ba3e4d27f12adc999ccc859804af3addf1a193805f970426053
                                                                                                                                                            • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                            • Instruction Fuzzy Hash: 4101A57160010AAB9B14DBD6CC55CAFBBBDDFE9624B00005DA941D3110E730EE01D774
                                                                                                                                                            Function 016945B0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1adb49f4f8fb340956e6bc5afbc740dd4d1b76656b50264cd480a8a79ca0fa64
                                                                                                                                                            • Instruction ID: bd6ca09ac5bd62b2e58fdcda95d974e2d8062aba2bd31817ec7262b02fb40dc6
                                                                                                                                                            • Opcode Fuzzy Hash: 1adb49f4f8fb340956e6bc5afbc740dd4d1b76656b50264cd480a8a79ca0fa64
                                                                                                                                                            • Instruction Fuzzy Hash: E811A0B2600294EFDF21DF69DE54B567BACEB95B64F004119F905CB740CB70E802CBA4
                                                                                                                                                            Function 016C6540 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 94d84ae37f006222ee990826c582bb685f488c8ce7a1d3ef5f05e386877991b8
                                                                                                                                                            • Instruction ID: 2c36a8bf8690485e785a9679e1f3166159a0c44db8d0feee271ad12485a64729
                                                                                                                                                            • Opcode Fuzzy Hash: 94d84ae37f006222ee990826c582bb685f488c8ce7a1d3ef5f05e386877991b8
                                                                                                                                                            • Instruction Fuzzy Hash: A6118272A00715ABDB21EB59CD80B6EFBB9EF98B10FA1045DDA0167344D770EE018B98
                                                                                                                                                            Function 016872E0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3b4effb7bc5b1830bd4dc8a74cd360b651473365a88e5639a493e63c49b3baa1
                                                                                                                                                            • Instruction ID: 893432e2a55310d87a02d3110dd890b4e76a1ecf14841a56daeed5455cb974d8
                                                                                                                                                            • Opcode Fuzzy Hash: 3b4effb7bc5b1830bd4dc8a74cd360b651473365a88e5639a493e63c49b3baa1
                                                                                                                                                            • Instruction Fuzzy Hash: 16119E72600604EFE711DF58CC46B5B7BF8EB45394F218529EA86C7311D735E9019BA1
                                                                                                                                                            Function 016BE45E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                                                                            • Instruction ID: fdf14dfd9d512c7a95c9bf897a267482ec2f1956fdb90e487a46e8c8ef3d00fe
                                                                                                                                                            • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                                                                            • Instruction Fuzzy Hash: 7F11E5336466919BE723871DCD88BA5BBE8FB41B68F4A00E8DE128B742D72DD841C754
                                                                                                                                                            Function 016C3740 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d80af7a01ab7774521a2ecab0582b2711c39ab181f45708b71e529a4a95c8df1
                                                                                                                                                            • Instruction ID: d515b6edd0b93c78da60522143d5d269c112b7e6d7ca55bab6c8dab8fd2d425a
                                                                                                                                                            • Opcode Fuzzy Hash: d80af7a01ab7774521a2ecab0582b2711c39ab181f45708b71e529a4a95c8df1
                                                                                                                                                            • Instruction Fuzzy Hash: CD1158B5A1424ADFD745CF28D880AA9BBF5FB49710F04C29AE848CB301D735EC81CBA4
                                                                                                                                                            Function 016BF1F0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f5357f27471db57e302104e2e7b6113ee6d2d28be9a85f1298423aa0194ecf68
                                                                                                                                                            • Instruction ID: d59dacd9fb2721eaed639407e4e0d7005161478e74e35ae763c55abf35d19aba
                                                                                                                                                            • Opcode Fuzzy Hash: f5357f27471db57e302104e2e7b6113ee6d2d28be9a85f1298423aa0194ecf68
                                                                                                                                                            • Instruction Fuzzy Hash: 3F11C276A00648AFC720DFA9CC84BAEB7B8FF54A00F1444B9EA01AB752DB34D941CB54
                                                                                                                                                            Function 0168A200 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                            • Instruction ID: 65cb3e70d0715fe69c372027a874f5b47070a9a6b711f0a0b8926cc2de94158d
                                                                                                                                                            • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                            • Instruction Fuzzy Hash: E3010032405B22AACB31AF99DC50A227BB8EB55760708C66EFC958B691D331D901CBA0
                                                                                                                                                            Function 01696179 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9abd2772e1e8802b4b3da4668a380ad1b29f24ea04bda08d19c393643bb3ac5a
                                                                                                                                                            • Instruction ID: 09ecbb80a71ba98ff23d60e3e63942898e2dc48008bcf1b72098d93597697ac5
                                                                                                                                                            • Opcode Fuzzy Hash: 9abd2772e1e8802b4b3da4668a380ad1b29f24ea04bda08d19c393643bb3ac5a
                                                                                                                                                            • Instruction Fuzzy Hash: EE119E70A41228ABDF31EB28CC41FE8727AFF04710F1041D8A319A61E0DB309E81CF89
                                                                                                                                                            Function 0171C490 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 45399b8df78b0840c6d3801d8c3677a6d1ddc6dafedbfa17f3272c60e285a07d
                                                                                                                                                            • Instruction ID: 7d5a631f2a9377b343f79cf925d5934341cdb8ba0d85dfb58d2248f2b5379316
                                                                                                                                                            • Opcode Fuzzy Hash: 45399b8df78b0840c6d3801d8c3677a6d1ddc6dafedbfa17f3272c60e285a07d
                                                                                                                                                            • Instruction Fuzzy Hash: D711E8B1A40259AFCB04DFADD945AAEFBF8FF58210F10406AB905E7345D674AA01CBA4
                                                                                                                                                            Function 016D2010 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8abae05aed14f0b210d90562486fff11aa1c708d31ad82574b6ce348e3621137
                                                                                                                                                            • Instruction ID: 48a84869aa75618347fcb1ef8a359c3941813ef015ea6d6c79719a83641c99d1
                                                                                                                                                            • Opcode Fuzzy Hash: 8abae05aed14f0b210d90562486fff11aa1c708d31ad82574b6ce348e3621137
                                                                                                                                                            • Instruction Fuzzy Hash: A6118031E00209EFDB05DFA4CC54FAEBBB6EB48744F10409DF9129B281DA35AD15CB90
                                                                                                                                                            Function 016CE4EF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 351e86d80af68aa42c8fdd2e07943c5ad9d1c4c4fbcad0cdc081a6f0c6e68832
                                                                                                                                                            • Instruction ID: b5e665180f68123620b2e669aef7e6020e22d7f8ea81120f4eb97a634cda6a87
                                                                                                                                                            • Opcode Fuzzy Hash: 351e86d80af68aa42c8fdd2e07943c5ad9d1c4c4fbcad0cdc081a6f0c6e68832
                                                                                                                                                            • Instruction Fuzzy Hash: 1B01D4B1241642BFC311AB69CC80E53FBADFF69754B40012DB20883951DB24EC01CAA4
                                                                                                                                                            Function 01689303 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                            • Instruction ID: 25b80935faf8819c0481d66f1e20c247b57cfa980a3720d6723497f663843cb0
                                                                                                                                                            • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                            • Instruction Fuzzy Hash: BD115B32550A029FD732AF19CC80B22B7E1FF94766F19896DE5994A6A2C374E881CB50
                                                                                                                                                            Function 0171C5FC Relevance: .0, Instructions: 48COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b6eab9c10e0ae9e15777b965af346eb44817ad972a8b9330e40e8bf23a389a56
                                                                                                                                                            • Instruction ID: e90150a587b7e4f83254c94978f9075aecaff7a3015c003195e4f9af9add2c64
                                                                                                                                                            • Opcode Fuzzy Hash: b6eab9c10e0ae9e15777b965af346eb44817ad972a8b9330e40e8bf23a389a56
                                                                                                                                                            • Instruction Fuzzy Hash: C01127B1A083449FC700DF69D841A5BBBE8EF99710F00895EB958D7395E630E900CB96
                                                                                                                                                            Function 0174F13E Relevance: .0, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e1dc33d4f14fd0d3cfa46109187b1779c3f7ffad2e9d5bd1e7758a5c133071a1
                                                                                                                                                            • Instruction ID: cfca6097498410dc80e12b6a16b7f4a7c9bbb22ca13663810f4dbb58d1e0b36f
                                                                                                                                                            • Opcode Fuzzy Hash: e1dc33d4f14fd0d3cfa46109187b1779c3f7ffad2e9d5bd1e7758a5c133071a1
                                                                                                                                                            • Instruction Fuzzy Hash: EA015E70A00249AFDB14EF6DDC45EAEBBB9EF55714F4044AAF900EB280DA74DA01CB94
                                                                                                                                                            Function 016CD0F0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                            • Instruction ID: 3881bb23808e2e8b0b4e132439f4bfe458da10c25dd89be9c50b24dd085b04f8
                                                                                                                                                            • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                            • Instruction Fuzzy Hash: C5017B32A10240EBDB12AA98CC00F39B39ADBC0F29F10416DEE158BB81CB34DD01C7C5
                                                                                                                                                            Function 016B32C5 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                            • Instruction ID: 8404e32b8e4c2762fa03093abf101f4a77ac964a31b71bfc8e7b8186785e94a3
                                                                                                                                                            • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                            • Instruction Fuzzy Hash: 1001D632302549A7DB11DA9ADE90ADF7BADFF84650B040429BA05D7310DE30D95187A4
                                                                                                                                                            Function 0174F582 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3d6dc3aae711afceb67033f88b86af87c7d09962ffae8e7f7bb34f54e907f00d
                                                                                                                                                            • Instruction ID: c92adc0a0ba47f5a052ebc182440bded7b337f37751b91438a61e9b6d36b3aa7
                                                                                                                                                            • Opcode Fuzzy Hash: 3d6dc3aae711afceb67033f88b86af87c7d09962ffae8e7f7bb34f54e907f00d
                                                                                                                                                            • Instruction Fuzzy Hash: 03019E71E01209ABCB14DFA9D845FAEBBB8EF44710F1040AAF910EB380DA74DA01CB94
                                                                                                                                                            Function 0174F478 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4586afc3c6cc44d60874844ed9784e9f2a0ef3cfcd1e6f8060c06152fb32d80f
                                                                                                                                                            • Instruction ID: d36c1012be3c8ae99503ec145b894596c19bf8b0df99a2fedb7ff2bdfdcbf1c7
                                                                                                                                                            • Opcode Fuzzy Hash: 4586afc3c6cc44d60874844ed9784e9f2a0ef3cfcd1e6f8060c06152fb32d80f
                                                                                                                                                            • Instruction Fuzzy Hash: 80017571E41249AFDB14DFADD845EAEBBB9EF54710F0040AAF911EB380DA74DA00CB94
                                                                                                                                                            Function 0174F4FD Relevance: .0, Instructions: 47COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d3a8d7039335c67c72e11fda76606e1306bdfff959bd66b1239b473dfe020d2e
                                                                                                                                                            • Instruction ID: 70feea519c2c81c040d493390b12a1c9c4b4eff9576b6b62f4846a5349c7c14f
                                                                                                                                                            • Opcode Fuzzy Hash: d3a8d7039335c67c72e11fda76606e1306bdfff959bd66b1239b473dfe020d2e
                                                                                                                                                            • Instruction Fuzzy Hash: 0F015E71A41209ABDB14DFADD845EAEBBB8EF54710F1040AAF915EB380DA74DA01CB94
                                                                                                                                                            Function 016C415F Relevance: .0, Instructions: 46COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b309d75959bb2c1dedf1e741d24c66e5268eed8283f4e86c18de7c4154ace392
                                                                                                                                                            • Instruction ID: 0ea1685c4d8d7cefc0716daaa83a45b78ed3b2c0485fecb3af25d5cd18004b3b
                                                                                                                                                            • Opcode Fuzzy Hash: b309d75959bb2c1dedf1e741d24c66e5268eed8283f4e86c18de7c4154ace392
                                                                                                                                                            • Instruction Fuzzy Hash: 0F01F276244201ABC326CF3D8A2C971FFE8FB99A29704016EE548C3F55DA32E902C714
                                                                                                                                                            Function 0168821B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 062b2c2b08a3d6a8a6492877d0b7b09923640eeae5da3df155753b563c3432e8
                                                                                                                                                            • Instruction ID: 2686f92baee598c4ed6164539e442e1dc513a654c144b854841b9b04acfb8529
                                                                                                                                                            • Opcode Fuzzy Hash: 062b2c2b08a3d6a8a6492877d0b7b09923640eeae5da3df155753b563c3432e8
                                                                                                                                                            • Instruction Fuzzy Hash: 6901A232B00605DBD714FF6DDC259AEB7BDFB90620B958169DA0197688DF20DD06C790
                                                                                                                                                            Function 0174F38A Relevance: .0, Instructions: 45COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b0103c361c3991b83d21b50dde1236cd8f778f9830e8e80f0ff4b81c8b7394c8
                                                                                                                                                            • Instruction ID: 757b2562cfd9cefbcd2dfb253727590248207b34279933b63b683ff7c466d92c
                                                                                                                                                            • Opcode Fuzzy Hash: b0103c361c3991b83d21b50dde1236cd8f778f9830e8e80f0ff4b81c8b7394c8
                                                                                                                                                            • Instruction Fuzzy Hash: 4C018471E00218ABD710DBA9DC45FAEBBB8EF94704F00406AF501EB280D674D901C794
                                                                                                                                                            Function 016924A2 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4a89d58782af1a0cfe2e3a8ca04b9c8d2d37795355f269913bf50c6883e80b01
                                                                                                                                                            • Instruction ID: 6e4e2ec074d41f2da9b564e0f119491185a4b2d7b599aeee7e923faafde3b167
                                                                                                                                                            • Opcode Fuzzy Hash: 4a89d58782af1a0cfe2e3a8ca04b9c8d2d37795355f269913bf50c6883e80b01
                                                                                                                                                            • Instruction Fuzzy Hash: 96F0A433642A61B7CB31DF5ACD54F57BEAEEB88E50F15802DAA0597740C620ED01DAA0
                                                                                                                                                            Function 017651B6 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f00c2ecbbc472505a5d966d8300e200aa96993d69b59d856f5366c24466ca335
                                                                                                                                                            • Instruction ID: c4ab2567c5da4ce518acd7c975d412e5a6451fa5c21ecf1b1c81f7299851618c
                                                                                                                                                            • Opcode Fuzzy Hash: f00c2ecbbc472505a5d966d8300e200aa96993d69b59d856f5366c24466ca335
                                                                                                                                                            • Instruction Fuzzy Hash: D2116D78D10259EFCB04DFA9D844AAEB7B4EF18704F14809EB915EB340E734DA02CB58
                                                                                                                                                            Function 017592AB Relevance: .0, Instructions: 44COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                            • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                                            • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                            • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                                            Function 017650B7 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9e95dd16ccb67e3a2fdb86f87c1a9ef0d8f15a530cc9013e689f74ada4939de7
                                                                                                                                                            • Instruction ID: f65f655483775f92fc31571741d848120741e753b47ebe2823f178ed135f9797
                                                                                                                                                            • Opcode Fuzzy Hash: 9e95dd16ccb67e3a2fdb86f87c1a9ef0d8f15a530cc9013e689f74ada4939de7
                                                                                                                                                            • Instruction Fuzzy Hash: DC110C70A00249DFDB04DFA9D851AADFBF4BB08200F1441AAE515EB781D6349940CB54
                                                                                                                                                            Function 0168C2B0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                            • Instruction ID: 34dcfd368a40dea29c48d9b1086939c9363d517894f237ba2d9d00916494b87c
                                                                                                                                                            • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                            • Instruction Fuzzy Hash: F7F0FC332415239FD33236E94C50B97B5979FD5A60F154279E509BB780CAA08C0296F8
                                                                                                                                                            Function 0174F30A Relevance: .0, Instructions: 42COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c20848bddb3c67485a2950f9fb88c07cc7fe1514fad1ade83472343c510f2497
                                                                                                                                                            • Instruction ID: 667b56fab8126a2b53c71e53066f8c09a471b314cb1edd737cb3f33af8928d01
                                                                                                                                                            • Opcode Fuzzy Hash: c20848bddb3c67485a2950f9fb88c07cc7fe1514fad1ade83472343c510f2497
                                                                                                                                                            • Instruction Fuzzy Hash: 5901D7B0E0020AAFDB14DFA9D955AAEBBF4AF18704F108069E955EB341E674DA008B94
                                                                                                                                                            Function 0171D4A0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7e306a4c01fd8e2f10f819e699d1c491f29f488ca3213fbd95619b11bb868737
                                                                                                                                                            • Instruction ID: 695a8905e914dee8b98e877ed862cb6d452f0334ca55a3fc38d0364377bc7f68
                                                                                                                                                            • Opcode Fuzzy Hash: 7e306a4c01fd8e2f10f819e699d1c491f29f488ca3213fbd95619b11bb868737
                                                                                                                                                            • Instruction Fuzzy Hash: 7FF062326C168267D73177E98D68F2ABA2BFBB0E54F95043CB7020F690DA54DC01CA98
                                                                                                                                                            Function 0174F409 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5797400781f4f24d2ff552834f56bb492e5ca192039e2da06fad9aa73afbdea9
                                                                                                                                                            • Instruction ID: 6466e38dad3a5509148121e2381f01c9e4e9a15057d1237a90439311b9c55e59
                                                                                                                                                            • Opcode Fuzzy Hash: 5797400781f4f24d2ff552834f56bb492e5ca192039e2da06fad9aa73afbdea9
                                                                                                                                                            • Instruction Fuzzy Hash: 51F0A431A00218ABD704EBBDC805AAEF7B9EF54710F0084AAFA11EB280DA74D9018754
                                                                                                                                                            Function 016C716D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                            • Instruction ID: 8bbf9d6f5598818f1cf25ae38cea7f0085b6d42511e1b25542372169646ec49e
                                                                                                                                                            • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                            • Instruction Fuzzy Hash: 38F04C71A012556BEB10E7A98C00FBEBFAEDFC0A11F08446D9E0197740D730EA40CA50
                                                                                                                                                            Function 0171A130 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bb32b891ea1f262839e6295b3655eb4e6397ea6681efbd20c542e95e1e27e1a3
                                                                                                                                                            • Instruction ID: e46dd91fa9a8339a8d1c5c592b2701d8790eb4bc0e18d9cb4fe887881d70f81c
                                                                                                                                                            • Opcode Fuzzy Hash: bb32b891ea1f262839e6295b3655eb4e6397ea6681efbd20c542e95e1e27e1a3
                                                                                                                                                            • Instruction Fuzzy Hash: 44019A36101199ABDF129F88DC40EDE7F76FB4CBA4F058101FE1966224C232D970EB80
                                                                                                                                                            Function 0168C090 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b4b8323310e9c2d7f9f2efa94f124d3be1fe287517a2a9da5e2494c96164328e
                                                                                                                                                            • Instruction ID: 11c5ab51c5a5a3ea6fd08b36f3914b54076efeeeae9f927ab5e3be29202e227a
                                                                                                                                                            • Opcode Fuzzy Hash: b4b8323310e9c2d7f9f2efa94f124d3be1fe287517a2a9da5e2494c96164328e
                                                                                                                                                            • Instruction Fuzzy Hash: F5F02B326483455BF324E60DDC10BB3768BE7D1791F24412AEB058B2D1DA73DC03C265
                                                                                                                                                            Function 016C648A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 17524ef80d41aa0c19876bf296a5a3cb7a602d76bbf51ae5739645814cbf5b94
                                                                                                                                                            • Instruction ID: 4277d1e03ef2c63f6b44afe0c6e134a1d8d35273c1e24392299986dd7133f934
                                                                                                                                                            • Opcode Fuzzy Hash: 17524ef80d41aa0c19876bf296a5a3cb7a602d76bbf51ae5739645814cbf5b94
                                                                                                                                                            • Instruction Fuzzy Hash: C3016D70741681EBF7269B2CCD48B25B7EAEB50B14F1880A8EA028B7D2D768D8408618
                                                                                                                                                            Function 017632C9 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                            • Instruction ID: 5e410a6f59a685757fe03f2323fcc2776ecb9febc4d689b2965544f5fcfaf7d3
                                                                                                                                                            • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                            • Instruction Fuzzy Hash: 6EF06272940244BFE711EBA4CC41FDAB7FCEB04714F00456AB956D7280EA70EE40CB94
                                                                                                                                                            Function 0171C51D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c1e0b4a3ff7b4a4aa820c0e2a28ba180ac4d6a4c88446a63de3f97cb1b5b90f9
                                                                                                                                                            • Instruction ID: fbf6ecd96b59e0725e9083d3ce2bc6efe5721843c7702736217ff715d6ec2209
                                                                                                                                                            • Opcode Fuzzy Hash: c1e0b4a3ff7b4a4aa820c0e2a28ba180ac4d6a4c88446a63de3f97cb1b5b90f9
                                                                                                                                                            • Instruction Fuzzy Hash: 65F0AF706453049FC314EF68C845A1AF7E4EF98B10F504A5EB8A8DB394EA34E900CB9A
                                                                                                                                                            Function 01765149 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a7c36be7f4531cee8ddc203f59bee3915cd9b755bdf77a02211312d3a1b4055b
                                                                                                                                                            • Instruction ID: b1bcba6065945ca1ba39423fd55d9cc917d65ccff703b0c9549d31d0fb3e36cc
                                                                                                                                                            • Opcode Fuzzy Hash: a7c36be7f4531cee8ddc203f59bee3915cd9b755bdf77a02211312d3a1b4055b
                                                                                                                                                            • Instruction Fuzzy Hash: C5F04474E00209EFDB04EF68D945A9DB7F5FF18300F504459B955EB380D674DA00CB58
                                                                                                                                                            Function 016892AF Relevance: .0, Instructions: 35COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 32849088dcd20d31d8bd4715d65d9db8747637e79a1a605f92eec6a1afc9c2c4
                                                                                                                                                            • Instruction ID: 62b42d6d7369c3e2077d9ba106c6c4c2dd37b2dd99ea507962336a531d328c99
                                                                                                                                                            • Opcode Fuzzy Hash: 32849088dcd20d31d8bd4715d65d9db8747637e79a1a605f92eec6a1afc9c2c4
                                                                                                                                                            • Instruction Fuzzy Hash: 85F0F0321006046BD731AB09CC04FAABBEEEFD4B14F14021CA54283691C7A0F905C654
                                                                                                                                                            Function 016C0774 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                                            • Instruction ID: 5be9bc253f9ea120c58d6e7cb05029f1e8c4c21a9525d4b4ae06d247b4c4bf0e
                                                                                                                                                            • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                                            • Instruction Fuzzy Hash: 5AF0B472611204EFE318EB25CC05B66B7EDEF98B10F14807CA505D7260FAB1DD01CA68
                                                                                                                                                            Function 0171C592 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f1c44922bbcde047aab86cc750fc36f0b43d2a38a2d21cc7392b49100c751303
                                                                                                                                                            • Instruction ID: 5f87662e0aa0c58c2a36b45646dc9f4a075def1d874e854083cdff87404fbeb4
                                                                                                                                                            • Opcode Fuzzy Hash: f1c44922bbcde047aab86cc750fc36f0b43d2a38a2d21cc7392b49100c751303
                                                                                                                                                            • Instruction Fuzzy Hash: 0EF06270A41209EFCB04EFA9C915A6EF7B5EF18304F5080A9B915EB389DA34EA01CB54
                                                                                                                                                            Function 0174F247 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2cc395c6d603ae5e52752080619a75ae847f2a0aba84d9c57aa764b4ab79a61a
                                                                                                                                                            • Instruction ID: 379bda84a510f864a4661e1bc638d4ee198a4e7adb4505d556e8a6c5d67efcaf
                                                                                                                                                            • Opcode Fuzzy Hash: 2cc395c6d603ae5e52752080619a75ae847f2a0aba84d9c57aa764b4ab79a61a
                                                                                                                                                            • Instruction Fuzzy Hash: B3F06D74A00248EFDB04EFA9D805EAEBBF4EF18304F0040A9E901EB381EB34D900CB58
                                                                                                                                                            Function 0169471B Relevance: .0, Instructions: 33COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 822ac695cf6b9919b9cb055eb704e292206bcc9cec16ace512bdd615a8156037
                                                                                                                                                            • Instruction ID: 2aae8a815f61f02d1c477d136751660dd6107a8340265b06ac64a2d717869630
                                                                                                                                                            • Opcode Fuzzy Hash: 822ac695cf6b9919b9cb055eb704e292206bcc9cec16ace512bdd615a8156037
                                                                                                                                                            • Instruction Fuzzy Hash: 9AF0247150529C9FEF32832CCA04B797BCC9B03260F084866C429CF612DB20D886C650
                                                                                                                                                            Function 016D2539 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                                                            • Instruction ID: 427e9ec319d6305709da7f0f1b3d686088f7b427b7530dacdefb293696f544fc
                                                                                                                                                            • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                                                            • Instruction Fuzzy Hash: 6AE09232B405416BE711AF598CE4F477B9EDFD6710F44447DB9055F241CAE29D0982A4
                                                                                                                                                            Function 016CC50D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: fac86cd843d77bde7dab1440dd66bd4cff5a0bb97bb1c5928c819d6312589257
                                                                                                                                                            • Instruction ID: e67fb81af11997eb7cd17d8fd9cfc7fd487d999b280088e509f3fd8ea67a09d2
                                                                                                                                                            • Opcode Fuzzy Hash: fac86cd843d77bde7dab1440dd66bd4cff5a0bb97bb1c5928c819d6312589257
                                                                                                                                                            • Instruction Fuzzy Hash: 2CF027B1511690DFE722D75CCC48B72BBD8DB26E64F89816DD40EC7752C720DCA1C684
                                                                                                                                                            Function 016C7128 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 069e2cc8bf3ba83b82255b6560540bea47b1cfd8614ed6fee3bdc26225310f3b
                                                                                                                                                            • Instruction ID: f8981b0d0f9d800b84d22741ed92971dbd7007f49c755c4be593ddbdca061932
                                                                                                                                                            • Opcode Fuzzy Hash: 069e2cc8bf3ba83b82255b6560540bea47b1cfd8614ed6fee3bdc26225310f3b
                                                                                                                                                            • Instruction Fuzzy Hash: A0F0E231911755EFDB23D729C444B12FBD8EB45A70F0A9064DA1A97982C320DD40C690
                                                                                                                                                            Function 0176505B Relevance: .0, Instructions: 30COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 64f595d15fedd91ffc6c34c22aa48315414fca25f817b65dee66ff0b760005c7
                                                                                                                                                            • Instruction ID: a5ba4cd543d8b97a847a00ed40adee942b5867f09c67b070fe0b2ba5897727cb
                                                                                                                                                            • Opcode Fuzzy Hash: 64f595d15fedd91ffc6c34c22aa48315414fca25f817b65dee66ff0b760005c7
                                                                                                                                                            • Instruction Fuzzy Hash: 33F08270A40249ABDB04EBB9D955E5EB7B9EF18704F50449CA901EB284EA74DD00C758
                                                                                                                                                            Function 0174F2AE Relevance: .0, Instructions: 30COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 15d2cb6efcc780757f7deedd90a4ebcfd53de84186ae8bb846a37df91a6707cb
                                                                                                                                                            • Instruction ID: 8aa88bcf4d3716d8082a0d862091ab1b681c96833587f1fbf2b94f71709dd47d
                                                                                                                                                            • Opcode Fuzzy Hash: 15d2cb6efcc780757f7deedd90a4ebcfd53de84186ae8bb846a37df91a6707cb
                                                                                                                                                            • Instruction Fuzzy Hash: D8F08270A00249ABDB04DBA9D85AB5EB7B8EF18704F500098E602EB280DA74D900C71C
                                                                                                                                                            Function 0174F717 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: dd55b1af2c7362a71cd2c2d6244b147594e9e8f72e5ec50e8851a5e8ef765ec8
                                                                                                                                                            • Instruction ID: 040dc9667d9aa0b60e70853fbb025541025ab325ecac4db0f8810e3d0b8befa5
                                                                                                                                                            • Opcode Fuzzy Hash: dd55b1af2c7362a71cd2c2d6244b147594e9e8f72e5ec50e8851a5e8ef765ec8
                                                                                                                                                            • Instruction Fuzzy Hash: 47F08274A40248ABDB04DBA9D959A5EB7B8EF18704F400098E601EB280DA74D900C758
                                                                                                                                                            Function 0174F7CF Relevance: .0, Instructions: 30COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 29cd2f02da3b7fa9fff82677afc5006c9c526e1c8318d8ed9d021a6644828acf
                                                                                                                                                            • Instruction ID: 24c8d7d5f11099f9c762c3754039a4542c09a7f531335c6698f63b97eee09f80
                                                                                                                                                            • Opcode Fuzzy Hash: 29cd2f02da3b7fa9fff82677afc5006c9c526e1c8318d8ed9d021a6644828acf
                                                                                                                                                            • Instruction Fuzzy Hash: 56F08270A40248EFDB04DBA9D959A5EB7F8EF18704F400098E502EB280DA74D900C718
                                                                                                                                                            Function 016C174A Relevance: .0, Instructions: 29COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 51054cd96c21c359c5ac051c03eb7816c20de77c55fdca9a115bd42d85e3d01f
                                                                                                                                                            • Instruction ID: e54421eb8d14e0d6c02171c8579f738772ec4f2492f8a9ece5f95ccbd63a2188
                                                                                                                                                            • Opcode Fuzzy Hash: 51054cd96c21c359c5ac051c03eb7816c20de77c55fdca9a115bd42d85e3d01f
                                                                                                                                                            • Instruction Fuzzy Hash: ABE09272A41821ABE221AE58EC00F76739EEBE5A60F194479E904D7214D628DD02C7F4
                                                                                                                                                            Function 016C54E0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                                                            • Instruction ID: 17c0ed190484a2cdf08b9eecc81289a28879be40b6ab701880e61feb4b037239
                                                                                                                                                            • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                                                            • Instruction Fuzzy Hash: 91E0E532241611ABC3221A0ECC00F22FB59FFA0B71F04C21DE519432D0C760FC02CAD4
                                                                                                                                                            Function 01763336 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                            • Instruction ID: ffd4708829df7981d3b2ebdfcf66e4698d2254beb508e3289d629274e1c2c1ce
                                                                                                                                                            • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                            • Instruction Fuzzy Hash: 5DE06572210200BBE725DB49CD01FA6B7ADEB24720F140258B629922D0DBB0FE40CA68
                                                                                                                                                            Function 01692500 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 89b02f243fe6d19d56567d52b9b1263b349fb2811a5880034544c1cf7295eb57
                                                                                                                                                            • Instruction ID: 87b1e15c60a0bf09a8ef10dcf715c1998526194cac0f6abd896b4189a231c556
                                                                                                                                                            • Opcode Fuzzy Hash: 89b02f243fe6d19d56567d52b9b1263b349fb2811a5880034544c1cf7295eb57
                                                                                                                                                            • Instruction Fuzzy Hash: 22E09A32100A94ABC721BB28DD11F9ABBAFEFA4364F10412CF116572A0CB30BD10CBC8
                                                                                                                                                            Function 016881EB Relevance: .0, Instructions: 21COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                                            • Instruction ID: f51eaced7bae10d677bc8478b85800dfff6283196b7562bc73aecdad5a65712b
                                                                                                                                                            • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                                            • Instruction Fuzzy Hash: C4E0C231450522EFDB323B24DC10F51B6ABFF24711F24066EF486071A48FB5AC82DA4D
                                                                                                                                                            Function 0168B502 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                            • Instruction ID: 36afb1e1a89522fbfdd26a9368b339423cfe1e2057ee7785ac61c876fa48c2fd
                                                                                                                                                            • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                            • Instruction Fuzzy Hash: 28D05E32051610AAD7323F14ED05F92BAB7EF50F11F09062CB105169F0C6A1ED95CAA9
                                                                                                                                                            Function 0170E588 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                                                                            • Instruction ID: 480354b02c740c3bcd358320c3dada911264b0b81c9b9f915261f7d811e40884
                                                                                                                                                            • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                                                                            • Instruction Fuzzy Hash: F6E0EC35950784DFDF13DB59CA40F5EFBFABB94B00F290858A5085B6A0D725ED00CB40
                                                                                                                                                            Function 016CE4BC Relevance: .0, Instructions: 16COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                                                            • Instruction ID: 164b719bb3799fcbfbcd8a488ca398dfabaf556738708f6850a788a4cd854ab6
                                                                                                                                                            • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                                                            • Instruction Fuzzy Hash: 7DD0C972254651ABD772AA1CFC00FD3B3EABB98B25F160459B119C7192C7A5EC81CA84
                                                                                                                                                            Function 0168A093 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                            • Instruction ID: 77230e7e178c169ba52540f25a566333d89d9b73f533c47e8cb4f53277fb9e0b
                                                                                                                                                            • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                            • Instruction Fuzzy Hash: 00D0223220203093CB3836846D10F63B906AB80A54F0A022E3C0A93A00C2008C43C6E0
                                                                                                                                                            Function 016CA750 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                                            • Instruction ID: 7e12a020c9e5974ed4bd8b996bc42cd4ac99e282bccfd0661462a64b78ba8d04
                                                                                                                                                            • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                                            • Instruction Fuzzy Hash: 1FD012371D054DBBCB119F65DC01F957BAAE7A4B60F444020B504875A0CA3AE950D984
                                                                                                                                                            Function 016A01C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                            • Instruction ID: d6987239086cf108f0272516fa4f6bd7856a81f0feaee54508a93c095ec39955
                                                                                                                                                            • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                            • Instruction Fuzzy Hash: EFD0C935312D80CFD61BCB0CC894B0633A4BB44B40FC10490E901CBB22D72CED44CA00
                                                                                                                                                            Function 016B0230 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                            • Instruction ID: 0d73de8767b349eb219896c27825432357660b830f1b552f2e7ae2231b41ae91
                                                                                                                                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                            • Instruction Fuzzy Hash: 9AD0C936100248ABCB019F40C890D9A7B2AEBD8610F108019B919076108A31E962DA54
                                                                                                                                                            Function 016B332D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                            • Instruction ID: 4a31ef671c4a67146ecf9f36de9959bc7670378275a95ec11163eccd57dda5ce
                                                                                                                                                            • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                            • Instruction Fuzzy Hash: 94C08C702422C06AEB2B5B04CD50B2A3A55BB14A05F84019CAA001D7A2C76BF8418708
                                                                                                                                                            Function 016D4260 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 03bc0224d6a8b6dda1a01e30fab24ba5b8461b954dbd5d456e652b27089989f6
                                                                                                                                                            • Instruction ID: 5c3aaa9ccef0e57f8b292e41ac0081ab030d5e2f2c63049919959e53fc6f2be2
                                                                                                                                                            • Opcode Fuzzy Hash: 03bc0224d6a8b6dda1a01e30fab24ba5b8461b954dbd5d456e652b27089989f6
                                                                                                                                                            • Instruction Fuzzy Hash: CA90023160650012D54076585D885474049A7E0301B52C515E4424654CCA2489566361
                                                                                                                                                            Function 016D4570 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 05b7ce40bdf42902a766e41a216c77453219ffbafcd65bbc201d0de7bfc9ca07
                                                                                                                                                            • Instruction ID: 50a989fc1b8e6bd11344847209d283780403e8d92e0520c92ad671e8cdee9ade
                                                                                                                                                            • Opcode Fuzzy Hash: 05b7ce40bdf42902a766e41a216c77453219ffbafcd65bbc201d0de7bfc9ca07
                                                                                                                                                            • Instruction Fuzzy Hash: E590026160220042854076585D084076049A7E1301392C619A4554660CC6288855A269
                                                                                                                                                            Function 016D29F0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9d592e380ab102a2b996ede14ab234726cf889b1b23ec40282bfa2d776710350
                                                                                                                                                            • Instruction ID: 590785d6b64d542b2e22b44dfe9e7391a29c571e11823b0801aae2d70e589e2f
                                                                                                                                                            • Opcode Fuzzy Hash: 9d592e380ab102a2b996ede14ab234726cf889b1b23ec40282bfa2d776710350
                                                                                                                                                            • Instruction Fuzzy Hash: 0E900225212100034505AA581B08507008A97D5351352C525F5015650CD63188616121
                                                                                                                                                            Function 016D29D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c28792832949588d3533ce953b2b4c9983f18d803880a1222ce9c7926a8ae828
                                                                                                                                                            • Instruction ID: 749fc42626e2a6feaae3955b6183f00699e7c3a81e7f12b46f06e77848de8f11
                                                                                                                                                            • Opcode Fuzzy Hash: c28792832949588d3533ce953b2b4c9983f18d803880a1222ce9c7926a8ae828
                                                                                                                                                            • Instruction Fuzzy Hash: C29002A1202240928900A7589908B0B454997E0201B52C51AE5054660CC5358851A135
                                                                                                                                                            Function 016D38D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 56ef05c900ad20ae27021665e814ed5b10048b29005684564526c422f98c2534
                                                                                                                                                            • Instruction ID: 3285527033725a056c88fded6a13636fcd1647facdddddc46bad05a804ed35a6
                                                                                                                                                            • Opcode Fuzzy Hash: 56ef05c900ad20ae27021665e814ed5b10048b29005684564526c422f98c2534
                                                                                                                                                            • Instruction Fuzzy Hash: F090022124615102D550765C59086174049B7E0201F52C525A4814694DC56588557221
                                                                                                                                                            Function 016D2B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ace3bc0bdbfb6b56ef2a0bc5b83c4374aa5b409dc78d814ce3e1ada562c7722d
                                                                                                                                                            • Instruction ID: b048a67cc502441a8454c5441a70b1ac8bef64e59ad46b8f7c25479d3be12022
                                                                                                                                                            • Opcode Fuzzy Hash: ace3bc0bdbfb6b56ef2a0bc5b83c4374aa5b409dc78d814ce3e1ada562c7722d
                                                                                                                                                            • Instruction Fuzzy Hash: 9A90023120614842D54076585908A47005997D0305F52C515A4064794DD6358D55B661
                                                                                                                                                            Function 016D2B10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c631371b1364ea5da47f62acf3fa687ef20529f12d2fb987312fccbbbd5caccd
                                                                                                                                                            • Instruction ID: 136a92984a86046b5140ef947a04094ac65e7b742a86b12db5ddfd95f08f5fbd
                                                                                                                                                            • Opcode Fuzzy Hash: c631371b1364ea5da47f62acf3fa687ef20529f12d2fb987312fccbbbd5caccd
                                                                                                                                                            • Instruction Fuzzy Hash: F590023120210802D5807658590864B004997D1301F92C519A4025754DCA258A5977A1
                                                                                                                                                            Function 016D2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4f0263aca5e38cb39ef5a0a16cf56669d6be9480c39a608df40ca3a6ba0d5570
                                                                                                                                                            • Instruction ID: 1882cef1854b2ed728ffc228b1e7e2890e9219ef3b3ce5a60b4d7c1dda8c45af
                                                                                                                                                            • Opcode Fuzzy Hash: 4f0263aca5e38cb39ef5a0a16cf56669d6be9480c39a608df40ca3a6ba0d5570
                                                                                                                                                            • Instruction Fuzzy Hash: F890022160610402D5407658691C707005997D0201F52D515A4024654DC6698A5576A1
                                                                                                                                                            Function 016D2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7900825607aa842feae4aa36651bfa19898400c65a757f7d98968c5c1052cf1b
                                                                                                                                                            • Instruction ID: 9ce3d9dadf5806045887bfe49f98e09e3e6acd33afd905c784167f3b954466f0
                                                                                                                                                            • Opcode Fuzzy Hash: 7900825607aa842feae4aa36651bfa19898400c65a757f7d98968c5c1052cf1b
                                                                                                                                                            • Instruction Fuzzy Hash: 6890023120210842D50066585908B47004997E0301F52C51AA4124754DC625C8517521
                                                                                                                                                            Function 016D2A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6322998dcc94724e8d4ba2bb97fcd231d4e677fdba528c356c5e1ccc71b5af80
                                                                                                                                                            • Instruction ID: ba140e00fa97b9c3a83a512e38bb4ccfebf06cf99293fe2bb55820d8b2b228f0
                                                                                                                                                            • Opcode Fuzzy Hash: 6322998dcc94724e8d4ba2bb97fcd231d4e677fdba528c356c5e1ccc71b5af80
                                                                                                                                                            • Instruction Fuzzy Hash: 07900225222100024545AA581B0850B0489A7D6351392C519F5416690CC63188656321
                                                                                                                                                            Function 016D2AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: cca774ab44506822a6781a8721438b28a5f5da55f355d580c1e1f23224abf43c
                                                                                                                                                            • Instruction ID: 41633ad0f5ea0f6c7bdf3a7dcbe7dab8cc0df9dbceedb0c38e4c3e7f9570ee70
                                                                                                                                                            • Opcode Fuzzy Hash: cca774ab44506822a6781a8721438b28a5f5da55f355d580c1e1f23224abf43c
                                                                                                                                                            • Instruction Fuzzy Hash: 7490023160610802D55076585918747004997D0301F52C515A4024754DC7658A5576A1
                                                                                                                                                            Function 016D2AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b0728fd42c33ce23b76b50240595eea257de58b5da05189bae99ed92d710b4eb
                                                                                                                                                            • Instruction ID: 0283ba5c76ca08c8958ee5048abdf2103c8ab68949b6c10041e64a95ff2f7a38
                                                                                                                                                            • Opcode Fuzzy Hash: b0728fd42c33ce23b76b50240595eea257de58b5da05189bae99ed92d710b4eb
                                                                                                                                                            • Instruction Fuzzy Hash: B890023120210802D50466585D08687004997D0301F52C515AA024755ED67588917131
                                                                                                                                                            Function 016D2D50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 737aa05d21bed9496e2cb7727beee164ec62661fb32ad45f5a22101dc7be5b1c
                                                                                                                                                            • Instruction ID: 7d78249b324d03b639cab28b69c7122aaeb7a56fcb6ed6b496d557b3026ec1d4
                                                                                                                                                            • Opcode Fuzzy Hash: 737aa05d21bed9496e2cb7727beee164ec62661fb32ad45f5a22101dc7be5b1c
                                                                                                                                                            • Instruction Fuzzy Hash: C990022130210402D50266585918607004DD7D1345F92C516E5424655DC6358953B132
                                                                                                                                                            Function 016D2DC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 806bad9815e0666d90951bab6731e3c5d4d49ec3bbf667c110aa0e9df4348172
                                                                                                                                                            • Instruction ID: 0b2688bbbfbe6e3255dfc0155c15465acafa10c36b8cd0e60ef50c87f7d6e051
                                                                                                                                                            • Opcode Fuzzy Hash: 806bad9815e0666d90951bab6731e3c5d4d49ec3bbf667c110aa0e9df4348172
                                                                                                                                                            • Instruction Fuzzy Hash: 7C90027120210402D54076585908747004997D0301F52C515A9064654EC6698DD57665
                                                                                                                                                            Function 016D2DA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c0238f363b0a4e6504f0fc4ee873811eb5f17bbc77bbba84396ea9f7366d77a8
                                                                                                                                                            • Instruction ID: 66875ab15fb16661ac9b76961f93edf4a28aa412c1e77460deefb7b096f7ae9d
                                                                                                                                                            • Opcode Fuzzy Hash: c0238f363b0a4e6504f0fc4ee873811eb5f17bbc77bbba84396ea9f7366d77a8
                                                                                                                                                            • Instruction Fuzzy Hash: AD90022160210502D50176585908617004E97D0241F92C526A5024655ECA358992B131
                                                                                                                                                            Function 016D2C50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 796364e2f5ba0b05f6653061db9308865397e2fe6e11c42301e030a22b754831
                                                                                                                                                            • Instruction ID: e6b7b271a6d75ba6df2d04f80270091e19c4296f6ca1bb9bbb9f844d8b8193ef
                                                                                                                                                            • Opcode Fuzzy Hash: 796364e2f5ba0b05f6653061db9308865397e2fe6e11c42301e030a22b754831
                                                                                                                                                            • Instruction Fuzzy Hash: 9B90022130210003D5407658691C6074049E7E1301F52D515E4414654CD92588566222
                                                                                                                                                            Function 016D2C20 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1b3b07c77f1ac27e2ba66dd6d7c27bd0fe12afe6918c436717eaaa315e4324fd
                                                                                                                                                            • Instruction ID: 79e06c984c8393013423340ee7fbae9f40a2eba3d05de55f615e13e75fa72e74
                                                                                                                                                            • Opcode Fuzzy Hash: 1b3b07c77f1ac27e2ba66dd6d7c27bd0fe12afe6918c436717eaaa315e4324fd
                                                                                                                                                            • Instruction Fuzzy Hash: 7390022120614442D5006A58690CA07004997D0205F52D515A5064695DC6358851B131
                                                                                                                                                            Function 016D2C30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 019c2cefa7f7bf3ecdd8826c1c1ab1675464e9db117c701b06264602f9ae8d94
                                                                                                                                                            • Instruction ID: 993e21d86e438d8b17b3f43bc65e9c4318482adc38eeadbcf15bf01b63952914
                                                                                                                                                            • Opcode Fuzzy Hash: 019c2cefa7f7bf3ecdd8826c1c1ab1675464e9db117c701b06264602f9ae8d94
                                                                                                                                                            • Instruction Fuzzy Hash: FD90022921310002D5807658690C60B004997D1202F92D919A4015658CC92588696321
                                                                                                                                                            Function 016D3C30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 53c12e2f278746a362964c684068b13b1085a791b3ac242a5b2c71d2cc137676
                                                                                                                                                            • Instruction ID: 776773bc832abea1458cd61da3f17e75c92c814d177c411a8339aae61cfda38d
                                                                                                                                                            • Opcode Fuzzy Hash: 53c12e2f278746a362964c684068b13b1085a791b3ac242a5b2c71d2cc137676
                                                                                                                                                            • Instruction Fuzzy Hash: FC90023120310142D94067586D08A4F414997E1302B92D919A4015654CC92488616221
                                                                                                                                                            Function 016D2C10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 36bbb1cf9eca9bca038c102c9984c775f200b01e3e53c6c32adad9cf9219eeb4
                                                                                                                                                            • Instruction ID: 8c5f27e1b4f784aa62848133b44744dcb75ee079408ae1538d38473818a77196
                                                                                                                                                            • Opcode Fuzzy Hash: 36bbb1cf9eca9bca038c102c9984c775f200b01e3e53c6c32adad9cf9219eeb4
                                                                                                                                                            • Instruction Fuzzy Hash: 2290023120210403D50066586A0C707004997D0201F52D915A4424658DD66688517121
                                                                                                                                                            Function 016D2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b851fddf90626707a83e1018cef8ac99181518af77280cd583039d087483b81f
                                                                                                                                                            • Instruction ID: 51e32708a0286812c73ec44092e6ce065397816c18c5da0a64d3e4e2f6074fb8
                                                                                                                                                            • Opcode Fuzzy Hash: b851fddf90626707a83e1018cef8ac99181518af77280cd583039d087483b81f
                                                                                                                                                            • Instruction Fuzzy Hash: 4F900221243141529945B6585908507404AA7E0241792C516A5414A50CC5369856E621
                                                                                                                                                            Function 016D2CD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: db18bd3b641dc50180a03d9d16445c05871e50da5253d3ee781dee4941e28550
                                                                                                                                                            • Instruction ID: 635a95b98e81a330371756a7d9e7b4a1beb67a08758a15654367207835b63e32
                                                                                                                                                            • Opcode Fuzzy Hash: db18bd3b641dc50180a03d9d16445c05871e50da5253d3ee781dee4941e28550
                                                                                                                                                            • Instruction Fuzzy Hash: 8490023124210402D54176585908607004DA7D0241F92C516A4424654EC6658A56BA61
                                                                                                                                                            Function 016D3C90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f8f43077d1242dbf19a5310eda5c8d7283eb9fb6ad312c3ade8e05acdee771bb
                                                                                                                                                            • Instruction ID: 8bee82810ecb546e61a1b2540050e5fe026d4f52efb1fc5c2ef51785dfce92ba
                                                                                                                                                            • Opcode Fuzzy Hash: f8f43077d1242dbf19a5310eda5c8d7283eb9fb6ad312c3ade8e05acdee771bb
                                                                                                                                                            • Instruction Fuzzy Hash: 8E90023520210402D91066586D08647008A97D0301F52D915A4424658DC66488A1B121
                                                                                                                                                            Function 016D2F30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bb33cc3ac5d1d737a68dd972adf67863ca0f85419ba29ef4b76b70cc0905b543
                                                                                                                                                            • Instruction ID: 7b443e51d64ffafbd5e70409bab45b6e7711af91ee4d1e0c1dc887ede37085c4
                                                                                                                                                            • Opcode Fuzzy Hash: bb33cc3ac5d1d737a68dd972adf67863ca0f85419ba29ef4b76b70cc0905b543
                                                                                                                                                            • Instruction Fuzzy Hash: 2390022120254442D54067585D08B0F414997E1202F92C51DA8156654CC92588556721
                                                                                                                                                            Function 016D2F00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e2064b35fd9bdc644552b387b53a946d4b57e7d0fdb2cda1c2fc1b175e153d32
                                                                                                                                                            • Instruction ID: ead188625f2254ba7902915ac4416e0a8327e5f732e6a685d958c3a5a176be83
                                                                                                                                                            • Opcode Fuzzy Hash: e2064b35fd9bdc644552b387b53a946d4b57e7d0fdb2cda1c2fc1b175e153d32
                                                                                                                                                            • Instruction Fuzzy Hash: 1190022121290042D6006A685D18B07004997D0303F52C619A4154654CC92588616521
                                                                                                                                                            Function 016D2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e905037c01a8d525e8669e5351932cec7de42ec36306a20318677fbfdb5f9470
                                                                                                                                                            • Instruction ID: 370daaa1c77c28564c2a503c23bcec681c487b84ff0057f365f3ef6aef28161c
                                                                                                                                                            • Opcode Fuzzy Hash: e905037c01a8d525e8669e5351932cec7de42ec36306a20318677fbfdb5f9470
                                                                                                                                                            • Instruction Fuzzy Hash: 9B90022124210802D54076589918707004AD7D0601F52C515A4024654DC626896576B1
                                                                                                                                                            Function 016D2E50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8fde96d54a0f3e072de3ab512fd0bfc7b2f5722da689f7d29d6a901d67a42b4a
                                                                                                                                                            • Instruction ID: 65ca07e1fa8ab8cd20c560e6ebc61e4e0ca9c189833c07b8b2ba148c79c44aa6
                                                                                                                                                            • Opcode Fuzzy Hash: 8fde96d54a0f3e072de3ab512fd0bfc7b2f5722da689f7d29d6a901d67a42b4a
                                                                                                                                                            • Instruction Fuzzy Hash: 7590026134210442D50066585918B070049D7E1301F52C519E5064654DC629CC527126
                                                                                                                                                            Function 016D2E00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7067cee123c9ab8aebcf3e07c66176cb27d942af8b04c07ea090f3bc85ffbdb3
                                                                                                                                                            • Instruction ID: e9e5b9cc8484ddd57d29416e0703377c8305f2ea6dbdf343227b8764bccc922d
                                                                                                                                                            • Opcode Fuzzy Hash: 7067cee123c9ab8aebcf3e07c66176cb27d942af8b04c07ea090f3bc85ffbdb3
                                                                                                                                                            • Instruction Fuzzy Hash: E090026120250403D5406A585D08607004997D0302F52C515A6064655ECA398C517135
                                                                                                                                                            Function 016D2EC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 36f1c3a1fb83ea46b0bd5b2121da4ad9b1e5c8eaa3b4dbe710e4985055e3d7cb
                                                                                                                                                            • Instruction ID: 66a24f54c2f0e3bd1a6cc6986f47fea9f1120d8cdb3ba958641d34299713b39a
                                                                                                                                                            • Opcode Fuzzy Hash: 36f1c3a1fb83ea46b0bd5b2121da4ad9b1e5c8eaa3b4dbe710e4985055e3d7cb
                                                                                                                                                            • Instruction Fuzzy Hash: D590023120250402D50066585D0C747004997D0302F52C515A9164655EC675C8917531
                                                                                                                                                            Function 016D2ED0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 040b10162df0572d11bea65a5f5a56c3088f9bb322fd4a4a4be7afbc1cffeb1c
                                                                                                                                                            • Instruction ID: 086e76ff56b4d7cc475d3d1317f1265b7198a78efd698e65e3f59edf2436dc5e
                                                                                                                                                            • Opcode Fuzzy Hash: 040b10162df0572d11bea65a5f5a56c3088f9bb322fd4a4a4be7afbc1cffeb1c
                                                                                                                                                            • Instruction Fuzzy Hash: 7890022160210042854076689D489074049BBE1211752C625A4998650DC56988656665
                                                                                                                                                            Function 016D2E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b853422148cdc7cb759c4ac3be6ddd2a391ecffae4a8d1b8e46b913bb2f29361
                                                                                                                                                            • Instruction ID: 91819fa0b6ac09d64a3a1e72ee31c85f74623e3c6faabaf35564d5a3759a2ea0
                                                                                                                                                            • Opcode Fuzzy Hash: b853422148cdc7cb759c4ac3be6ddd2a391ecffae4a8d1b8e46b913bb2f29361
                                                                                                                                                            • Instruction Fuzzy Hash: 6490026121210042D50466585908707008997E1201F52C516A6154654CC5398C616125
                                                                                                                                                            Function 016D2B20 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                            • Instruction ID: 7cc413b8895ffa1b0a037c403262306e501a0db8661540ac68bf51e447c71de4
                                                                                                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Function 016C7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • ExecuteOptions, xrefs: 017044AB
                                                                                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01704460
                                                                                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01704530
                                                                                                                                                            • Execute=1, xrefs: 0170451E
                                                                                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0170454D
                                                                                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01704592
                                                                                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01704507
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                            • API String ID: 0-484625025
                                                                                                                                                            • Opcode ID: 30decf1fe9b19ba5aba2d21f6100dc783748a6f7aae1b55f54a42a4655c5650d
                                                                                                                                                            • Instruction ID: 554fd129c8c81a5be502e8738ee831d5d5ca66d0655b28ce4e22749aa30c2ede
                                                                                                                                                            • Opcode Fuzzy Hash: 30decf1fe9b19ba5aba2d21f6100dc783748a6f7aae1b55f54a42a4655c5650d
                                                                                                                                                            • Instruction Fuzzy Hash: 2F515E31A00359BAEF21DBA9DC49FBD77A9EF14710F1404ADDA06A7281DB709E41CF64
                                                                                                                                                            Function 01699046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000002.00000002.178540116469.0000000001660000.00000040.00001000.00020000.00000000.sdmp, Offset: 01660000, based on PE: true
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_2_2_1660000_ORIGINAL INVOICE COAU7230734293.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: $$@
                                                                                                                                                            • API String ID: 0-1194432280
                                                                                                                                                            • Opcode ID: b87f9678ee39bf7cd3363741a4ba6357a2bd1324210c317f245065845434f2c0
                                                                                                                                                            • Instruction ID: 1600d84835a3a6bc75d985ba47d3b4862ed7bb189f00f4c2f0dfa8ce275637fc
                                                                                                                                                            • Opcode Fuzzy Hash: b87f9678ee39bf7cd3363741a4ba6357a2bd1324210c317f245065845434f2c0
                                                                                                                                                            • Instruction Fuzzy Hash: 0F8119B1D012699BDB35CF54CC44BEEBAB8AB48714F1041EEEA19B7240D7709E85CFA4

                                                                                                                                                            Execution Graph

                                                                                                                                                            Execution Coverage:0.4%
                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                            Total number of Nodes:9
                                                                                                                                                            Total number of Limit Nodes:1
                                                                                                                                                            execution_graph 72670 35cf018 72671 35cf03d 72670->72671 72672 35cf1ba NtQueryInformationProcess 72671->72672 72673 35cf1f4 72671->72673 72672->72673 72675 32e2b20 72677 32e2b2a 72675->72677 72678 32e2b3f LdrInitializeThunk 72677->72678 72679 32e2b31 72677->72679 72685 32e29f0 LdrInitializeThunk

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 035CF018 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 544nativeCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 0 35cf018-35cf03b 1 35cf03d-35cf054 call 35d12d8 0->1 2 35cf059-35cf079 call 35d12f8 call 35cd008 0->2 1->2 8 35cf66d-35cf678 2->8 9 35cf07f-35cf18b call 35cef48 call 35d12f8 call 35d5204 call 35c0398 call 35d08a8 call 35c0398 call 35d08a8 call 35d2fc8 2->9 26 35cf661-35cf668 call 35cef48 9->26 27 35cf191-35cf1ef call 35c0398 call 35d08a8 NtQueryInformationProcess call 35d12f8 9->27 26->8 34 35cf1f4-35cf22b call 35c0398 call 35d08a8 27->34 39 35cf22d-35cf23a 34->39 40 35cf23f-35cf2b8 call 35d5212 call 35c0398 call 35d08a8 34->40 39->26 40->39 49 35cf2be-35cf2cd call 35d523c 40->49 52 35cf2cf-35cf315 call 35d1fe8 49->52 53 35cf31a-35cf35d call 35c0398 call 35d08a8 call 35d3908 49->53 52->26 63 35cf37c-35cf478 call 35c0398 call 35d08a8 call 35d524a call 35c0398 call 35d08a8 call 35d32e8 call 35d12a8 * 3 call 35d523c 53->63 64 35cf35f-35cf377 53->64 87 35cf47a-35cf4a9 call 35d523c call 35d12a8 call 35d529e call 35d5258 63->87 88 35cf4ab-35cf4c3 call 35d523c 63->88 64->26 99 35cf506-35cf510 87->99 94 35cf4ef-35cf501 call 35d1f28 88->94 95 35cf4c5-35cf4ea call 35d2a98 88->95 94->99 95->94 101 35cf5d8-35cf641 call 35c0398 call 35d08a8 call 35d3c18 99->101 102 35cf516-35cf566 call 35c0398 call 35d08a8 call 35d35f8 call 35d523c 99->102 101->26 127 35cf643-35cf65c call 35d12d8 101->127 121 35cf598-35cf59c 102->121 122 35cf568-35cf58e call 35d52e8 call 35d529e 102->122 124 35cf59e-35cf5a6 call 35d523c 121->124 125 35cf5a8-35cf5b3 121->125 122->121 124->101 124->125 125->101 129 35cf5b5-35cf5d3 call 35d3f28 125->129 127->26 129->101
                                                                                                                                                            APIs
                                                                                                                                                            • NtQueryInformationProcess.NTDLL ref: 035CF1D9
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095895833.00000000035C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035C0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_35c0000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InformationProcessQuery
                                                                                                                                                            • String ID: 0
                                                                                                                                                            • API String ID: 1778838933-4108050209
                                                                                                                                                            • Opcode ID: a33828bbd715761d5af7276605956760109807c0c8d9b601ef1d8793df886f42
                                                                                                                                                            • Instruction ID: 191fed0b7b22c98563f2009a13327aec37e2d13d1ac82fb54b95fc3bffb31154
                                                                                                                                                            • Opcode Fuzzy Hash: a33828bbd715761d5af7276605956760109807c0c8d9b601ef1d8793df886f42
                                                                                                                                                            • Instruction Fuzzy Hash: 24024A74628B8D8FCBA5EF68D894ADE77F1FB99304F40062E994ACB250DF349245CB41
                                                                                                                                                            Function 032E34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 152 32e34e0-32e34ec LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 61b59b60d27544ce1f8f4bcd4e16982e77d9eb29ba78f81c72f6c6ce430b84d3
                                                                                                                                                            • Instruction ID: 9820ddb1e2b590ee956dc4f518291517aa30c5b2828b254b496a359e00c38e32
                                                                                                                                                            • Opcode Fuzzy Hash: 61b59b60d27544ce1f8f4bcd4e16982e77d9eb29ba78f81c72f6c6ce430b84d3
                                                                                                                                                            • Instruction Fuzzy Hash: FD90023161510C06D900A1585614706904687D0211F61C825A1414978DC7A5899175A2
                                                                                                                                                            Function 032E2B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 142 32e2b00-32e2b0c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 361188b6b7f1f33a4440bb93d8b77c186d3d0037852bf52f6e2b222973611d09
                                                                                                                                                            • Instruction ID: bd1fbe9d699579d2986adac5e685ac9a8a36da5761406fbe7a9fd8bac71c4fed
                                                                                                                                                            • Opcode Fuzzy Hash: 361188b6b7f1f33a4440bb93d8b77c186d3d0037852bf52f6e2b222973611d09
                                                                                                                                                            • Instruction Fuzzy Hash: 7F90023121504C46D940B1585504A46805687D0315F51C425A1054AA4DD7358D95B661
                                                                                                                                                            Function 032E2B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 143 32e2b10-32e2b1c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 0ae6d918165863362f59eae29272c6610d3f32ed53dac8024b25c8afa21276be
                                                                                                                                                            • Instruction ID: cbf81c3b4badd9473d217a8f09993d0c4a89fc3e4779250c3a3dd87a9bee26cc
                                                                                                                                                            • Opcode Fuzzy Hash: 0ae6d918165863362f59eae29272c6610d3f32ed53dac8024b25c8afa21276be
                                                                                                                                                            • Instruction Fuzzy Hash: 9690023121100C06D980B158550464A804687D1311F91C429A1015A64DCB258A9977A1
                                                                                                                                                            Function 032E2B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 144 32e2b80-32e2b8c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: ffa71966799e9d67f557a45023be8df375a7701aa36b5f6cb92435116b52e9e9
                                                                                                                                                            • Instruction ID: 993915bffbb8a18457ce765b457bf3ab7075eda6fe45f55fb28b2cf9b05e0ce3
                                                                                                                                                            • Opcode Fuzzy Hash: ffa71966799e9d67f557a45023be8df375a7701aa36b5f6cb92435116b52e9e9
                                                                                                                                                            • Instruction Fuzzy Hash: FA90023121100C46D900A1585504B46804687E0311F51C42AA1114A64DC725C8917521
                                                                                                                                                            Function 032E2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 145 32e2b90-32e2b9c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: e0ad8492b10ec09da9e02417f58e023ba0e922c7df0c6135dc10c492aa83b77e
                                                                                                                                                            • Instruction ID: f09f620a83f6f86d2a829156085bd9ca53de00761ffc57307c20c487d3384d78
                                                                                                                                                            • Opcode Fuzzy Hash: e0ad8492b10ec09da9e02417f58e023ba0e922c7df0c6135dc10c492aa83b77e
                                                                                                                                                            • Instruction Fuzzy Hash: B290023121108C06D910A158950474A804687D0311F55C825A5414A68DC7A588D17121
                                                                                                                                                            Function 032E2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 146 32e2bc0-32e2bcc LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 509d21fbc4e035678ab68df70b09b4105f445e3e92f26be0acaa3f0f4a2975c1
                                                                                                                                                            • Instruction ID: 0b18cdfd361653115d9f6f439425e7382daa318d9e9eed22a953d287959c8065
                                                                                                                                                            • Opcode Fuzzy Hash: 509d21fbc4e035678ab68df70b09b4105f445e3e92f26be0acaa3f0f4a2975c1
                                                                                                                                                            • Instruction Fuzzy Hash: CD90023121100C06D900A5986508646804687E0311F51D425A6014965EC77588D17131
                                                                                                                                                            Function 032E2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 141 32e2a80-32e2a8c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 6804bcc5af07f660fbd01be82b5e599c3c485b2d14394b1a18ebcb76bf97c3c9
                                                                                                                                                            • Instruction ID: 3b70b66a9f7144a9a4c2db00e94ea00af0be1aa2fff5ac8543a9a74f9d0aa45e
                                                                                                                                                            • Opcode Fuzzy Hash: 6804bcc5af07f660fbd01be82b5e599c3c485b2d14394b1a18ebcb76bf97c3c9
                                                                                                                                                            • Instruction Fuzzy Hash: A1900261212008074905B1585514616C04B87E0211B51C435E20049A0DC63588D17125
                                                                                                                                                            Function 032E29F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 140 32e29f0-32e29fc LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 59744d7b5363df2a8f971cd972b0c9e3416baf6a1b7e795fa5faee3a584ca4d9
                                                                                                                                                            • Instruction ID: 7629db0afb160cbc03ff040bb0788d3bf2a8e496896752673b1064d217759ee5
                                                                                                                                                            • Opcode Fuzzy Hash: 59744d7b5363df2a8f971cd972b0c9e3416baf6a1b7e795fa5faee3a584ca4d9
                                                                                                                                                            • Instruction Fuzzy Hash: D8900225221008070905E5581704507808787D5361351C435F2005960CD73188A16121
                                                                                                                                                            Function 032E2F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 151 32e2f00-32e2f0c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: f4d64906f9f40b4da3e942400f6cf760309262e50ba326ab0b5274326445e861
                                                                                                                                                            • Instruction ID: 697de0f66d14ac80f602fe46fe49867120f52f7009c1c29dc2115cb5d4c4219a
                                                                                                                                                            • Opcode Fuzzy Hash: f4d64906f9f40b4da3e942400f6cf760309262e50ba326ab0b5274326445e861
                                                                                                                                                            • Instruction Fuzzy Hash: 6990022122180846DA00A5685D14B07804687D0313F51C529A1144964CCA2588A16521
                                                                                                                                                            Function 032E2E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 150 32e2e50-32e2e5c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: f05aacb6f14457827d1ff4716cf5930ca9cc61657b44bf52c96b45abcea65908
                                                                                                                                                            • Instruction ID: 3d33bf5f94e885d293741ac3651103ec8cd239121bd6a1031ffd8a35f5fd1ed5
                                                                                                                                                            • Opcode Fuzzy Hash: f05aacb6f14457827d1ff4716cf5930ca9cc61657b44bf52c96b45abcea65908
                                                                                                                                                            • Instruction Fuzzy Hash: 9F90026135100C46D900A1585514B068046C7E1311F51C429E2054964DC729CC927126
                                                                                                                                                            Function 032E2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 149 32e2d10-32e2d1c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 17dada8f7359ac612426a6311159a34f33b44085104c9428a6b761aa8399a0fc
                                                                                                                                                            • Instruction ID: 53fa71a128981914a0b8f9eb2e42d5c65b6412d31f0b8292e6a849fd68d3213c
                                                                                                                                                            • Opcode Fuzzy Hash: 17dada8f7359ac612426a6311159a34f33b44085104c9428a6b761aa8399a0fc
                                                                                                                                                            • Instruction Fuzzy Hash: 4590023121100C17D911A1585604707804A87D0251F91C826A1414968DD7668992B121
                                                                                                                                                            Function 032E2C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 147 32e2c30-32e2c3c LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 918690e723fe777efa48bc806c7d25372216600c625f0e9d490cd5180095b4dd
                                                                                                                                                            • Instruction ID: 040747b362ec90558faca0f41489636069e16140023eb562c0f08fdf9af00560
                                                                                                                                                            • Opcode Fuzzy Hash: 918690e723fe777efa48bc806c7d25372216600c625f0e9d490cd5180095b4dd
                                                                                                                                                            • Instruction Fuzzy Hash: C090022922300806D980B158650860A804687D1212F91D829A1005968CCA2588A96321
                                                                                                                                                            Function 032E2CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 148 32e2cf0-32e2cfc LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 4579a5c4c54ade9d7542ca21a8bc5d7dbba1ba2df1887db0931fad6c753950af
                                                                                                                                                            • Instruction ID: b6efcc22ee067d4d2b1917d5ed23b0121be39ef52123cbb4c4c763dcc65e97f4
                                                                                                                                                            • Opcode Fuzzy Hash: 4579a5c4c54ade9d7542ca21a8bc5d7dbba1ba2df1887db0931fad6c753950af
                                                                                                                                                            • Instruction Fuzzy Hash: AA900221252049565D45F1585504507C04797E0251791C426A2404D60CC6369896E621
                                                                                                                                                            Function 032E2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 136 32e2b2a-32e2b2f 137 32e2b3f-32e2b46 LdrInitializeThunk 136->137 138 32e2b31-32e2b38 136->138
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 74fc7018d1183b2d2e7e26eda1f04642279ecb7add61cf4f011515ba76ba4c42
                                                                                                                                                            • Instruction ID: 12647a9eb9082a5f1b8fde0c8f434bfabd1396b880ae6b89d606381b304dc004
                                                                                                                                                            • Opcode Fuzzy Hash: 74fc7018d1183b2d2e7e26eda1f04642279ecb7add61cf4f011515ba76ba4c42
                                                                                                                                                            • Instruction Fuzzy Hash: 10B09B719115C9C9DE11F7605708717B94567D0711F55C465D2470651E8778C0D1F175
                                                                                                                                                            Function 00A6871A Relevance: .1, Instructions: 108COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180094230279.0000000000A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_a40000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 13da81588ae96f450b66946bbe9c7c245d532509d7c86bf273e71047d6860dff
                                                                                                                                                            • Instruction ID: bfdae0a4541933d95f5a37af770d94385cd10ff85530b0abe6034b7d4a92fcb7
                                                                                                                                                            • Opcode Fuzzy Hash: 13da81588ae96f450b66946bbe9c7c245d532509d7c86bf273e71047d6860dff
                                                                                                                                                            • Instruction Fuzzy Hash: 2F317736509B92AFDB26DF34C4822E9BFB0EE4776032557AED0D14B583C722941BCB80

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            Function 032D7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 03314592
                                                                                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03314530
                                                                                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03314460
                                                                                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0331454D
                                                                                                                                                            • ExecuteOptions, xrefs: 033144AB
                                                                                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03314507
                                                                                                                                                            • Execute=1, xrefs: 0331451E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                            • API String ID: 0-484625025
                                                                                                                                                            • Opcode ID: d825fe07c78087528350ef4490c2916469a8e98380ffdb78cb3706800d692554
                                                                                                                                                            • Instruction ID: 7f68e6cb7cc190e9f011b1ae303c25746e0fd8be835c67d61c9d7a11725fec36
                                                                                                                                                            • Opcode Fuzzy Hash: d825fe07c78087528350ef4490c2916469a8e98380ffdb78cb3706800d692554
                                                                                                                                                            • Instruction Fuzzy Hash: 72510935A20319BADF14EF99DCC5FAD73ACEF04700F0805A9D905AB1C1EBB4AA958B51
                                                                                                                                                            Function 032A9046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.180095164154.0000000003270000.00000040.00001000.00020000.00000000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.0000000003399000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000004.00000002.180095164154.000000000339D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_2_3270000_RpcPing.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: $$@
                                                                                                                                                            • API String ID: 0-1194432280
                                                                                                                                                            • Opcode ID: f0a7a4c3cbb535673222242ff0a882fccdfd605fe597a55be5e88d1176445938
                                                                                                                                                            • Instruction ID: b4eddf1aa2d8c59116b30e2b31946ca29762a2f07c7af5d65b710d64264d36e6
                                                                                                                                                            • Opcode Fuzzy Hash: f0a7a4c3cbb535673222242ff0a882fccdfd605fe597a55be5e88d1176445938
                                                                                                                                                            • Instruction Fuzzy Hash: DD811871D112699BDB31DB54CC85BEEB6B8AB08750F0445EAEA09B7290D7709EC4CFA0